Exchange
--
Questions
--
Followers
Top Experts
Using wireshark to detect spam
Hello,
A client of mine keeps getting put on the spam blacklist. The exchange server is not set up for open relay so I suspect someone on the network is sending out the spam. I read on here to install wireshark. I installed this on exchange server but does anyone know a quick tutorial on how to detect this? I did see something smtp related coming from 216.35.161.28 which when I did a whois belongs to coolsavings. Does this mean they are connecting directly to my machine? Thanks
A client of mine keeps getting put on the spam blacklist. The exchange server is not set up for open relay so I suspect someone on the network is sending out the spam. I read on here to install wireshark. I installed this on exchange server but does anyone know a quick tutorial on how to detect this? I did see something smtp related coming from 216.35.161.28 which when I did a whois belongs to coolsavings. Does this mean they are connecting directly to my machine? Thanks
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
ASKER CERTIFIED SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
You should install Wireshark on the network's internet gateway (hopefully a Linux box) and then you should be able to see all traffic coming from or going to the internet... if you cannot install wireshark on the network's internet gateway (because it's a router or your client does not want you to install anything intç there, or any other reason) you could make a tap by connecting a small network hub (not a switch, unless it's capable of replicating all traffic on one port) between the gateway and the net, and then plugging a computer with wireshark in that hub
a "port 25" command in the capture filter will help you to not analyze all traffic but only smtp
legal outgoing smtp traffic should only originate from your exchange server, and not from any other machine in the net..
a "port 25" command in the capture filter will help you to not analyze all traffic but only smtp
legal outgoing smtp traffic should only originate from your exchange server, and not from any other machine in the net..
Thanks marce. Is there a way a newbie like me can figure out what I am looking for? How can I tell if a computer on network has a virus and is sending spam or if someone is connecting to my computer some how to send it? Or even if the server itself is sending spam? Thanks
SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Exchange
--
Questions
--
Followers
Top Experts
Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.