1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tale of the sent email

Discussion in 'Software' started by Boycie, Sep 22, 2010.

  1. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    I am about to investigate an email three people received whereby the sender claims not to have initiated it - second time around anyway!

    It's nothing naughty, or something he wishes he could retrieve, so there is no motive to say so in all fairness.

    It's a plain, single exchange 2003 environment with bes installed on another box. clients run a mixture of outook '03 and '07.

    an email the sender (or not in this case!) sent back last year was sent again yesterday (locally, within the exchange environment).

    i am waiting to speak/connect, but some things i do know so far are:

    the user did not resend this message of their own accord
    the message is not in the users sent items
    no one has access or send as permissions for the mailbox
    the user does not use a blackberry
    the message has been found within exchange tracker and does indead say it was submitted to the store
    the machine is fully patched and cleared when checking with ms malicious checker.
    no strange processes or ports open when checked with tcp view

    any idea's on this one?
     
    Last edited: Sep 22, 2010
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  2. UKDarkstar
    Honorary Member

    UKDarkstar Terabyte Poster

    3,477
    121
    184
    Dr Watson helping you out ? :p
     
    Certifications: BA (Hons), MBCS, CITP, MInstLM, ITIL v3 Fdn, PTLLS, CELTA
    WIP: CMALT (about to submit), DTLLS (on hold until 2012)
  3. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    Is Exchange 2003 fully patched?

    Also do the users reset their passwords on a regular basis?

    Edit: any PO3/IMAP users on Exchange?
     
    Last edited: Sep 22, 2010
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  4. dales

    dales Gigabyte Poster

    1,998
    46
    97
    Is there anyway to tell that if the email has ever been in the users sent items, they didn't delete it from sent in a panic did they.
     
    Certifications: vExpert 2014+2015+2016,VCP-DT,CCE-V, CCE-AD, CCP-AD, CCEE, CCAA XenApp, CCA Netscaler, XenApp 6.5, XenDesktop 5 & Xenserver 6,VCP3+5,VTSP,MCSA MCDST MCP A+ ITIL F
    WIP: Nothing
  5. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    You could maybe find what time the email was sent and cross check that with when he was logged on.

    Could he have left his pc unattended for a short time, time enough that someone else can sit down at it, copy paste the text into a new mail and then delete the sent mail?
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  6. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    thanks for the pointers with this chaps. after presenting them with the facts, heard no more!

    Can only assume it was sent :-)
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  7. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    User error.

    Close call :biggrin
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  8. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    Sorted! :alc
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT

Share This Page

Loading...