none
Exchange 201 - Track source of submitted spam messages RRS feed

  • Question

  • I have a client with an exchange 2010 server and in the queue viewer  we are getting spam from some where. There are no open relays and I have checked the local systems and have not found a bug yet.

    Is there a way on the exchange server to find out where the messages are being submitted from. I have tried the message tracking in the EMC and no luck. Is there a simple program that can be used the read the log files.

    Here is a simple of some of the messages. Note the from address

    Identity: EXCHANGE2010\509\1343

    Subject: Undeliverable: Everything you need for the new 2015 I-Codes

    Internet Message ID: <2c2a6030-40f4-4b0f-8bad-8e56c924ee58@domain.com>

    From Address: <>

    Status: Ready

    Size (KB): 10

    Message Source Name: DSN

    Source IP: 255.255.255.255

    SCL: -1

    Date Received: 6/12/2014 11:26:26 AM

    Expiration Time: 6/14/2014 11:26:26 AM

    Last Error:

    Queue ID: EXCHANGE2010\509

    Recipients:  bounce@learn.cengage.com


    Charlie Brown

    Thursday, June 12, 2014 6:28 PM

Answers

  • This message that you have mentioned here is a bounce back message.

    You need to search for the original email.

    Search for the subject line excluding the "Undeliverable part" while tracking the message.

    Message tracking is your best friend here. It might most probably be a SMTP submission.

    Run this on your Exchange management shell

    Get-TransportServer | get-MessageTrackingLog -MessageSubject "Everything you need for new 2015 I-Codes"

    If you want, you can specify the start and the end times as well. Else, it will run against entire message tracking logs.

    • Marked as answer by Charliesrh Friday, June 13, 2014 1:27 PM
    Thursday, June 12, 2014 6:47 PM

All replies

  • This message that you have mentioned here is a bounce back message.

    You need to search for the original email.

    Search for the subject line excluding the "Undeliverable part" while tracking the message.

    Message tracking is your best friend here. It might most probably be a SMTP submission.

    Run this on your Exchange management shell

    Get-TransportServer | get-MessageTrackingLog -MessageSubject "Everything you need for new 2015 I-Codes"

    If you want, you can specify the start and the end times as well. Else, it will run against entire message tracking logs.

    • Marked as answer by Charliesrh Friday, June 13, 2014 1:27 PM
    Thursday, June 12, 2014 6:47 PM
  • Thank you that worked

    Charlie Brown

    Friday, June 13, 2014 1:27 PM