[ExchangeList] Re: How to find a PC that is sending rogue emails?

• From: "Todd Lemmiksoo" <tlemmiksoo@xxxxxxxxxxxx>
• To: <exchangelist@xxxxxxxxxxxxx>
• Date: Fri, 29 Jan 2010 10:51:48 -0500

Thanks. My firewall is MS ISA2006, if my memory is correct I have the ISA2006 
set to only allow mail from my Exchange server. But I will check it out.
 
 
Todd Lemmiksoo 
________________________________

From: exchangelist-bounce@xxxxxxxxxxxxx on behalf of paul_lemonidis@xxxxxxxxxxx
Sent: Fri 1/29/2010 10:46 AM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: How to find a PC that is sending rogue emails?


Hi Todd
 
Depending on what firewall you have, can  you allow only the Exchange server 
outbound SMTP access and then check the logs to see what IP address is sending 
the messages in the firewall logs? It may not be the Exchange server Also it 
might be worth doing message tracking on one of the messages to ensure it did 
or didn't go from the Exchange server. If a machine has a virus it may not be 
going from the Exchange server. It may be doing the SMTP itself. Whilst you 
cannot relay from outside you may be able to internally too. You should check 
that too. A virus infected PC could submit messages if could relay or as 
mentioned previously it could send directly if can go out directly on port 25. 
 
Regards,
 
Paul Lemonidis.

From: Todd Lemmiksoo <mailto:tlemmiksoo@xxxxxxxxxxxx>  
Sent: Friday, January 29, 2010 3:22 PM
To: exchangelist@xxxxxxxxxxxxx 
Subject: [ExchangeList] How to find a PC that is sending rogue emails?

I have a situation where emails from memberservice@xxxxxxxxxxxx are being 
routed through my exchange 2003 server. I have scanned every PC in the company 
and all but a few remote users without finding it. I taken to stopping the 
outbound message queue at night and deleting the messages in the morning. Is 
there something I can do on the exchange server to stop the emails from being 
accepted by Exchange? 
I have tested my server from the internet and it does not relay. My server is 
mail.all-mode.com 24.97.109.58
Help!
 
Todd Lemmiksoo 
Network Administrator 
All-Mode Communications
1725 Dryden Road
Freeville, NY 13068
 1-877-all-mode

• Follow-Ups:
  • [ExchangeList] Re: How to find a PC that is sending rogue emails?
    • From: Robert K Coffman Jr. -Info From Data Corp.

• References:
  • [ExchangeList] How to find a PC that is sending rogue emails?
    • From: Todd Lemmiksoo
  • [ExchangeList] Re: How to find a PC that is sending rogue emails?
    • From: paul_lemonidis

Other related posts:

• » [ExchangeList] How to find a PC that is sending rogue emails?- Todd Lemmiksoo
• » [ExchangeList] Re: How to find a PC that is sending rogue emails?- paul_lemonidis
• » [ExchangeList] Re: How to find a PC that is sending rogue emails? - Todd Lemmiksoo
• » [ExchangeList] Re: How to find a PC that is sending rogue emails?- Robert K Coffman Jr. -Info From Data Corp.
• » [ExchangeList] Re: How to find a PC that is sending rogue emails?- Todd Lemmiksoo

1. Home
2. exchangelist
3. Archive
4. 01-2010

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---