No announcement yet.

How to find NULL sender account ???

  • Filter
  • Time
  • Show
Clear All
new posts

  • How to find NULL sender account ???


    We need some help !!!
    We have some email sended out of our customer network via exchange and that are sent with a NULL sender and with unknown recipient address (with unknown domain). That seems to be some spam or spyware...but we want to know which computer or account is sending those emails.

    How can we do that ?

    This is an exchange 2003 server. Is it possible with an exchange debug to have the ip address or the account of the sender ?

    Thanks a lot for your help.

  • #2
    Re: How to find NULL sender account ???

    How do you know it has come from your network? Do the headers show that?
    How do you know it has come from your server? Are these messages in the queues?
    There are lots of ways that an Exchange server can be abused - NDR spam, authentication relay etc.

    Blank or null senders is impossible with Exchange, so it could be a compromised machine on your network somewhere. If that is the case blocking port 25 on the firewall will quickly flush them out.

    Finally do you mean the messages are from postmaster@ ? IF you do then that is NDR spam.

    Simon Butler
    Exchange MVP

    More Exchange Content:
    Exchange Resources List:
    In the UK? Hire me:

    Sembee is a registered trademark, used here with permission.