Solved

How can I tell what pc on my network is sending spam?

Posted on 2008-10-22
9
333 Views
Last Modified: 2012-05-05
I have an sbs 2003 server with about 50 users on it.  We have been blacklisted by spamhaus this week.  How can I tell what pc on my network is possibly compromised and spamming? Is there a utility that I can install to monitor email traffic? Can I do it in Exchange System Manager?  
0
Comment
Question by:degoodwin
9 Comments
 
LVL 13

Expert Comment

by:leegclystvale
ID: 22781061
You could change to SMTP connector so that the message will just queue and thewn go through the queue list? Bit crude though!
0
 
LVL 5

Expert Comment

by:lecaf
ID: 22781085
probably you have a router or a firewall

even cheap soho ones have some logging features...use them :)

m a  r  c

PS If it was coming through the exchange you would have run out of disk space by now....
0
 

Author Comment

by:degoodwin
ID: 22781371
I have a sonic wall tz190. I have created an access rule that deny's any lan to wan on port 25 except for my exchange server. Actually it is 2 rules (my server is at 10.0.0.51) one that block 1-50 and one that blocks 52-254.  This should do it right? There is a rule that allows any to any though.  And it is enabled.  Does this overwrite the deny or do deny rules take priority, like in Windows.
0
 
LVL 3

Accepted Solution

by:
BitBurner earned 500 total points
ID: 22781659
You could use a packet sniffer and watch the raw network traffic. You could set a filter for only traffic on port 25.

http://www.etherdetect.com/

0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 

Author Comment

by:degoodwin
ID: 22782100
I have installed it and I am scanning ports but it only seems to be scanning port 25 on my exchange server. Any idea how to set it to scan the entire network?
0
 
LVL 3

Expert Comment

by:BitBurner
ID: 22782134
if you are using a switch on the network then you will not get any traffic except what is going directly to that interface.
If you have a managed switch then you can set one port to not filter and use that port. Or if its a nice switch it might even have a "monitor" port that is already set to not filter.. The alternative is to get a cheap hub (not switch) and put it in between router and switch letting you catch all traffic.
0
 

Author Comment

by:degoodwin
ID: 22782371
I have a 3Com Switch that is not a managed switch.  So I guess that this will not work then.  I have 50 users and 2 switches in the serer room and other swithces in various locations. Anything else I might be able to use.
0
 
LVL 3

Expert Comment

by:BitBurner
ID: 22783091
You could try actually running it on the exchange server...now before you do that this needs to be a last resort...(the hub trick is best in this case) Because it will install a WinPCAP on the servers network interface. WinPCAP is basicly pass through driver that sits in front of your network interface. So a restart would be needed. Take that into consideration. But since your outbound mail has to come there first then you should see all the port 25 traffic on that interface.:)
0
 

Author Closing Comment

by:degoodwin
ID: 31508952
Looks like it cannot be done with my config. I changed my firewall to block access except from server and went pc by pc to clean them out. Old fashion sneaker net.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now