Forum Discussion
Exchange Server was exploit and used to send spam email
over past two day we seen there are lots of outgoing email and none of them are from our environment, email address are faked and keep sending to external user. we would like to know how to prev...
Hey Don_Vlogeer ,
Do you actually see emails sitting in users' sent items or are able to see emails sent to external users using your exchange box using message trace? If you actually see emails leaving your exchange box then your environment has been compromised.
However, if you can't find emails that were sent out to an external user anywhere on your exchange server box, you will have to get the header of the email from an external user who actually received it. Upon examining the header you can check where the email actually originated from.
Most likely your domain is being spoofed and is being used to send out emails to external parties. That's how SMTP protocol was built and you can not stop spoofing. There are free tools available to send fake emails.
You can enable DKIM on your domain so that every email you do actually send out from your exchange server has a signature embedded, That being said it is still on the receiver to check for DKIM/Signature against the emails they receive to verify if it actually came from you guys.