Solved

Help we are sending spam from somewhere inside our domain!

Posted on 2006-10-26
14
174 Views
Last Modified: 2013-12-04
Hello Experts!
Earlier today, I found out we had been listed by SPAMCOP (http://spamcop.net/bl.shtml) as an originator of spam email, and also with PSBL (http://psbl.surriel.com). Can anyone please point me in the right direction as far as finding out a way to see if any of the PCs inside our domain are infected with some kind of spamware?

Thanks a lot!
0
Comment
Question by:RAMCIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 3
14 Comments
 
LVL 16

Accepted Solution

by:
AdamRobinson earned 500 total points
ID: 17812895
Assuming you are running in a 2000/2003 environment, see this link:

http://www.petri.co.il/preventing_exchange_2000_2003_from_relaying.htm

You can find many other solutions easily by Googling for how to close an Open Mail Relay in your Domain Operating System Environment

0
 

Author Comment

by:RAMCIT
ID: 17812920
Actually Im runing Exchange 5.5 on an NT enviromnent.
0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17812969
0
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

 

Author Comment

by:RAMCIT
ID: 17813886
ll, according to http://www.dnsreport.com/ we reject releys.
0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17813970
If you open the queues in your Exchange System Manager, do you see a lot of mails waiting to be sent?
0
 

Author Comment

by:RAMCIT
ID: 17814010
more than usual yes
0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17814027
Ok, I know DNS Report shows you reject relays, but try following the instructions in the link above and see if they go away. ;)
0
 

Author Comment

by:RAMCIT
ID: 17814048
Well I cannot seem to get into the server via telnet, says:

Server allows NTLM authentication only
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 17828211
OK....

What AV and AntiSpyware do you use ?

Also, if you are using cisco routers let me know as I've got some neat tricks for these.

Cheers
Si


0
 

Author Comment

by:RAMCIT
ID: 17834456
Well on this server we have Trend Micro Scanmail for the exchange
No active antispyware.
0
 

Author Comment

by:RAMCIT
ID: 17834460
oh and this T1 connection uses a Cisco 2600 router with a watchguard firebox firewall.
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 17836570
Does your Cisco router have Netflow enabled ?

Thanks
Si
0
 

Author Comment

by:RAMCIT
ID: 17836586
I have no idea
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 17837366
OK,

OK, from a quick google, the 2600 routers do have Netflow on them.

Try this

Go here ---> http://www.manageengine.co.uk/

Download NetFlow Analyzer and install it....configure the router as per the instructions in the documentation to enable netflow packets and then leave it to run for an hour.

Go back in to NetFlow Analyzer and you will see a list of traffic broken down by type and then you see which machines are sending large amounts of SMTP traffic.

Let me know if you get stuck

Thanks
Si
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question