Logging #5

Hello-  My outbound queue in exchange is constantly filled with junk
domains, with messages from "postmaster@mydomain.com" .. This leads me to
believe that there is obviously a compromised machine on the network..  I'd
like to be able to see what IP address each of these messages are
originating from, but the logging facilities in exchange don't seem to
reveal the IP.  Could someone please direct me in the right direction?

Thanks,
Rob

0
rg.t (1)
1/6/2007 8:32:27 PM
exchange.admin 57650 articles. 1 followers. Follow

2 Replies
213 Views

Similar Articles

[PageSpeed] 26

rob wrote:
> Hello-  My outbound queue in exchange is constantly filled with junk
> domains, with messages from "postmaster@mydomain.com" .. This leads me to
> believe that there is obviously a compromised machine on the network..  I'd
> like to be able to see what IP address each of these messages are
> originating from, but the logging facilities in exchange don't seem to
> reveal the IP.  Could someone please direct me in the right direction?
>
> Thanks,
> Rob
SMTP activity log will give you this information - in Default SMTP 
Virtual Server properties, General tab, Enable logging, Properties, 
Advanced set all checkmarks and OK out of there.

-- 
If my message is helpful, please help me by registering at http://www.openoffice.org/servlets/Join and voting for the following issues:
http://www.openoffice.org/issues/show_bug.cgi?id=24969
http://www.openoffice.org/issues/show_bug.cgi?id=29807
http://www.openoffice.org/issues/show_bug.cgi?id=51564
http://www.openoffice.org/issues/show_bug.cgi?id=70753
http://www.openoffice.org/issues/show_bug.cgi?id=15220
http://www.openoffice.org/issues/show_bug.cgi?id=10931
http://www.openoffice.org/issues/show_bug.cgi?id=35579
http://www.openoffice.org/issues/show_bug.cgi?id=32785
http://www.openoffice.org/issues/show_bug.cgi?id=1035
http://www.openoffice.org/issues/show_bug.cgi?id=67838
http://www.openoffice.org/issues/show_bug.cgi?id=39527
http://www.openoffice.org/issues/show_bug.cgi?id=64785

Thank you very much! 
0
kpalagin (1838)
1/6/2007 9:02:24 PM
rob <rg.t@vortex.org> wrote:

>Hello-  My outbound queue in exchange is constantly filled with junk
>domains, with messages from "postmaster@mydomain.com" .. This leads me to
>believe that there is obviously a compromised machine on the network..  

More likely they're just NDRs becasue you accept all email addressed
to your domain even if you can't deliver it.

Use Recipient Filtering and vaidate the RCPT To addresses against your
AD. 

>I'd
>like to be able to see what IP address each of these messages are
>originating from, but the logging facilities in exchange don't seem to
>reveal the IP.  Could someone please direct me in the right direction?

The SMTP Protocol Log will have the information.

-- 
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@getronics.com
Or to these, either: mailto:h.pott@pinkroccade.com mailto:melvin.mcphucknuckle@getronics.com mailto:melvin.mcphucknuckle@pinkroccade.com
0
richnews (7316)
1/6/2007 10:03:05 PM
Reply:

Similar Artilces:

exchange 5.5 priv.edb attachements
hi, after extracting every mailbox to *.pst. The problem is that all "not *.txt" attachements are lost, although the mails actually contain enough Kb (as if the attachement surely is ther) anyone been there befor PS: the database is corrupted greetings ...

Unable to log into my Outlook mail
I can log into my win2k domain, but when I open my outlook I get prompted for username, password,and domain. When I enter the correct info, the system replies that it's incorrect. I have tried changing passwords and many other fixes, including uninstalling and reinstalling office and still can't get it to work. I can log into outlook and my account from a different computer, but not from mine. Scanned my computer with Norton NAV. On the client side, using Outlook 2002, with winXP sp1, office 2002 sp1 & 2. On the server side, using echange 2000 with sp 3, windows 2000 ser...

