IIS logs can help -----Original Message----- From: Sharp, Kevin [mailto:kevin.sh...@usask.ca] Sent: Wednesday, June 15, 2011 9:10 PM To: MS-Exchange Admin Issues Subject: tracking offending spam machines
Hi: If a machine gets infected and sends email as an authenticated exchange user, is there an easy way to identify where the offending machine is? Back in Exchange 2003 you could identify the Exchange version, client IP, etc. of connections but I've never found a way to do this with message tracking on exchange 2007 or 2010. Ideally if we know whose account has been compromised, is there a way to determine where the email was sent from if they are using an outlook client? Thanks Kevin --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist ________________________________ This e-mail may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist