Solved

Exchange 2010 sending spam email

Posted on 2013-06-28
7
45 Views
Last Modified: 2016-03-28
Hello,

I have an exchange 2010 server which is passing spam email through to my barracuda SPAM firewall which has the emails stuck in an outbound queue. The emails are being sent from a non-existent user spoofing our domain which is apparently passing through exchange 2010. Is there a way to track this back to the originating IP address of the infected workstation? I've tried using message tracking in Exchange 2010, but that seems to be useless.

Thanks,
Joe
0
Comment
Question by:JRodrigues616
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 

Author Comment

by:JRodrigues616
ID: 39284997
I should also add, My firewall policies only allows port 25 activity from my exchange server to talk to the barracuda spam firewall  which then sends / receives email to and from the internet.
0
 
LVL 19

Expert Comment

by:R--R
ID: 39285009
Enable the receive/send connector logs and check the logs.
0
 
LVL 43

Expert Comment

by:Amit
ID: 39285024
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:JRodrigues616
ID: 39285086
Hello Amitkulshrestha,

 I tried that link and I get an error stating "The 'from' keyword is not supported in this version of the language.
0
 

Author Comment

by:JRodrigues616
ID: 39285097
It appears the send and receive connector logs do not show me the originating IP address of the messages. I only get the IP address of my CAS server sending to the IP address of my barracuda.
0
 
LVL 7

Accepted Solution

by:
Mohammed Tahir earned 500 total points
ID: 39286478
To check the originating IP address of message source you have to read the header of spam messages.

- To generate the header of message follow the below steps:
1- Right click the message and suspend it.
2- Go to powershell and run the below command:

[PS] C:\>Export-Message -Identity MessageHeader |AssembleMessage -Path "c:\test.eml"

3- Open the file "test" from C:\test, you will find the source IP of message.
0
 
LVL 10

Expert Comment

by:Vijaya Babu Sekar
ID: 39316627
are you suspect, spam mail generating from your domain?

If yes, you can add your own domain in your email gateway. so that spam will stop. because it s kind of spoofing.

please not: dont add your exchange organization. because genuine mail will blocked
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
Suggested Courses

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question