Anyone know a way to figure out who sent a particular email message from my network to the Internet? We don't use any kind of message tracking, so all I'm working with are my logs. I have the message ID, date, time and recipient's email - now I want to figure out which of my users sent it.
Just before last weekend, because of a rash of spam sent to non-existent users from a specific domain, I blocked that domain from sending us mail. I was concerned that the failed messages would pile up in the mailbox and cause trouble.
Anyway, checking my logs for evidence that my spammer had decided to continue trying despite being blocked, I found that a message from someone on my network was sent to the blocked domain. I don't think someone inside is participating in spamming, and I am concerned I am preventing legitimate mail from getting through. How do I figure out who sent the message so that I can ask them about it?
Just before last weekend, because of a rash of spam sent to non-existent users from a specific domain, I blocked that domain from sending us mail. I was concerned that the failed messages would pile up in the mailbox and cause trouble.
Anyway, checking my logs for evidence that my spammer had decided to continue trying despite being blocked, I found that a message from someone on my network was sent to the blocked domain. I don't think someone inside is participating in spamming, and I am concerned I am preventing legitimate mail from getting through. How do I figure out who sent the message so that I can ask them about it?