j_crow1
asked on
How to find what IP a user is accessing Exchange from remotly?
I have a user that has left the company, but due to an employee contract he has e-mail access until the end of the year. The problem is that whatever computer he is using is probably infected with some kind of botnet.
Every night his e-mail sends out about 30 e-mails in German with trojan attachments. GFI has blocked all of these e-mails, but since I have no access to the computer he may be using at his new job, I cannot ensure those computers are clean. I need to find out what IP this is coming from. Is there a way to do this? If I find out it is the IP of his new company, I can shut down access until that computer has been cleaned.
Every night his e-mail sends out about 30 e-mails in German with trojan attachments. GFI has blocked all of these e-mails, but since I have no access to the computer he may be using at his new job, I cannot ensure those computers are clean. I need to find out what IP this is coming from. Is there a way to do this? If I find out it is the IP of his new company, I can shut down access until that computer has been cleaned.
ASKER
It is not displaying an IP address, but it does display a client host name...how accurate is this?
The ClientHostname should be accurate, but I am surprised you are not getting a client address. Most likely coming from someones mailbox or an open relay.
Do you see the sender address and can you log into that mailbox?
Do you see the sender address and can you log into that mailbox?
ASKER
Yes, but those items are not in his sent folder. I do not have an open relay...where else should I check for where this could be coming from?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I will try that tonight and see if those e-mails get sent out.
Any luck?
Open in new window
From there make the table in Excel, and then search for the client IP that is not an Exchange server.