Is there any free software out there that could help me figure out which machine in my network is Spamming?
Is there any free software out there that can help locate a Spammer within our network? We know that they are not using our mail server. We suspect it is someone with a virus on their machine however, our antivirus for whatever reason can not find them. I beliveve the reason why our antivirus does not find them is because I think the culprit is in a seperate VLAN. This only narrows it down to about 100 machines. I wish to narrow it down further but economic times being what they are I was looking for a free software solution if possible. We have already tried turning off port 25 but were unable to locate the spammer. Please help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Where did you turn port 25 off at? If at the firewall, you should be able to look at the logs to determine the culprit. If on the router, then I would create an ACL that allows TCP 25 and run debug ip packet detail command to see which PC is using port 25 the most (it may be the only one). Please also describe why you think someone is blasting emails from your network. Did you recently get on a blacklist? Also, do you run your own mail server on your network?
Another Vote for the turning off open ports at the firewall. It is really handy to then look at the IP with the most amount of traffic and then get the information from there. If possible, you can also get a second IP for the email server and keep oit seperate from the NAT for surfing. This way, if you get hit again, your email server's ip doesn't get blacklisted (unless your entire IP block does), but it is the best to stop it on outbound connections.
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
this set of tools is really good and simple to use. I'd scan hosts to see which ones are running smtp and see if one is running smtp that shouldn't. If you have a firewall in place you might also want to block port 25 from outbound traffic for everything except your mailserver(s). This is a friendly rule to have in place all of the time on your firewall. You can also create an ACL on most routers if your firewall is not capable of blocking port 25.