RAMCIT
asked on
Help we are sending spam from somewhere inside our domain!
Hello Experts!
Earlier today, I found out we had been listed by SPAMCOP (http://spamcop.net/bl.shtml) as an originator of spam email, and also with PSBL (http://psbl.surriel.com). Can anyone please point me in the right direction as far as finding out a way to see if any of the PCs inside our domain are infected with some kind of spamware?
Thanks a lot!
Earlier today, I found out we had been listed by SPAMCOP (http://spamcop.net/bl.shtml) as an originator of spam email, and also with PSBL (http://psbl.surriel.com). Can anyone please point me in the right direction as far as finding out a way to see if any of the PCs inside our domain are infected with some kind of spamware?
Thanks a lot!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ll, according to http://www.dnsreport.com/ we reject releys.
If you open the queues in your Exchange System Manager, do you see a lot of mails waiting to be sent?
ASKER
more than usual yes
Ok, I know DNS Report shows you reject relays, but try following the instructions in the link above and see if they go away. ;)
ASKER
Well I cannot seem to get into the server via telnet, says:
Server allows NTLM authentication only
Server allows NTLM authentication only
OK....
What AV and AntiSpyware do you use ?
Also, if you are using cisco routers let me know as I've got some neat tricks for these.
Cheers
Si
What AV and AntiSpyware do you use ?
Also, if you are using cisco routers let me know as I've got some neat tricks for these.
Cheers
Si
ASKER
Well on this server we have Trend Micro Scanmail for the exchange
No active antispyware.
No active antispyware.
ASKER
oh and this T1 connection uses a Cisco 2600 router with a watchguard firebox firewall.
Does your Cisco router have Netflow enabled ?
Thanks
Si
Thanks
Si
ASKER
I have no idea
OK,
OK, from a quick google, the 2600 routers do have Netflow on them.
Try this
Go here ---> http://www.manageengine.co.uk/
Download NetFlow Analyzer and install it....configure the router as per the instructions in the documentation to enable netflow packets and then leave it to run for an hour.
Go back in to NetFlow Analyzer and you will see a list of traffic broken down by type and then you see which machines are sending large amounts of SMTP traffic.
Let me know if you get stuck
Thanks
Si
OK, from a quick google, the 2600 routers do have Netflow on them.
Try this
Go here ---> http://www.manageengine.co.uk/
Download NetFlow Analyzer and install it....configure the router as per the instructions in the documentation to enable netflow packets and then leave it to run for an hour.
Go back in to NetFlow Analyzer and you will see a list of traffic broken down by type and then you see which machines are sending large amounts of SMTP traffic.
Let me know if you get stuck
Thanks
Si
ASKER