tmharris09
asked on
Email messages sent that look like spam
Checked message tracking and noticed emails with abnormal(spam type) subjects being sent from domain users accounts. Some messages went to external email address and some others the sender and the reciepent were the same domain user. I checked the users sent items from their outlook profiles and those sent items were not there. I ran CA antivirus complete scan, nothing found, same with Symantec AV and panda online. Also scanned desktops. Nothing found. These email have been sent at random times, from several different users mailboxes and with different subjects. Cant figure out where they are originating.
It's all are comes from outside, check IMF security zone and also check if your SMTP might have open relay.
ASKER
How can the messages be sent from the outside if when i view items being sent from that user the spams show up. Message tracking tool does not know the difference if its a spoofed address? Another thing I should note is that, this IP was blacklisted for spam. I do believe there is something on the inside but how do i find it. Server is not an open relay
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Blocked outbound port 25 on firewall except for server, checked logs, and found ip address of machine hitting port 25. CA av did not pick up but Symantec AV found it. Trojan.pandex was the culprit.
That is what spammers do.
These probably came from the outside , not the inside.
Else, you have some malware doing this on your LAN.
I hope this helps !