how to id sender of email msg.   

Exchange 2003 is sending out spam.   Appears to be originating from a user 
pc (Outlook) and being send to Exchange2003.   I am trying to find the 
source pc or user account that is originating the messages.

How do I enable messaging tracking that will show either the sender user_id, 
internal ip adr, or machine name?
I have message tracking turned

Or is there a way to track an exchange message id to the internal user_id, 
ip adr, or machine name?

Exchange Log file does not show user id.

date: Thu, 15 May 2008 17:41:43 -0500   author:   Bob

Re: how to id sender of email msg.   

Bob  wrote:
> Exchange 2003 is sending out spam.

How do you know?

> Appears to be originating from a
> user pc (Outlook) and being send to Exchange2003.

What is the exact evidence for the workstation sending out spam?

> I am trying to
> find the source pc or user account that is originating the messages.
>
> How do I enable messaging tracking that will show either the sender
> user_id, internal ip adr, or machine name?
> I have message tracking turned
>
> Or is there a way to track an exchange message id to the internal
> user_id, ip adr, or machine name?
>
> Exchange Log file does not show user id.

Do you have good / centrally managed antivirus software on your network, for 
your workstations, servers, and Exchange?

General advice: I'd disable all unneeded relay (authenticated & local 
subnet) that you've got on the virtual SMTP server, and in your firewall, 
also block all your workstations from connecting outside your network on 
anything besides ports 80 and 443.

date: Mon, 19 May 2008 13:21:49 -0400   author:   Lanwench [MVP - Exchange]