Exchange Server and Outlook

5 pts.
Tags:
Exchange security
Exchange Server performance
Exchange server software
Microsoft Exchange
Outlook
Say your exchange server is getting slow and event viewer shows many outgoing emails sent to email addresses which you normally haven't seen before. And the sender of the outgoing email is not from your company domain. What's is the step you follow to troubleshoot? Please describe.

Answer Wiki

Thanks. We'll let you know when a new response is added.

Start by running in a command prompt c:\> net stat

This should give you a list of connecting addresses.
You can parse these addresses using the ARIN database if they are external addresses to your network or look at your internal DNS to find out if they are coming from a possibly infected machine on your network.

Things to check for are; is your server an open relay?
If not, likely these emails are coming from the trusted side of your network from an infected machine.

If you have a small network, shut everyone down for 10 minutes and see if your queue still fills up. Likely it won’t and you’ll have a better idea of where the emails are coming from.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • MAA
    To test if your server is open relay, try Sending mail manually In this example, mail.example.com is the mail server you are checking and example.com is your domain name. The parts you type are show in bold text and replies from the server are shown in italics. Key parts are shown in colour. % telnet mail.example.com 25 Trying 192.0.2.3... Connected to mail.example.com. Escape character is '^]'. 220 mail.example.com ESMTP Postfix HELO host.example 250 mail.example.com MAIL FROM:<sender@example.com> 250 Ok RCPT TO:<rcpt@test.org.au> 554 <rcpt@test.org.au>: Recipient address rejected: Relay access denied QUIT 221 Bye Connection closed by foreign host. As you can see, this server is secure, because it rejected the email ("554 ... Relay access denied"), even though we pretended that the sender was from our own domain (example.com). Now let's look at an unsecured server: [first part omitted - same as above] MAIL FROM:<sender@example.com> 250 Ok RCPT TO:<rcpt@test.org.au> 250 Ok DATA 354 End data with <CR><LF>.<CR><LF> From: sender@example.com To: rcpt@test.org.au Subject: Relay test Test . 250 Ok: queued as 93C403566C QUIT 221 Bye Connection closed by foreign host. In this case, the mail server said "250 Ok" and allowed us to give it a message to deliver. That is, it is vulnerable to third party relay. Revert for any further information.
    60 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following