Hello,
Recently I started using the following powershell command to delete unwanted emails from every member's mailbox belonging to a distribution group:
Get-DistributionGroupMember -Identity "GroupeOne" | Search-Mailbox -SearchQuery 'Subject:"Bad Email" AND (received:01/15/2015..01/15/2015)' -targetmailbox spamfilter@mydomain.com -targetfolder "DeletedSpam 2014-01-15" -loglevel full -deletecontent -Confirm:$false
This works extremely well and helps me analyze who sent, received and opened the message. In the case of a virus this is really helpful to know which computer I need to start the virus removal process on.
Anyways, my question is regarding an email address that appears in my log as having sent a message. This email address appears to be a UUID. The following is an example of what it looks like:
MicrosoftExchangesrmf46KxQ8fPv9n0g41CGg4Kyi4tDCCC@mydomain.com
I've searched using:
get-mailbox -identity MicrosoftExchangesrmf46KxQ8fPv9n0g41CGg4Kyi4tDCCC@mydomain.com
The return is false and no object could be found. I'm trying to figure out how an object that doesn't exist can send messages?
Any ideas?