asked on

Exchange 2010 sending spam email

Hello,

I have an exchange 2010 server which is passing spam email through to my barracuda SPAM firewall which has the emails stuck in an outbound queue. The emails are being sent from a non-existent user spoofing our domain which is apparently passing through exchange 2010. Is there a way to track this back to the originating IP address of the infected workstation? I've tried using message tracking in Exchange 2010, but that seems to be useless.

Thanks,
Joe

JRodrigues616

ASKER

I should also add, My firewall policies only allows port 25 activity from my exchange server to talk to the barracuda spam firewall which then sends / receives email to and from the internet.

R--R

Enable the receive/send connector logs and check the logs.

Amit

Check this
http://exchangeserverpro.com/exchange-2010-report-top-sender-ips-log-parser/

JRodrigues616

ASKER

Hello Amitkulshrestha,

I tried that link and I get an error stating "The 'from' keyword is not supported in this version of the language.

JRodrigues616

ASKER

It appears the send and receive connector logs do not show me the originating IP address of the messages. I only get the IP address of my CAS server sending to the IP address of my barracuda.

ASKER CERTIFIED SOLUTION

Mohammed Tahir

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Vijaya Babu Sekar

are you suspect, spam mail generating from your domain?

If yes, you can add your own domain in your email gateway. so that spam will stop. because it s kind of spoofing.

please not: dont add your exchange organization. because genuine mail will blocked