Solved

Is there any free software out there that could help me figure out which machine in my network is Spamming?

Posted on 2009-05-04
6
343 Views
Last Modified: 2013-11-22
Is there any free software out there that can help locate a Spammer within our network?  We know that they are not using our mail server.  We suspect it is someone with a virus on their machine however, our antivirus for whatever reason can not find them.  I beliveve the reason why our antivirus does not find them is because I think the culprit is in a seperate VLAN.  This only narrows it down to about 100 machines.  I wish to narrow it down further but economic times being what they are I was looking for a free software solution if possible.  We have already tried turning off port 25 but were unable to locate the spammer.  Please help.
0
Comment
Question by:Relinda
6 Comments
 
LVL 6

Accepted Solution

by:
jaydee-cdgp earned 500 total points
ID: 24301342
Ethereal or now called Wireshark can monitor traffic on your network may help.  Find out who's the top talker / or transmitting particular traffic?
0
 
LVL 4

Expert Comment

by:Interserv
ID: 24503499
http://www.axencesoftware.com/index.php?action=NTPro

this set of tools is really good and simple to use.  I'd scan hosts to see which ones are running smtp and see if one is running smtp that shouldn't.  If you have a firewall in place you might also want to block port 25 from outbound traffic for everything except your mailserver(s).  This is a friendly rule to have in place all of the time on your firewall.  You can also create an ACL on most routers if your firewall is not capable of blocking port 25.
0
 
LVL 8

Expert Comment

by:SeeMeShakinMyHead
ID: 25131244
Where did you turn port 25 off at?  If at the firewall, you should be able to look at the logs to determine the culprit.  If on the router, then I would create an ACL that allows TCP 25 and run debug ip packet detail command to see which PC is using port 25 the most (it may be the only one).  Please also describe why you think someone is blasting emails from your network.  Did you recently get on a blacklist?  Also, do you run your own mail server on your network?
0
 
LVL 9

Expert Comment

by:tsaico
ID: 25628968
Another Vote for the turning off open ports at the firewall.  It is really handy to then look at the IP with the most amount of traffic and then get the information from there.  If possible, you can also get a second IP for the email server and keep oit seperate from the NAT for surfing.  This way, if you get hit again, your email server's ip doesn't get blacklisted (unless your entire IP block does), but it is the best to stop it on outbound connections.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34671029
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Forget those services on TV trying to sell you software – that’s step one.  Almost all of the software you need should be available for free.  The tricky part is doing the work.  If you are not comfortable performing these steps yourself, contact a …
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question