locked
Determining Email Source RRS feed

  • Question

  • I have an Exchange 2010 installation and I have a bit of a problem.  There is an email being sent from my Exchange box to a particular ip address very frequently.  I can see the connection on my firewall logs and it appears in WireShark on the Exchange box.  The problem is that I have no idea where it is originating from.  The WireShark capture shows only binary data so I have no idea what it is.  I am assuming it is a virus of some sort but I can find no viruses on my network.

    Is there any way of determining which app it is coming from?  Since it is going out on port 25, I am assuming that Exchange is the source but I really don't know.

    Thanks

    Friday, October 3, 2014 7:12 PM

Answers

All replies