none
Receive strange emails internally from some non valid user on Exchange

    Question

  • Dears,

    Some Of users in our Exchange are receiving email With Attachments From (scott163@domain.com) And (socorro33@domain.com ) where domain.com represents our SMTP address. We have Exchange 2013. When we Search For those 2 mailboxes we find that they do not exist In Our Exchange (we Think It's A Virus), how can we solve this issue?

    Wednesday, August 31, 2016 12:26 PM

Answers

  • It turned out that the license on the Iron Port is expired causing this spam email issues.
    • Marked as answer by AhmadJY Thursday, September 1, 2016 7:50 AM
    Thursday, September 1, 2016 7:50 AM

All replies

  • Dears,

    Some Of users in our Exchange are receiving email With Attachments From (scott163@domain.com) And (socorro33@domain.com ) where domain.com represents our SMTP address. We have Exchange 2013. When we Search For those 2 mailboxes we find that they do not exist In Our Exchange (we Think It's A Virus), how can we solve this issue?

    First I would take a look at the message headers and see if they are generated internally or not.  If yes, then I would check stuff like message tracking logs or protocol logging (if enabled, if not enable it).

    If it's external, do you have some sort of third party AV\Antispam product?


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread

    Wednesday, August 31, 2016 12:43 PM
  • Thanks for advise. I will check and revert back.

    Wednesday, August 31, 2016 1:01 PM
  • Please make sure your antivirus is updated and able to detect any threat.

    we had such issue when one of machine was infected.

    • Proposed as answer by Chetan.Cosmos Thursday, September 1, 2016 9:51 AM
    Wednesday, August 31, 2016 1:35 PM
  • It turned out that the license on the Iron Port is expired causing this spam email issues.
    • Marked as answer by AhmadJY Thursday, September 1, 2016 7:50 AM
    Thursday, September 1, 2016 7:50 AM
  • Hi,

    Once you confirm that it's internal email spoofing. You may consider to use SPF record to prevent it. Similar thread for reference

    https://social.technet.microsoft.com/Forums/office/en-US/769e4a0c-e5f6-4576-9a29-f4359f08539f/emails-spoofing?forum=exchangesvrclients

    If it's external email spoofing, make sure all receive connectors are not configured for Anonymous Relay. Check this with the command in the link above.

    And it's a good idea to enable antispam functionality on Mailbox servers to prevent spam.

    https://technet.microsoft.com/en-us/library/bb201691(v=exchg.150).aspx?f=255&MSPPError=-2147217396


    Best Regards,

    Lynn-Li
    TechNet Community Support


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, September 1, 2016 7:51 AM
    Moderator