Solved

Exchange 2010 sending spam email

Posted on 2013-06-28
7
39 Views
Last Modified: 2016-03-28
Hello,

I have an exchange 2010 server which is passing spam email through to my barracuda SPAM firewall which has the emails stuck in an outbound queue. The emails are being sent from a non-existent user spoofing our domain which is apparently passing through exchange 2010. Is there a way to track this back to the originating IP address of the infected workstation? I've tried using message tracking in Exchange 2010, but that seems to be useless.

Thanks,
Joe
0
Comment
Question by:JRodrigues616
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 

Author Comment

by:JRodrigues616
ID: 39284997
I should also add, My firewall policies only allows port 25 activity from my exchange server to talk to the barracuda spam firewall  which then sends / receives email to and from the internet.
0
 
LVL 19

Expert Comment

by:R--R
ID: 39285009
Enable the receive/send connector logs and check the logs.
0
 
LVL 43

Expert Comment

by:Amit
ID: 39285024
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:JRodrigues616
ID: 39285086
Hello Amitkulshrestha,

 I tried that link and I get an error stating "The 'from' keyword is not supported in this version of the language.
0
 

Author Comment

by:JRodrigues616
ID: 39285097
It appears the send and receive connector logs do not show me the originating IP address of the messages. I only get the IP address of my CAS server sending to the IP address of my barracuda.
0
 
LVL 7

Accepted Solution

by:
Mohammed Tahir earned 500 total points
ID: 39286478
To check the originating IP address of message source you have to read the header of spam messages.

- To generate the header of message follow the below steps:
1- Right click the message and suspend it.
2- Go to powershell and run the below command:

[PS] C:\>Export-Message -Identity MessageHeader |AssembleMessage -Path "c:\test.eml"

3- Open the file "test" from C:\test, you will find the source IP of message.
0
 
LVL 10

Expert Comment

by:Vijaya Babu Sekar
ID: 39316627
are you suspect, spam mail generating from your domain?

If yes, you can add your own domain in your email gateway. so that spam will stop. because it s kind of spoofing.

please not: dont add your exchange organization. because genuine mail will blocked
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In-place Upgrading Dirsync to Azure AD Connect
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question