Online Log Size
I've got a 40G SS 2005 table without indexes that I need to add a clustered index to. I know that if I do a standard index addition, it will write out about 40G to the log and I was hoping to avoid that. If do the ONLINE option for building this clustered index, will it write out significantly less to the log by any chance? Nope - but, you can try changing the recovery model to BULK-LOGGED and seeing if that reduces the amount of data recorded in the transaction log. Remember to change the recovery model back to full after the index has been rebuilt. Note: the transact...

Circular Logging
Can circular logging in Exchange 2003 really free up 20 GB of hard disk space? I enabled it and I was amazed to see my free space five-fold. yip, not necessarily 20mb but just make sure u backup the transaction logs, u will need when u do a restore of your database. "Josh" <Josh@puzzled.com> wrote in message news:26a701c4aada$a7d2f7b0$a501280a@phx.gbl... > Can circular logging in Exchange 2003 really free up 20 GB > of hard disk space? I enabled it and I was amazed to see > my free space five-fold. Josh wrote: > Can circular logging in Exchange 2003 r...

Exchange 5.5 #37
What are the major routines/challenegs administering Exchange 5.5 with XP clients? what exactly do you mean? I still have one Exchange 5.5 server in my environment with XP users accessing it with no issues whatsoever, although we did see a couple of instances described in this article: http://support.microsoft.com/default.aspx?scid=kb;en-us;255843 "jhkadmin" <jhkadmin@discussions.microsoft.com> wrote in message news:6F488C91-37D3-4BFE-9A1F-098D85939151@microsoft.com... > What are the major routines/challenegs administering Exchange 5.5 with XP > clients? I cant th...

multiple personal folders #5
I have outlook 2003. How do I set up mutiple email accounts and have them seperate in to different personal folders. The settings I have found look like a "either or " setting. This was possable in older versions You can use profiles or you can set up one .pst file and have the mail delivered to the common in-box and move the mail via rules wizard to the appropriat folder. It sounds like profiles would be a better solution for you. Control Panel->Mail Icon->Show Profiles. --� Milly Staples [MVP - Outlook] Post all replies to the group to keep the discussion intact. D...

log events in the event log
I want to be able to track when a user connects to their mailbox. I have someone who is trying to connect to other mailboxes and I want this to be log in the event log. I would like to show the user name and the mailbox they tried to connect to in the same event. Is there a way to do this? Thanks in advance for your help... Question for you...Does this person who is attempting to connect to the mailboxes have full exchange administrator rights on the Exchange Org? If so, you may want to refer to a previous post as this same question was asked and then answered. Jermaine "faf19...

Diagnostics Logging
Some email to some domains can't be delivered showing as "The connection was dropped by the remote host" What type of logging should I enable to troubleshoot this? THanks also, where does it log too be default? "James" <fake@email.com> wrote in message news:uxUhWt9eEHA.1652@TK2MSFTNGP09.phx.gbl... > Some email to some domains can't be delivered > showing as "The connection was dropped by the remote host" > > What type of logging should I enable to troubleshoot this? > > THanks > > ...

Exchange 5.5 size-constraint-violation
Hi to all. We have a strange problem with our exchange system (5.5 SP4). In our site we have 4 mailboxservers (3500 users) and one bridgehead server. Since the rollout from Office 2003/Outlook 2003 we got ndr's with id 290. In the logs i see the following event: "A non delivery roport (reason code transfer-failure and diagnostic code size-constraint-violation) is being generated ... and was redirected ..." No one get's the ndr and the mail is lost. If the sender send's the mail a 2nd or 3 rd time the mail arrives. If i move the sender and the recipient to the same ex...

Problem with log in to Vista
I've got a problem with my Vista (Home Premium) I tried to log in in the morning and this problem occured - all of my desktop icons (same goes to wallpaper) vanished, my Windows taskbar won't open and I can only browse my computer through one explorer window that popped out during a log in (I can browse all the areas/hdd's of my pc) I scanned my OS with AVG antivir but the problem still occurs. It's been 8 months since I install the system (and i've got all the updates) and I never had a problem like this before. What is it? Is it a virus or any other piece of m...

