Solved

Exchange 2010 sending spam email

Posted on 2013-06-28
7
28 Views
Last Modified: 2016-03-28
Hello,

I have an exchange 2010 server which is passing spam email through to my barracuda SPAM firewall which has the emails stuck in an outbound queue. The emails are being sent from a non-existent user spoofing our domain which is apparently passing through exchange 2010. Is there a way to track this back to the originating IP address of the infected workstation? I've tried using message tracking in Exchange 2010, but that seems to be useless.

Thanks,
Joe
0
Comment
Question by:JRodrigues616
7 Comments
 

Author Comment

by:JRodrigues616
Comment Utility
I should also add, My firewall policies only allows port 25 activity from my exchange server to talk to the barracuda spam firewall  which then sends / receives email to and from the internet.
0
 
LVL 19

Expert Comment

by:R--R
Comment Utility
Enable the receive/send connector logs and check the logs.
0
 
LVL 41

Expert Comment

by:Amit
Comment Utility
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 

Author Comment

by:JRodrigues616
Comment Utility
Hello Amitkulshrestha,

 I tried that link and I get an error stating "The 'from' keyword is not supported in this version of the language.
0
 

Author Comment

by:JRodrigues616
Comment Utility
It appears the send and receive connector logs do not show me the originating IP address of the messages. I only get the IP address of my CAS server sending to the IP address of my barracuda.
0
 
LVL 7

Accepted Solution

by:
Mohammed Tahir earned 500 total points
Comment Utility
To check the originating IP address of message source you have to read the header of spam messages.

- To generate the header of message follow the below steps:
1- Right click the message and suspend it.
2- Go to powershell and run the below command:

[PS] C:\>Export-Message -Identity MessageHeader |AssembleMessage -Path "c:\test.eml"

3- Open the file "test" from C:\test, you will find the source IP of message.
0
 
LVL 10

Expert Comment

by:Vijaya Babu Sekar
Comment Utility
are you suspect, spam mail generating from your domain?

If yes, you can add your own domain in your email gateway. so that spam will stop. because it s kind of spoofing.

please not: dont add your exchange organization. because genuine mail will blocked
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now