We have an employee that got a NDR for an email that the employee says she never sent.
In the Exchange tracking it shows that the message was sent with her account but it doesn't show up in her mailbox. No one has permissions to send on her behalf.
I need to find out if the email is getting sent from another system (something using exchange to relay off of). Is there anyway to track an email in Exchange 2003 to show what the origination IP address is? I've used the exchange message tracking and even cracked open the raw logs to no avail.
This one got kicked back and that's how she noticed it. My concern is if any others are getting sent out without us knowing....
Of course a virus is of concern but if I can narrow down what system sent the email to exchange at least I'll know if it's coming from her machine or another server or something like a copier. At least then I'll know where to start looking.
In the Exchange tracking it shows that the message was sent with her account but it doesn't show up in her mailbox. No one has permissions to send on her behalf.
I need to find out if the email is getting sent from another system (something using exchange to relay off of). Is there anyway to track an email in Exchange 2003 to show what the origination IP address is? I've used the exchange message tracking and even cracked open the raw logs to no avail.
This one got kicked back and that's how she noticed it. My concern is if any others are getting sent out without us knowing....
Of course a virus is of concern but if I can narrow down what system sent the email to exchange at least I'll know if it's coming from her machine or another server or something like a copier. At least then I'll know where to start looking.