Outgoing Email Log

Unanswered Question
May 15th, 2007

Hello,

Please excuse me if this is a stupid question... i just implemented exchange 2007 with an IronPort C100 to catch emails, filter out spam, then deliver them to the exchange.

My question is this... when I look at the monitoring page my outgoing email numbers are WAY larger than they should be.

Also the internal users page my top 10 outgoing users aren't even internal users!

Am I doing something wrong or where should I even really start...

Thanks in advance!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tminchin_ironport Wed, 05/16/2007 - 12:13

That looks bad.

You could have:

1) lots of people forwarding emails from your Exchange system
2) turned either your Exchange or Ironport into an open relay
3) have trojaned systems on your network as spam relays

cshort_ironport Wed, 05/16/2007 - 13:38

I've done all the online tests I can think of for an open relay and they all said it wasn't open...

Any ideas where I can start trying to pin this stuff down?

chhaag Wed, 05/16/2007 - 16:29

To pin down what is happening, you'll likely need to trace one of these senders through your mail logs.

Log into the CLI (download putty from the web) and follow this article:
How can I determine the disposition of a message using the mail logs?
http://tinyurl.com/jb7z4

Search for the "From" address you see in the reports. You'll be able to determine exactly which host or hosts are injecting these outbound messages. If you get stuck, you may want to put a call into our support team, we can talk you through using the CLI "grep" command.

Chris

Actions

This Discussion