Unknown Email

Hi,

A client of mine is receiving a lot of emails from unknown@domain.local to their exchange mailboxes

I have checked and the exchange/smtp server and it's not set to logging as per some of the forum i've seen.

Any other ideas?

thanks
Ryan
ryank85Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
What do the messages actually say? It could simply be a spamming run, or an application that is sending out lots of messages. Not really enough to go on.

If you look at the headers, does that show the source as being external?

Simon.
0
ryank85Author Commented:
Hi Simon

The emails are blank, we can only see where the email has come from:-

These are the message headers.

Received: from domain.local (192.168.0.2) by SERVER.domain.local
 (192.168.0.2) with Microsoft SMTP Server id 8.3.298.1; Fri, 29 Nov 2013
 02:23:35 +0000
From: "Unknown@domain.local" <Unknown@domain.local>
Date: Fri, 29 Nov 2013 02:23:35 +0000
Subject:
Thread-Index: Ac7sqgG5VWOy/XkhRPenYqPNlMkRjQ==
Message-ID: <9b85a112-a7cf-415f-afe9-0ff6238f5fd6@Server.domain.local>
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 0a
X-MS-Exchange-Organization-AuthSource: Server.domain.local
X-MS-Has-Attach:
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
0
Simon Butler (Sembee)ConsultantCommented:
That is coming off something internal.
How much of that header have you changed? Does it really say unknown? Does the second part match your internal domain, or is it really domain.local?

While I appreciate that you want to hide information, in this case it is actually making it hard to diagnose without knowing what is genuine and what has been changed.

For example, some APC software has @domain.local in there as default.

Simon.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

ryank85Author Commented:
Hi Simon

The only thing that has been changed in the header is the 'domain' the actual name of the domain is the clients name. e.g clientname.local

thanks
0
Simon Butler (Sembee)ConsultantCommented:
Something internal is doing it. I cannot really help you much more than that.
Could be a printer, scanner, script, something like that.
There isn't enough in the header to diagnose the source.

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ryank85Author Commented:
ok thanks for your help
0
ryank85Author Commented:
no more emails received on this matter
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.