Exchange 2007 sending spam

Is there a way to find the IP address of the host sending messages from Exchange message tracker or some other way. I'm trying to track down a host that is sending a lot of messages.

I've check THE RELAING and that is limited to servers.
jnazzAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alan HardistyCo-OwnerCommented:
Is the host sending internally through your Exchange server or are you seeing lots of messages in the outbound queue from <> waiting to go out?

What Anti-Spam software do you have installed and is it performing AD lookups to filter invalid recipients?

Does your mail server receive emails directly from the web or via a 3rd party which spam-filters them first?

Alan
0
jnazzAuthor Commented:
Yes internally through the exchange server. there doesn't seem to be a lot but enough to cause concern.

We are using Mcafee SAAS for spam and virus scanning and they are 3rd party relay host.

When I use the massage tracking tool on the exchange server all I see is the host of the exchange server and Mcafee servers ip addresses. What  I need is the Mac or IP address of the host sending to exchange2007.
0
Alan HardistyCo-OwnerCommented:
The problem there is that you could have an external user using HTTPS (Outlook Anywhere) which is sending them, so they may well appear as an internal user.

Depending on the size of your company, you could disable HTTPS access for a short while and see if that stems the flow of emails to the server.  If it does, then one of your remote users has an infection.  If not, then an internal user does and you would probably need to use something like Wireshark to sniff the network and figure out where the traffic is coming from.

Alan
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
AntiSpam

From novice to tech pro — start learning today.