We have just been/are being hammered by a series of worm/trojan produced emails that indicate they came from the "admin" address in our domain. The messages were delivered to our internal users. When I look up the messages in Exchange message tracking center, they only show our internal server as a source. In other words, it indicates they came from an internal source. I have the server configured to accept relaying from certain internal IP ranges, and I am thinking this is the source of the problem. (This is set that way because we have some systems/devices that need to be able to send email alerts, but cannot integrate with Exchange.) Is there any way to tell what IP address or computer name a specific message was sent from in this scenario?
Thanks for any help, Bill Mayo _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
