I recently received a message from my domain's postmaster (message and header info below) regarding a message I never sent. I am confident my workstation does not have malware installed and I have a properly written SPF record. I have no idea who this person is and I am the only account in my Exchange environment.
I am attempt to find more information on how to trace this issue down. I analyzed the header in Microsoft's message analyzer and it appears to have actually come from Office 365 and yet my mail trace in hosted Exchange shows no mail sent to this address.
Specifically, i would like to trace down what account was thought to have sent the original message that the postmaster blocked. I am the only account here I and I know I didn't send anything:
This message was created automatically by mail delivery software. Your email message was not delivered to the intended recipients because malware was detected.
--- Additional Information ---
Subject: Re: unpaid windstream.net invoice
Sender: [Removed by moderator]
Time received: 10/8/2015 5:55:52 PM
Message ID: <*** Email address is removed for privacy ***> Detections found:
invoice_cam.doc W32/Upatre.BL.gen!Eldorado
HEADER:
Received: from BY2PR06MB1878.namprd06.prod.outlook.com (10.163.33.156) by
SN1PR06MB1886.namprd06.prod.outlook.com (10.162.133.30) with Microsoft SMTP
Server (TLS) id 15.1.293.16 via Mailbox Transport; Thu, 8 Oct 2015 17:55:53
+0000
Received: from SmtpServer.Submit by BY2PR06MB1878 with Microsoft SMTP Server
id 15.1.286.20; Thu, 8 Oct 2015 17:55:53 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
From: Postmaster <*** Email address is removed for privacy ***>
To: <[Removed by moderator]>
Subject: Undeliverable message
Content-Transfer-Encoding: quoted-printable
Message-ID: <*** Email address is removed for privacy ***>
Return-Path: *** Email address is removed for privacy ***
Date: Thu, 8 Oct 2015 17:55:53 +0000
X-MS-Exchange-Organization-Network-Message-Id: 026a5e0b-41a1-4f4c-3242-08d2d009b578
X-MS-Exchange-Organization-AuthSource: BY2PR06MB1878.namprd06.prod.outlook.com
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 05
X-MS-Exchange-Parent-Message-Id: <*** Email address is removed for privacy ***>
Auto-Submitted: auto-generated
X-MS-Exchange-Generated-Message-Source: Malware Agent
X-MS-Exchange-Organization-AVStamp-Service: 1.0
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(601004)(2401047)(520078)(8121501046)(3002001);SRVR:BY2PR06MB1878;BCL:0;PCL:0;RULEID:;SRVR:BY2PR06MB1878;
X-Forefront-Antispam-Report: SFV:SKI;SFS:;DIR:INB;SFP:;SCL:-1;SRVR:BY2PR06MB1878;H:;FPR:;SPF:None;LANG:en;
X-MS-Exchange-Organization-SCL: -1
SpamDiagnosticOutput: 1:0
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Oct 2015 17:55:53.0497 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR06MB1878
X-MS-Exchange-Organization-MessageDirectionality: Originating
X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.8361431
X-Microsoft-Exchange-Diagnostics:
1;BY2PR06MB1878;25:j2Ax76On8eewuYotw4OoEN675bmm6+VkTA/S2Udnec/f5SW+EgfRZNeD0zeHGNj6AJ3uT3yJSEJ21qJJMMv4SaHhrxLSGhZiaM6R+1SbxoiP7dYzGJOFQRrBOpVw7nk73RoddeuffiajZWNF6fWQ0QfV5Hi5JLL/RBzekhL0roNT+oerJ77rLdPcE9oybarPXx4ybSFbb9QLz21KC5TW79JcNkv72zNKRkl51irqFyl+PeTvoDzp97QKoaAJN/u7Puptfz7y/SBpXlkrjL5nEQ==;4:puDa+k/1IBDm1Ervm9F63wtJSsJLSkSelkGB2HByIifK8nyNWPeQhMKqmZpNZsRXmA6At1fr1Zg8OyDVmivgPFvcg00qhhpJ1RQhCnj0ceuXlQ9Pys7j60/M6PmszS5W1TeWNjm5i/4g5/8wFWlVYazUgNvqd6wxc+9vTk8Fzr0qAEmU6BoRr3qqsl8XqKykSOQ38sR/umwzYl5iLSnRR5i3LlJ71GMr5xtazBis6NfCJSkD13gwbaW6z/oQJxH8zVd90Bjo4efJT7kL0rMJ1coPxFKjhwEpc7omLjV/zRF8+fF4cDZAudXeJYESl7HXpSL2w/tZnWR8MDrXv8x3Sg==;23:EA14nq6BoqgzGLMbnqbUmcNVj6L9xdoJ3ViSUn7+69ZdN3llDUW+nKF4CrCLIond2vW4B+4E30PWqpJt7pwNsYZcR0NpB1GdWWV3ryTE9SPhwKWhIz2uaJTthZ8LWXkYN5m55bTKrP5tIkncPpdxYZ5gi8UIC42IrHpHl2VlPDPojZ1PcLLodr8LxrTcaDUB
X-Microsoft-Exchange-Diagnostics:
1;BY2PR06MB1878;5:os8Mb6pn9W0loGmTzH6zLtfbYGUG9UjaLZow2jTqwwSN4JSfIZ+4EPtowWdiN7ccszCluj0OOiecZwqoQeZ/JO1hEljuznUeb+Jsy+eowhjtBQmXmAt0Iej63NFqAfNECIUkKTv9zu3T5PBBokyGlQ==;24:9BrUx6Pk3v+jkhFlhi0ntNvlfQJ/BS9AVZoeXpHNpxnPIgeQGLiVePxCbXVWO7Gql55d/aTvHpg/8RJqVujISrc45WyabX1C4FNEgqiYCiU=;20:ZEVhfvGDzZWFZUZpSPMhzRed+j6rH9Lz3wVtUs2wLTvkFFs4Y3gLvVmEJyGijELYS7KpgQ9MeHqewF7AazHFlg==
X-Microsoft-Exchange-Diagnostics:
1;SN1PR06MB1886;9:CDkPhDZ9R8BRKDl3O9YQu7uiFJezrjy/9N5k1EnLXN0CIexT+9LoWI6gJ5SO0ryCSHZgNS6WdLOnLrFzmxsZtn3t6r8KrH8XSI/E+rT8UTUB0Y/TRjpXq+np/c6QRD1s