Exchange 2k3 Tracking

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

matt_aj

Thread Starter
Joined
Jan 23, 2006
Messages
658
We have an employee that got a NDR for an email that the employee says she never sent.

In the Exchange tracking it shows that the message was sent with her account but it doesn't show up in her mailbox. No one has permissions to send on her behalf.

I need to find out if the email is getting sent from another system (something using exchange to relay off of). Is there anyway to track an email in Exchange 2003 to show what the origination IP address is? I've used the exchange message tracking and even cracked open the raw logs to no avail.

This one got kicked back and that's how she noticed it. My concern is if any others are getting sent out without us knowing....

Of course a virus is of concern but if I can narrow down what system sent the email to exchange at least I'll know if it's coming from her machine or another server or something like a copier. At least then I'll know where to start looking.
 
Joined
Jul 29, 2001
Messages
21,334
Change passwords on all accounts and scan for a virus to begin with. Second set your firewall to only allow emails to originate from the Exchange server IP address and no other IP addresses. If it was her account that sent it and it did originate from your server it would tell you in the email header. Someone is probably just spoofing her email address and she is getting the NDR, happens all the time.
 

matt_aj

Thread Starter
Joined
Jan 23, 2006
Messages
658
This isn't a spoofed message. This is a legit message. I know that it sent out of my exchange server. I can see that. I don't really care about the NDR but that's just how this was found.

The real issue is that this email was sent through my exchange but it wasn't sent through her mailbox. I need to find out if I can see what IP address sent it to the exchange server so I know where (internally) this email came from.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top