Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows Server 2003Windows 2000Windows NTSmall Business ServerVirtual ServerExchange ServerIISHost Integration ServerISA ServerSMSWSUSMOMWindows Media ServerSecurityCertification
Related Topics
SQL ServerMS WindowsMS OfficePC HardwareMore Topics ...
Windows Server Forum / Exchange Server / Applications / April 2006

Tip: Looking for answers? Try searching our database.

Logging sent emails

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Shadow Guild - 13 Apr 2006 19:07 GMT
First of all, I do not know if this is the proper place for this post... I
couldn't think of a better place for it.

I have a problem where it seems that my exchange03 server is sending out
other people's spam... I have done multiple Open Relay tests on multiple
sites, as well as check a bunch of blacklist servers, and every indication is
that our server is locked up tight.

The reason I suspect our server is sending out spam is because I am
receiving hundreds of "could not be delivered" emails.  When I dig in the
email, I see that it is being sent from a bogus email address with our domain
attached to it.

Is there any way to log who is sending, when it is being sent, and who it is
sent to?  If not, then does anyone have an explination as to why this is
happening?
Reply to this Message
Martin Blackstone - MVP - 13 Apr 2006 19:21 GMT
Chances are that it is spammers using your domain name as the sending domain
(spammer@yourdomain.com). Not your actual server.

You could of course check your SMTP server logs, but I suspect you will find
they are not coming from you.

> First of all, I do not know if this is the proper place for this post... I
> couldn't think of a better place for it.
[quoted text clipped - 15 lines]
> sent to?  If not, then does anyone have an explination as to why this is
> happening?
Reply to this Message
Henning Krause [MVP] - 13 Apr 2006 19:22 GMT
Hello,

receiving these NDRs does not necessarily mean that someone sends spam
emails through your network. Instead, it might be simply someone spoofing
the MAIL FROM: address. Since the "from" address is never verified, this is
very easy.

Apart from that, if you made those relay-tests, you can be fairly sure that
no one is sending these spam mails through your server.

But, there might be compromised workstation computer in your internal
network. These are often used as spam-proxies. So you might want to check
the network traffic in your organization - or disable the traffic on port 25
from workstation to the internet.

Greetings,
Henning Krause

recevi
> First of all, I do not know if this is the proper place for this post... I
> couldn't think of a better place for it.
[quoted text clipped - 15 lines]
> sent to?  If not, then does anyone have an explination as to why this is
> happening?
Reply to this Message
Shadow Guild - 13 Apr 2006 20:13 GMT
Thank you both for replying so quickly.

Unfortunatly I will have to rely on hope that our domain name does not get
blacklisted... *sigh*

> Hello,
>
[quoted text clipped - 34 lines]
> > sent to?  If not, then does anyone have an explination as to why this is
> > happening?
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.