?
Solved

Exchange 2010 sending spam email

Posted on 2013-06-28
7
Medium Priority
?
60 Views
Last Modified: 2016-03-28
Hello,

I have an exchange 2010 server which is passing spam email through to my barracuda SPAM firewall which has the emails stuck in an outbound queue. The emails are being sent from a non-existent user spoofing our domain which is apparently passing through exchange 2010. Is there a way to track this back to the originating IP address of the infected workstation? I've tried using message tracking in Exchange 2010, but that seems to be useless.

Thanks,
Joe
0
Comment
Question by:JRodrigues616
7 Comments
 

Author Comment

by:JRodrigues616
ID: 39284997
I should also add, My firewall policies only allows port 25 activity from my exchange server to talk to the barracuda spam firewall  which then sends / receives email to and from the internet.
0
 
LVL 19

Expert Comment

by:R--R
ID: 39285009
Enable the receive/send connector logs and check the logs.
0
 
LVL 45

Expert Comment

by:Amit
ID: 39285024
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 

Author Comment

by:JRodrigues616
ID: 39285086
Hello Amitkulshrestha,

 I tried that link and I get an error stating "The 'from' keyword is not supported in this version of the language.
0
 

Author Comment

by:JRodrigues616
ID: 39285097
It appears the send and receive connector logs do not show me the originating IP address of the messages. I only get the IP address of my CAS server sending to the IP address of my barracuda.
0
 
LVL 7

Accepted Solution

by:
Mohammed Tahir earned 2000 total points
ID: 39286478
To check the originating IP address of message source you have to read the header of spam messages.

- To generate the header of message follow the below steps:
1- Right click the message and suspend it.
2- Go to powershell and run the below command:

[PS] C:\>Export-Message -Identity MessageHeader |AssembleMessage -Path "c:\test.eml"

3- Open the file "test" from C:\test, you will find the source IP of message.
0
 
LVL 10

Expert Comment

by:Vijaya Babu Sekar
ID: 39316627
are you suspect, spam mail generating from your domain?

If yes, you can add your own domain in your email gateway. so that spam will stop. because it s kind of spoofing.

please not: dont add your exchange organization. because genuine mail will blocked
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

In a Cross Forest, the steps to migrate users are quite complicated and even in the official articles of Technet there is no clear recommendation on which approach to take .. From an experience, I mention and simplify which way to go and how to use …
Microsoft Exchange Server gives you the ability to roll back a corrupt database, but still preserve any data written to that database since the last successful backup. Unfortunately the documentation on how to do this when recovering using imaging b…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
In this video I will demonstrate how to set up Nine, which I now consider the best alternative email app to Touchdown.

568 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question