Software

General discussion

Locked

Microsoft Exchange Message Tracking

By lordseck ·
I just turned on MS Exchange 2000 message tracking. We keep having our IP banned from AOL.com and Roadrunner, and I suspect there is some sort of malicious spamming software that got into the building somehow and I'm trying to track it down. Is there any way besides MS Exchange message tracking to track outgoing mail - something that might have been on by default or some log somewhere that I might have overlooked. I wanna track this down ASAP and a log that I started 15 minutes ago isn't all that helpful. Any thoughts/suggestions?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by BFilmFan In reply to Microsoft Exchange Messag ...

If you have a SMTP gateway device for anti-spam or anti-virus, it might have a log.

Generally message tracking isn't turned on by default because of the size of the logs generated.

And I am shocked that RoadRunner blackholed you as their accounts are some of the worst about being spam zombies.

Collapse -

by lordseck In reply to

Poster rated this answer.

Collapse -

by TBBrick In reply to Microsoft Exchange Messag ...

What kind of firewall are you using on the X2K server? The good ones monitor outgoing as well as incoming traffic. You should be able to watch in real time and log which programs are sending outgoing traffic at any given time. If you have a program sending out boocoo traffic at low-traffic times, like oh-dark-thirty, that's the one I'd check out. ;-)

BTW, do you run your firewall just on the server(s) or the user PCs as well? Also, which antivirus and anti-spyware programs are you using and are they on all the above as well?

Collapse -

by lordseck In reply to

Poster rated this answer.

Collapse -

by lordseck In reply to Microsoft Exchange Messag ...

We use a Cisco PIX, as well as a Barracuda Spam firewall that is brand spankin new (which seems to only monitor inbound mail - I think i'd have to buy another Barracuda to have an outbound one) and Symantec Mail Security for MS Exchange, which scans inbound and outbound mail for Virus' (i just turned off the inbound spam features on the Symantex cause whitelisting domains in two places was driving me nuts). I'll check the PIX logs for such a program, but I'm not the cisco guy I'm the Telecomm/General Communications guy, and I'm new here :-p

Some of our PC's are running the Windows Firewall, some aren't - which isn't the best policy but we're working on tightening up a lot of things around the office right now. They all run Norton Antivirus.

Collapse -

by TBBrick In reply to Microsoft Exchange Messag ...

Just for 'its and giggles, download Zone Alarm from
http://www.download.com/3000-2092-10039884.html

It's not the greatest firewall in the world, it'll work fine as a temp tool to look at which programs are transmitting outbound from your X2K server.

Set it to auto ask you before it allows any outbound traffic so you can see what's attempting to access the internet. Also ensure it's logging all outbound traffic. If there is something nefarious on your X2K, you don't have to watch it 24/7 to catch it in action.

Collapse -

by TBBrick In reply to

Also thot of Spybot Search & Destroy.
http://www.spybot.info/en/index.html

Best to run it in safe mode with no extras (i.e. the network) to ensure that if anything untoward is found, it's not likely be fired up when the computer booted.

Collapse -

by lordseck In reply to

Poster rated this answer.

Collapse -

by lordseck In reply to Microsoft Exchange Messag ...

This question was closed by the author

Related Discussions

Related Forums