1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Exchange 2k3 Tracking

Discussion in 'Windows Server' started by matt_aj, Nov 18, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. matt_aj

    matt_aj Thread Starter

    Joined:
    Jan 23, 2006
    Messages:
    658
    We have an employee that got a NDR for an email that the employee says she never sent.

    In the Exchange tracking it shows that the message was sent with her account but it doesn't show up in her mailbox. No one has permissions to send on her behalf.

    I need to find out if the email is getting sent from another system (something using exchange to relay off of). Is there anyway to track an email in Exchange 2003 to show what the origination IP address is? I've used the exchange message tracking and even cracked open the raw logs to no avail.

    This one got kicked back and that's how she noticed it. My concern is if any others are getting sent out without us knowing....

    Of course a virus is of concern but if I can narrow down what system sent the email to exchange at least I'll know if it's coming from her machine or another server or something like a copier. At least then I'll know where to start looking.
     
  2. Rockn

    Rockn

    Joined:
    Jul 29, 2001
    Messages:
    21,334
    Change passwords on all accounts and scan for a virus to begin with. Second set your firewall to only allow emails to originate from the Exchange server IP address and no other IP addresses. If it was her account that sent it and it did originate from your server it would tell you in the email header. Someone is probably just spoofing her email address and she is getting the NDR, happens all the time.
     
  3. matt_aj

    matt_aj Thread Starter

    Joined:
    Jan 23, 2006
    Messages:
    658
    This isn't a spoofed message. This is a legit message. I know that it sent out of my exchange server. I can see that. I don't really care about the NDR but that's just how this was found.

    The real issue is that this email was sent through my exchange but it wasn't sent through her mailbox. I need to find out if I can see what IP address sent it to the exchange server so I know where (internally) this email came from.
     
  4. Rockn

    Rockn

    Joined:
    Jul 29, 2001
    Messages:
    21,334
    You sure the server is not an open relay?
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1027373

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice