We help IT Professionals succeed at work.

Exchange 2007 sending spam

jnazz asked
Is there a way to find the IP address of the host sending messages from Exchange message tracker or some other way. I'm trying to track down a host that is sending a lot of messages.

I've check THE RELAING and that is limited to servers.
Watch Question

Alan HardistyCo-Owner
Top Expert 2011

Is the host sending internally through your Exchange server or are you seeing lots of messages in the outbound queue from <> waiting to go out?

What Anti-Spam software do you have installed and is it performing AD lookups to filter invalid recipients?

Does your mail server receive emails directly from the web or via a 3rd party which spam-filters them first?



Yes internally through the exchange server. there doesn't seem to be a lot but enough to cause concern.

We are using Mcafee SAAS for spam and virus scanning and they are 3rd party relay host.

When I use the massage tracking tool on the exchange server all I see is the host of the exchange server and Mcafee servers ip addresses. What  I need is the Mac or IP address of the host sending to exchange2007.
Top Expert 2011
The problem there is that you could have an external user using HTTPS (Outlook Anywhere) which is sending them, so they may well appear as an internal user.

Depending on the size of your company, you could disable HTTPS access for a short while and see if that stems the flow of emails to the server.  If it does, then one of your remote users has an infection.  If not, then an internal user does and you would probably need to use something like Wireshark to sniff the network and figure out where the traffic is coming from.