Network Computer sending spam

I had an infected computer on a network I monitor that was sending spam.  I have cleaned the computer using a varity of tools but the spam is still being sent so I think I have another less obvoius infected computer.  I have run the d.exe from symantec on all the computer to look for the conflicker virus and they were all clean.  Does anyone know away to determin what computer is doing this?

Thanks

nancy
Nancy VillaDirector of ITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

imgirCommented:
On your firewall enable logging of Port 110 traffic Would probably be the fastest without needeing sniffers. It will also help you catch users running Outlook Express to check their personal accounts another source of virus access.

Happy hunting.
0
Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
Disable authenticated relay to stop this and enable logging to find the culprit PC.

Check http://www.amset.info/exchange/smtp-relaysecure.asp for steps (towards the end).

Rajith.
0
Nancy VillaDirector of ITAuthor Commented:
I have diabled authenticated relay and enabled the logging, what do I look for, the log file contains a bunch of external ip addresses.
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

MesthaCommented:
If you are seeing the messages on your Exchange server then I can pretty much guarantee the problem is not inside your network. The Exchange server is being abused directly.
It isn't clear where you are seeing the spam messages.

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Nancy VillaDirector of ITAuthor Commented:
I am seeing it on my exchange server but my relays are all turned off, unless there is another way for them to do it?
0
MesthaCommented:
If you are seeing the messages in the queues then it is almost certainly NOT a compromised machine on your network.
After changing your settings did you restart the SMTP server service?
Have you cleaned up the queues at all? ESM is notorious for not showing the true extent of the message queues when the machine has been abused.

http://www.amset.info/exchange/spam-cleanup.asp

Simon.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.