Can e-mails be originated by security groups?

  • From: "Robert Lingenfelter" <rlingenfelter@xxxxxxxxxxxx>
  • To: exchangelist@xxxxxxxxxxxxx
  • Date: Mon, 2 Aug 2004 11:57:19 -0600


 Great to discover this resource! Hope this is not a stupid question. We
have Exchange 2000, and our network is protected by Norton AV Corp Ed and
Symantec MS Exchange 4.5. The MS Exchange seems to work very well to
protect the mailboxes, but we seem to still experience some suspicious
emails, possibly originating from within the server. I am just learning
the workings of the Exchange, so I could use some help. My first question
1) Can a distribution group originate an e-mail? For example, if I have a
group in Exchange called Sales, I know I can send to Sales, but should I
ever receive an e-mail from Sales? The source could be spoofed, but I
don't know how to check.

 2) If mail from Sales is legit, and it contains a virus, where do I look?
Can a virus "live" in the M: drive, and not be subject to a scan?

 3)Message tracking in Exchange shows that the suspected group has sent
email. Is it possible that the message originated on the intranet, or else
completely outside of the network, but "shows up" in the msg tracking list
because it flows through our Exchange?

 (sorry if the questions are not well formed or concise)

4) What is the process to completely scan the server, M: drive, pub1 and
priv1, MDBDATA, others??

Thanks for any help,

Other related posts:

  • » Can e-mails be originated by security groups?