Solved

Unknown Email

Posted on 2013-11-29
7
352 Views
Last Modified: 2014-01-07
Hi,

A client of mine is receiving a lot of emails from unknown@domain.local to their exchange mailboxes

I have checked and the exchange/smtp server and it's not set to logging as per some of the forum i've seen.

Any other ideas?

thanks
Ryan
0
Comment
Question by:ryank85
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39685183
What do the messages actually say? It could simply be a spamming run, or an application that is sending out lots of messages. Not really enough to go on.

If you look at the headers, does that show the source as being external?

Simon.
0
 

Author Comment

by:ryank85
ID: 39685472
Hi Simon

The emails are blank, we can only see where the email has come from:-

These are the message headers.

Received: from domain.local (192.168.0.2) by SERVER.domain.local
 (192.168.0.2) with Microsoft SMTP Server id 8.3.298.1; Fri, 29 Nov 2013
 02:23:35 +0000
From: "Unknown@domain.local" <Unknown@domain.local>
Date: Fri, 29 Nov 2013 02:23:35 +0000
Subject:
Thread-Index: Ac7sqgG5VWOy/XkhRPenYqPNlMkRjQ==
Message-ID: <9b85a112-a7cf-415f-afe9-0ff6238f5fd6@Server.domain.local>
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 0a
X-MS-Exchange-Organization-AuthSource: Server.domain.local
X-MS-Has-Attach:
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39685798
That is coming off something internal.
How much of that header have you changed? Does it really say unknown? Does the second part match your internal domain, or is it really domain.local?

While I appreciate that you want to hide information, in this case it is actually making it hard to diagnose without knowing what is genuine and what has been changed.

For example, some APC software has @domain.local in there as default.

Simon.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:ryank85
ID: 39689335
Hi Simon

The only thing that has been changed in the header is the 'domain' the actual name of the domain is the clients name. e.g clientname.local

thanks
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39692667
Something internal is doing it. I cannot really help you much more than that.
Could be a printer, scanner, script, something like that.
There isn't enough in the header to diagnose the source.

Simon.
0
 

Author Comment

by:ryank85
ID: 39697589
ok thanks for your help
0
 

Author Closing Comment

by:ryank85
ID: 39761712
no more emails received on this matter
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question