Exchange 2010 Email Address Spamming
Posted on 2014-02-19
Hi, yesterday we found that a domain user was receiving "Undeliverable" emails in her inbox, 5000 of them about. We use a Cisco IronPort device to filter and found that her email address had sent 33k emails during the day yesterday. I worked with Cisco to adjust our outgoing policy to state that if any emails are scanned as spam or a threat, drop them. It was set to deliver them...
Cisco stated that the emails are still being sent from our mail server, so i need to find out how. I tried with doing a "get-messagetrackinglog" with the header of a spam email and it tells me the sender (which i already knew). How do i stop exchange from sending on behalf of this user, what could it be? any tips on this are greatly appreciated.