John, Do you have a firewall in place that you can log all smtp traffic? There is a chance that the spam email *might* not be going through the exchange server.
Chris On Wed, Jun 16, 2010 at 7:44 AM, John Hornbuckle < [email protected]> wrote: > I’m ashamed to say that for the first time ever, spam has been generated > from my network. All of our outbound mail is routed through Google / > Postini, and they cut us off last night after detecting it. I’m mortified. > > > > What I’m needing help with is tracking down the source. I can see who the > message claims to be from, and Postini tech support thinks her account > really is the source (I assumed the “From:” address had been forged). But > even if her account really is the source, I need to know what machine > generated the traffic so that I can see what’s running on it. > > > > To be honest, I’m not sure how to do that. My weakness with Exchange is > showing. I thought maybe the message tracking tool, which I’ve used to find > some of the messages, but I can’t see the originating IP address in there. > Some of the entries say “2002:96b0:25ac::96b0:25ac” for the ClientIP. I > don’t know what that is. > > > > Any pointers? > > > > > > John Hornbuckle > > MIS Department > > Taylor County School District > > www.taylor.k12.fl.us > > > > > > NOTICE: Florida has a broad public records law. Most written communications > to or from this entity are public records that will be disclosed to the > public and the media upon request. E-mail communications may be subject to > public disclosure. > >
