Announcement

Collapse
No announcement yet.

Finding Sending user/account

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Finding Sending user/account

    hello all,

    I have Exchange 2003 & all my SMTP connections out are disabled axcept to my Exchange.

    The issue is that i see in the queues many SMTP connections to orphan domains, when i examine the messages they seems like spoofed messages (the sender is an orphan & also the recipient).

    I've instaaled the Exmon also on my Exchange.

    My main question is:

    It seems like a user machine is posting spoofed messages to my exchange server to deliver them.
    Is there a way i can examine and see who is posting / delivers orphan messages to my exchange to deliver ???

    TNX

  • #2
    Re: Finding Sending user/account

    Are you allowing SMTP connections from client computers to the Exchange server? Is the SMTP VS configured to allow relaying? What AV are you using?
    Cheers,

    Daniel Petri
    Microsoft Most Valuable Professional - Active Directory Directory Services
    MCSA/E, MCTS, MCITP, MCT

    Comment


    • #3
      Re: Finding Sending user/account

      hi

      * Yes i allow from internal SMTP access to the mail server.
      * The SMTP VS is configured not to relay (except for the exchange and one other server on the network)
      * i'm using Kaspersky, currently only on the clients.

      -- is there a way to monitor who (what machine / IP) subbmitted the messages to the Exchange to deliver them?

      TNX again

      Comment


      • #4
        Re: Finding Sending user/account - one more thing

        Is there a way to see who on the network is using a MAPI client to deliver messages to the exchange to deliver ?

        Is there any log and what level to configure on the exchange server for those investigations ?

        I don't understand why there is no tool to track messages and their path (what IP created them, to where where submited & so on until it's been delivered to the next mail server) - Or is there such a tool ?

        TNX a lot

        Comment


        • #5
          Re: Finding Sending user/account

          Messages can enter the server's queue in several ways. One of them is via the store itself (i.e. MAPI or OWA). The other is via SMTP. For that you can use SMTP protocol logging. A third way could be via the Pickup directory, but unless people have access to that path I can't see how it could be used.
          Cheers,

          Daniel Petri
          Microsoft Most Valuable Professional - Active Directory Directory Services
          MCSA/E, MCTS, MCITP, MCT

          Comment


          • #6
            Re: Finding Sending user/account

            OK

            But still, how can i log who posted messages to the exchange ? (posted via MAPI).

            I still need a way to trace how and from where those messages got into my Exchange for outbound delivery .

            Thank You

            Comment


            • #7
              Re: Finding Sending user/account

              Exchange doesn't record that information. There is no record stored on what client sent the messages.

              However if you are seeing spam messages in your message queues then I can pretty much guarantee that it is not a user on your network sending those messages.

              Take a read of my blog posting on the subject:
              http://www.sembee.co.uk/archive/2008/03/13/73.aspx

              Simon.
              --
              Simon Butler
              Exchange MVP

              Blog: http://blog.sembee.co.uk/
              More Exchange Content: http://exchange.sembee.info/
              Exchange Resources List: http://exbpa.com/
              In the UK? Hire me: http://www.sembee.co.uk/

              Sembee is a registered trademark, used here with permission.

              Comment


              • #8
                Re: Finding Sending user/account

                Yes..you can view entire details without any issues. Just do one thing..copy one of the log files to your local desktop and try exchange log analyzer tool to determine who is sending mails to you. So that you would be knowing it.

                And also you can set SMTP logging option, so that you can view from which desktop IP, mails are being sent.

                Cheers
                Jan's

                Comment


                • #9
                  Re: Finding Sending user/account

                  Unfortunately what has been posted above is not correct.
                  While you can turn up SMTP logging, it will not show you which MAPI clients have submitted the message. SMTP logging would only show you SMTP clients are submitting the messages.

                  Plus watching the logs for an internal machine is a waste of time as it is not an internal machine sending the mail. Those messages are coming from outside the network.

                  Simon.
                  --
                  Simon Butler
                  Exchange MVP

                  Blog: http://blog.sembee.co.uk/
                  More Exchange Content: http://exchange.sembee.info/
                  Exchange Resources List: http://exbpa.com/
                  In the UK? Hire me: http://www.sembee.co.uk/

                  Sembee is a registered trademark, used here with permission.

                  Comment

                  Working...
                  X