How to log internet header of incoming emails?
Hello, I want to log internet header of incoming emails. I want to see the content of the Bcc field. Is it possible? And if yes, how and where I have to config the log settings in exchange server? We use exchange 2000. Thanks. Regards Christian You can create a rudimentary log of incoming mail using the SMTP protocol logging feature of the SMTP virtual server. It will not record the BCC field or any of the message content, though. The BCC field would be inside the RFC 2822 header of the message. To record anything in that you would need an SMTP protocol sink. The Archive sink mig...

exchange 5.5 backup
if i am using windows 2000 server with exchange 5.5 do i need to stop the the services before i take the backup ? Thanks sizly No you don't. If you run the NTBACKUP app (start > Progs > Accessories > System Tools > Backup) you will see the Exchange appear as an additional section at the bottom of your backup screen. If you don't have the tape drive or the desire to back up from the actual server itself you can run the Exchange setup and install only the Administration Components onto any machine with a tape or space to store the backup. You will then (with the rig...

creating a log sheet
Hi all, I've created a method to capture current user (network username) and a date / time stamp. I want this output to be logged on a hidden sheet called 'log' strangely enough! How does it find the next available line in log to output to? tia see if this will help you. you didn't give too specific of a description, so hopefully this is what you're looking for lastRow = Worksheets("log").Cells(Rows.Count, "A").End(xlUp).Row range("A: & lastrow +1) = "your date/time stamp code" -- Gary "sacrum" <sacrum...

OWA, log in to .. log out?
hi Exch 2k3 1 FE server no forms based auth here(yet) This weekend I put a FE server out and put a SSL cerfiticate on it. The name in the certificate is not the same as the server, however our internet facing DNS has an A record for it with the name that is used in the certificate. after the migration I have a small number of users, about 10 out of 1000 that when using OWA get asked to enter credentials when they click "log off". why? Also, because i think its maybe related. This FE server is physically inside our network behind a pix. One thing I wanted to achieve but...

Outlook 2000 can't send mail over Exchange 5.0 if OS is XP Pro
Hi, maybe you guys heard about this problem and could give me a hint: Windows 2000 Server (SP3) with Exchange 5.0 (SP3) XP Pro (SP1) or Windows 2000 Pro with Outlook 2000 Clients. I can send mails from the Windows 2000 Pro clients, but with the "same" setup I can't on the XP Pro clients. I get two errormails back, which say that there is a network error. But the network is ok (can ping and get the server shares), I even can receive mails. I assume it is a authentication problem, but I don't know anymore where to look at. Please help. TIA Alex ...

log-log charts
can't create log-log chart in excel 2000. There is a selection under format axis to choose log scale for the Y- axis but there is no selection for choosing log scale for the x-axis. can anyone help? Hi CT, You need to plot a xy-scatter in order to have log scale on the x axis. Sounds like you are using the line chart type. Where the x axis is a category axis. Cheers Andy CT wrote: > can't create log-log chart in excel 2000. There is a > selection under format axis to choose log scale for the Y- > axis but there is no selection for choosing log scale for > the x-...

How to find out if a user has logged on ?
Hi: Within a Windows Service, is there a way to find out if a user (any user) has already logged on to the machine ? Thanks In Advance ! Polaris You can use NetWkstaGetInfo with a level of 102 to get the number of logged on users. And NetWkstaUserGetInfo will give you information about the logged in user. AliR. "Polaris" <etpolaris@hotmail.com> wrote in message news:%23pmkzBWYFHA.3320@TK2MSFTNGP12.phx.gbl... > Hi: > > Within a Windows Service, is there a way to find out if a user (any user) > has already logged on to the machine ? > > Thanks In Advanc...

Deleting logs from tracking.log in 5.5
some logs got deleted "on the fly" from the tracking.log folder (so, with all services running) I'm wondering if this might affect my exchange server adversely ... don't see anything yet, but I'm holding my breath and reserving the right to throw someone in the fire. anyone? thanks in advance, Mauricio. On Thu, 9 Nov 2006 06:09:02 -0800, mcalvo <mcalvo@discussions.microsoft.com> wrote: >some logs got deleted "on the fly" from the tracking.log folder (so, with all >services running) > >I'm wondering if this might affect my exchange s...

