No announcement yet.

alert on suspicious mail activity

  • Filter
  • Time
  • Show
Clear All
new posts

  • alert on suspicious mail activity

    hello everybody,

    i am working with windows server 2008 R2 and on it exchange 2010 sp2

    how can i configure an alert on suspicious mail activity ? (sending more mails than usual)

    thanks in advance .

  • #2
    Re: alert on suspicious mail activity

    Lets start by defining "usual"

    Once that's done, you could probably do a powershell script to track sent item count, compare it with previous (would have to be saved to a file) and if the change is greater than the "usual" mail flow, raise an alert.

    IMHO look for third party solutions e.g. mail server AV scanning the outgoing queue
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **


    • #3
      Re: alert on suspicious mail activity

      Hi Bil,
      You would have to enable auditing for exchange server that will show you all the activities made in exchange 2010.
      To enable auditing, you need to follow the instructions given at this well explained article :

      Though, the native auditing tool does not facilitates to get alerts of any suspicious activities made in exchange server.
      Further, you can have a look at [DELETED BY MOD]. It track all the changes made in exchange server at granular level with real time monitoring and alerts instantly by sending customized email notification of all suspicious activities so that, you can take appropriate action before any critical changes occurred.

      [MOD EDIT] Ho, hum, another probably spammer from a certain software company. Unless your next few posts are helpful, and do NOT push particular products, a ban WILL be forthcoming [/MOD EDIT]
      Last edited by Ossian; 7th August 2014, 14:49.