A user email account is sending out 14,000 messages since this morning.
I'm trying to find 100% which client machine has is infected. I already had user shutdown her workstation, IPhone and IPAD. I have also changed her password and stop prevented her from send email messages to internet.
I'm looking in Exchange 2010 message tracking, i know the CAS server that sent the message to my Ironport email gateway. I'm trying to find out which client/machine sent the message to my Client Access Server? I only see it say SMTP for "SOURCE" in message tracking, can I dig any deeper to get an IP address or hostname of the source?
thanks in advance.