Excel Files #5
How can I alphabetize files within a folder? I have Microsoft Office Excel 2003. thanks In your explorer window there should be a header - "Name". Just click this and it will sort Ascending or Descending. Just click on it until you get the desired results. It will display an arrow to the right of "Name" indicating Ascending or Descending. this works for each of the column header showing in your explorer window. HTH "Debbie" <Debbie@discussions.microsoft.com> wrote in message news:C6D04351-F92A-4AB5-BC21-14F775964D50@microsoft.com... > How ca...

Exchange 5.5 in a Windows 2003 AD
Folks... Any info is truly apreciated....I am planning to do a new installation of Win2k3 to migrate from NT 4 in the first Quarter. I am doing a new install rather than a migration for a number of reasons. The plan is this: 1) Build out new Win2k3 AD 2) Add machines I need (like Exchange 5.5 box) to new WIndows 2003 AD. Does anyone see any problems with this? I will be changing the domain name on the Exchange 5.5 box, but nothing else. Thanks again. Chris Do you have an NT 4 domain? If you do then you can upgrade the domain from NT 4 to Win2k3 w AD. This will automati...

Can not see Domain box when logging into OWA
Exchanger Server 2000, Windows 2000 Server. We have a Windows 2003 DC. Our client computers running XP are not able to login into OWA because they can't see the domain box, when they enter in their username and password. What can I do? Have them logon with their UPN. user@yourADDomain.local On Tue, 19 Apr 2005 15:23:01 -0700, "Kristina" <Kristina@discussions.microsoft.com> wrote: >Exchanger Server 2000, Windows 2000 Server. We have a Windows 2003 DC. Our >client computers running XP are not able to login into OWA because they can't >see the d...

Remove Orphaned 5.5 Site
Is there a KB or paper that describes the safest way to remove an entire 5.5 site that has been 100% orphaned? We have three 5.5 Sites, one of which was shut done incorrectly when the facility closed. All sites are 5.5, all have DirRep to the other 2 Sites, each Site had it's own IMS. I am looking for the correct (safest) way to kill the whole Site, and in what order to run cleanup activities like KCC, Routing Recalc, etc. Thanks. "DavidS" <anonymous@discussions.microsoft.com> wrote: > >Is there a KB or paper that describes the safest way to >remove a...

Lots of application event log entries... is this normal?
I need a bit of help making some sense out of my event log. Hopefully someone can lend a hand. Sorry if this is long. I have an Exchange Server 2003 recently set up and servicing a 50-user company. I was browsing the application even log and I am getting regular and frequent (several every minute, to every few minutes) warnings and one particular error. I believe that most of these are related. BTW the system is performing just fine, I am just uneasy with the presence of all of those warnings . Here are the symptoms I have observed are: Error/Event ID: 7004 - no help from Micros...

Where are Exchange 2000 log files?
Hello: I need to have a look at log files. Where can I find them? Is there a way to activate/deactivate/change level of Exchange 2000 log messages? Thank you very much. Manuel. Which log files? Transaction log files? Check the properties of the Storage Group to find out the location of the transaction logs. You can't read them though. They are not in a format that can be read by any text editor. SMTP log files? Event logs? Can you clarify what you are looking for? You can enable additional logging on many of the components of Exchange (ESM, Server properties, Diagnostics logg...

how do i get a log log plot without taking log
Format each axis; open Scale tab and check the Logarithmic Scale option box best wishes -- Bernard V Liengme www.stfx.ca/people/bliengme remove caps from email "sri" <sri@discussions.microsoft.com> wrote in message news:1B743FB5-AE93-4FC9-80B4-1C9C11B69FDD@microsoft.com... > sri - Create an XY (Scatter) chart type. For each axis, select the axis, and choose Format Axis | Scale | Logarithmic Scale. - Mike www.mikemiddleton.com ...