Home > IT Answers > Exchange > Exchange 2010
ravvyreddy
55 pts.
 Exchange 2010
Email account, Exchange, Security
How to identify compromised exchange email account?

Software/Hardware used:
Exchange 2010
ASKED: June 19, 2012  11:16 AM
UPDATED: June 26, 2012  6:06 AM
RELATED QUESTIONS
Answer Wiki:
To identify is simple, your password and the security questions will be changed and you no longer will further be able to use that particular account. Whats more imp is, how to recover that account back.
Last Wiki Answer Submitted:  June 19, 2012  1:48 pm  by  piyushagrawal   95 pts.
All Answer Wiki Contributors:  piyushagrawal   95 pts.
To see all answers submitted to the Answer Wiki: View Answer History.


RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

 

Please do answer that…

environment would be exchange 2010 and outlook 2007

ravvyreddy
 55 pts.
 

You can check the IIS logs for suspicious IP addresses accessing your CAS Server. C:inetpublogsLogFilesW3SVC1

If you think someone compromised an AD account, you have more to worry about then Exchange. Check the Domain Controller security logs for suspicious login failures.

mshen
 27,310 pts.
 

If you are using SMTP, check the logs. There might also be a problem form the client side (Outlook). Track the message addresses by using Message Tracking.
Make sure you change all the passwords and restart the service.

stephenlembert
 975 pts.