Outgoing Email Log

Unanswered Question
May 15th, 2007
User Badges:

Hello,

Please excuse me if this is a stupid question... i just implemented exchange 2007 with an IronPort C100 to catch emails, filter out spam, then deliver them to the exchange.

My question is this... when I look at the monitoring page my outgoing email numbers are WAY larger than they should be.

Also the internal users page my top 10 outgoing users aren't even internal users!

Am I doing something wrong or where should I even really start...

Thanks in advance!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tminchin_ironport Wed, 05/16/2007 - 12:13
User Badges:

That looks bad.

You could have:

1) lots of people forwarding emails from your Exchange system
2) turned either your Exchange or Ironport into an open relay
3) have trojaned systems on your network as spam relays

cshort_ironport Wed, 05/16/2007 - 13:38
User Badges:

I've done all the online tests I can think of for an open relay and they all said it wasn't open...

Any ideas where I can start trying to pin this stuff down?

chhaag Wed, 05/16/2007 - 16:29
User Badges:

To pin down what is happening, you'll likely need to trace one of these senders through your mail logs.

Log into the CLI (download putty from the web) and follow this article:
How can I determine the disposition of a message using the mail logs?
http://tinyurl.com/jb7z4

Search for the "From" address you see in the reports. You'll be able to determine exactly which host or hosts are injecting these outbound messages. If you get stuck, you may want to put a call into our support team, we can talk you through using the CLI "grep" command.

Chris

Actions

This Discussion