JRodrigues616
asked on
Exchange 2010 sending spam email
Hello,
I have an exchange 2010 server which is passing spam email through to my barracuda SPAM firewall which has the emails stuck in an outbound queue. The emails are being sent from a non-existent user spoofing our domain which is apparently passing through exchange 2010. Is there a way to track this back to the originating IP address of the infected workstation? I've tried using message tracking in Exchange 2010, but that seems to be useless.
Thanks,
Joe
I have an exchange 2010 server which is passing spam email through to my barracuda SPAM firewall which has the emails stuck in an outbound queue. The emails are being sent from a non-existent user spoofing our domain which is apparently passing through exchange 2010. Is there a way to track this back to the originating IP address of the infected workstation? I've tried using message tracking in Exchange 2010, but that seems to be useless.
Thanks,
Joe
Enable the receive/send connector logs and check the logs.
ASKER
Hello Amitkulshrestha,
I tried that link and I get an error stating "The 'from' keyword is not supported in this version of the language.
I tried that link and I get an error stating "The 'from' keyword is not supported in this version of the language.
ASKER
It appears the send and receive connector logs do not show me the originating IP address of the messages. I only get the IP address of my CAS server sending to the IP address of my barracuda.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
are you suspect, spam mail generating from your domain?
If yes, you can add your own domain in your email gateway. so that spam will stop. because it s kind of spoofing.
please not: dont add your exchange organization. because genuine mail will blocked
If yes, you can add your own domain in your email gateway. so that spam will stop. because it s kind of spoofing.
please not: dont add your exchange organization. because genuine mail will blocked
ASKER