Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Exchange 2010 sending spam email

Posted on 2013-06-28
7
Medium Priority
?
56 Views
Last Modified: 2016-03-28
Hello,

I have an exchange 2010 server which is passing spam email through to my barracuda SPAM firewall which has the emails stuck in an outbound queue. The emails are being sent from a non-existent user spoofing our domain which is apparently passing through exchange 2010. Is there a way to track this back to the originating IP address of the infected workstation? I've tried using message tracking in Exchange 2010, but that seems to be useless.

Thanks,
Joe
0
Comment
Question by:JRodrigues616
7 Comments
 

Author Comment

by:JRodrigues616
ID: 39284997
I should also add, My firewall policies only allows port 25 activity from my exchange server to talk to the barracuda spam firewall  which then sends / receives email to and from the internet.
0
 
LVL 19

Expert Comment

by:R--R
ID: 39285009
Enable the receive/send connector logs and check the logs.
0
 
LVL 44

Expert Comment

by:Amit
ID: 39285024
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 

Author Comment

by:JRodrigues616
ID: 39285086
Hello Amitkulshrestha,

 I tried that link and I get an error stating "The 'from' keyword is not supported in this version of the language.
0
 

Author Comment

by:JRodrigues616
ID: 39285097
It appears the send and receive connector logs do not show me the originating IP address of the messages. I only get the IP address of my CAS server sending to the IP address of my barracuda.
0
 
LVL 7

Accepted Solution

by:
Mohammed Tahir earned 2000 total points
ID: 39286478
To check the originating IP address of message source you have to read the header of spam messages.

- To generate the header of message follow the below steps:
1- Right click the message and suspend it.
2- Go to powershell and run the below command:

[PS] C:\>Export-Message -Identity MessageHeader |AssembleMessage -Path "c:\test.eml"

3- Open the file "test" from C:\test, you will find the source IP of message.
0
 
LVL 10

Expert Comment

by:Vijaya Babu Sekar
ID: 39316627
are you suspect, spam mail generating from your domain?

If yes, you can add your own domain in your email gateway. so that spam will stop. because it s kind of spoofing.

please not: dont add your exchange organization. because genuine mail will blocked
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
How to effectively resolve the number one email related issue received by helpdesks.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question