Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Tracking "Confidential Email" leaks ?? 1

Status
Not open for further replies.
pctekk

pctekk

MIS
Sep 28, 2002
345
US
Is there a simple way to track/monitor any/all email that is going to a specific email address ??

We suspect someone internally is emailing/leaking confidential info to someone on the outside world.

I do know the email address its going to, because several of our doc are being posted on there personal website also.

Thanks gang
 
Sort by date Sort by votes
Couple solutions, use Journaling feature in Exchange to have copies of all mail BCC to Admin Distro List. Or try spoofing the "To" address to some mailbox (or DL) on your server by adding it as a SMTP address. (I believe the second option will work, but I can't test it right now.)
 
Upvote 0 Downvote
can you explain more on the option 2 ??

how to setup/spoof the To address by adding it as an smtp ?

for example say its
bob@home.com

do you mean adding bob@home.com to say my email address mailbox in exchange as a second/third SMTP address and see if anything inside is emailed there, I will recieve it instead on the inside ???

thanks again
 
Upvote 0 Downvote
Yes, if you add bob@home.com to a mailbox (life for user Admin...admin@yourdomain.com, admin@mailserver.yourdomain.com, admin@anotherdomain.co.uk, etc.) This mailbox should recieve the bob@home.com because the internal addresses are checked before attempting to send mail externally. (M$ did this so internal users could send to each other using SMTP addresses without wasting bandwidth sending the mail to itself.)

My only concern is that your Exchange server is not listed as a host for "home.com", so the mail may still que outbound. You will have to test this.
 
Upvote 0 Downvote
what do you mean its not listed as a host for "home.com"
so it will "Que outbound" ??
still try to send to the external one that its going to ??

I really dont mind, as long as i can see if its going there first, then i can remove the smtp and allow it to go outbound, or will it sit indefinetly in the que
 
Upvote 0 Downvote
you could create a rule within their outlook to bcc you on all messages, as long as they are not savvy enough to go in and check the rules.
 
Upvote 0 Downvote
how would i create "remote rules" for thier inbox though ?
 
Upvote 0 Downvote
I don't how you could do it remotely, I have always done it locally.
 
Upvote 0 Downvote
What do you mean its not listed as a host for "home.com"
so it will "Que outbound" ?? "

Your Exchange server is set to be the mail host for your domains...you tell it that it will have all mail for yourdomain.com, yourseconddomain.com, and anotherdomain.co.uk. internally. By adding only the SMTP address bob@home.com to an account you are NOT setting the server to have all mail for the home.com domain...and you would not want to do this anyway.

I believe, but have not been able to test this, that since the Exchange server looks to the internal SMTP addresses first the mail "should" be delivered only to the internal mailbox where you added the bob@home.com. However, since Exchange knows it is NOT supposed to get mail for home.com internally, it may send this mail outbound also (or instead.) You would have to try it.

 
Upvote 0 Downvote
tested it as smtp onto my exch. mailbox, and it did YES come to me only, not go out to @home.com
so it did "spoof" it properly.
 
Upvote 0 Downvote
If your Exchange server has message tracking turned on then every piece of mail is logged as it makes a connection and is handed off to the destination email server. You can do a search using any of a number of parameters in this log. Sender,recipient,dates,server....
 
Upvote 0 Downvote
AlexIT,

Don't want to bother you on the details on spoofing. I tried it once and it did not work. Can you provide me a link where I can read further on this spoofing. This will definitely come in handy.

Thanks
 
Upvote 0 Downvote
does the message tracking, when turned on
really take up alot of space ??
 
Upvote 0 Downvote
I do not believe that spoofing is written anywhere in M$. This is something I determined from the following article:


You always knew its possible to add SMTP "alias" addresses (I've had to do this much for clients with difficult-to-spell names, a.janorwski@domain.com has a.janowski@domain.com as an "alias" because no one remembers to type the "r") but this states you can use addresses from non-authorative domains also (domains that you do not have assigned MX records...)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Brent Fletcher
  • Locked
  • Question
Exchange rule to remove "✉" icon when it appears in a subject title from a supplier
Replies
0
Views
1K
Brent Fletcher
Brent Fletcher
sreejay2211
  • Locked
  • Question
email issue
Replies
0
Views
1K
sreejay2211
sreejay2211
IcarusHallsorts
  • Locked
  • Question
VBA to create output file of headers of selected emails
Replies
0
Views
1K
IcarusHallsorts
IcarusHallsorts
Trevor Gryffyn
  • Locked
  • Question
Removed Accepted Domain, now can't email that (now external) domain
Replies
2
Views
163
AdrianGates
AdrianGates
m245
  • Locked
  • Question
Adding a disclaimer for all outgoing emails in Exchange 2013 Standard Edition
Replies
0
Views
1K
m245
m245

Part and Inventory Search

Sponsor

Back
Top