Solved

Unknown Email

Posted on 2013-11-29
7
358 Views
Last Modified: 2014-01-07
Hi,

A client of mine is receiving a lot of emails from unknown@domain.local to their exchange mailboxes

I have checked and the exchange/smtp server and it's not set to logging as per some of the forum i've seen.

Any other ideas?

thanks
Ryan
0
Comment
Question by:ryank85
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39685183
What do the messages actually say? It could simply be a spamming run, or an application that is sending out lots of messages. Not really enough to go on.

If you look at the headers, does that show the source as being external?

Simon.
0
 

Author Comment

by:ryank85
ID: 39685472
Hi Simon

The emails are blank, we can only see where the email has come from:-

These are the message headers.

Received: from domain.local (192.168.0.2) by SERVER.domain.local
 (192.168.0.2) with Microsoft SMTP Server id 8.3.298.1; Fri, 29 Nov 2013
 02:23:35 +0000
From: "Unknown@domain.local" <Unknown@domain.local>
Date: Fri, 29 Nov 2013 02:23:35 +0000
Subject:
Thread-Index: Ac7sqgG5VWOy/XkhRPenYqPNlMkRjQ==
Message-ID: <9b85a112-a7cf-415f-afe9-0ff6238f5fd6@Server.domain.local>
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 0a
X-MS-Exchange-Organization-AuthSource: Server.domain.local
X-MS-Has-Attach:
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39685798
That is coming off something internal.
How much of that header have you changed? Does it really say unknown? Does the second part match your internal domain, or is it really domain.local?

While I appreciate that you want to hide information, in this case it is actually making it hard to diagnose without knowing what is genuine and what has been changed.

For example, some APC software has @domain.local in there as default.

Simon.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 

Author Comment

by:ryank85
ID: 39689335
Hi Simon

The only thing that has been changed in the header is the 'domain' the actual name of the domain is the clients name. e.g clientname.local

thanks
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39692667
Something internal is doing it. I cannot really help you much more than that.
Could be a printer, scanner, script, something like that.
There isn't enough in the header to diagnose the source.

Simon.
0
 

Author Comment

by:ryank85
ID: 39697589
ok thanks for your help
0
 

Author Closing Comment

by:ryank85
ID: 39761712
no more emails received on this matter
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What does UTC stand for?  “Coordinated Universal Time” – Think of this as the true time on Planet Earth that never changes with the exception of minor leap seconds here and there to account for the changes in the planet's rotation.   What does th…
Large Outlook files lead to various unwanted errors and corruption issues. Furthermore, large outlook files can also make Outlook take longer to start-up, search, navigate, and shut-down. So, In this article, i will discuss a method to make your Out…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
how to add IIS SMTP to handle application/Scanner relays into office 365.

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question