Recently, we have been receiving some strange emails. I have our exchange
server set up to send out an email to a certain user when we receive an
email that couldn't be delivered, i.e. if the sender gets the domain right,
but botches the username. In the past few weeks we've been receiving lots
notices for failed deliveries to our domain. It looks like somebody trying
to guess usernames in our domain, but they're not having any success. I
thought that maybe someone was trying to spam us, but since they weren't
getting through, I thought no more of it. Then today, we got a returned
email notice informing us that delivery had failed to a long list of
addresses that were all in the same domain. That made me really suspicious.
I have been monitoring our antivirus software very carefully. It seems to
be regularly finding either viruses or trojans in the badmail directory, but
it isn't having any problem deleting them. I've also been watching the
reports of access to and from our firewall and I'm not seeing any suspicious
activity. Is there anything that I can monitor or look at in Exchange to
see if we're being either attacked or used to spam people?
Remember, the early bird gets the worm,
but the second mouse gets the cheese.