The IP address of the company I work for has been added to a spam blacklist (bl.spamcop.net). I've determined that the cause is almost certainly one or more workstations somewhere in the company that are infected with a virus or trojan and sending out this spam. We've received bounced emails from other email servers informing us about the blacklist, which show the primary company IP as the one which is blacklisted.
A brief overview of how we are setup:
- Internet and email traffic for all of the company's offices are routed through a central server, and pass through a "Sonicwall Pro 2040 Enhanced" firewall.
- We have NOD32 anti-virus installed on all workstations, laptops, and servers.
- Email is not handled on-site. Our mail server is actually on an external dedicated server (which runs the company website), running Linux, cPanel, etc. The mail is a simple pop3/smtp setup (no Exchange server), using standard ports 25 and 110. Employees are setup with Outlook. The external mail server's IP is not blacklisted, only the company's outward facing IP.
What I'm seeking is advice on how to 1) Use the Sonicwall or another tool if needed to pin down the responsible workstations that are sending out the spam email so they can be cleaned, and 2) In a way that won't interrupt normal company email usage, block all email from being sent out through the network that does not go through our own mail server (which as mentioned, is on a server that is external to the company network). I've spent several hours carefully looking through all of the settings and options for the Sonicwall, and have not yet discovered how to proceed. I'd like to correctly address the source of the problem before requesting to be removed from the blacklist.
Thanks in advance for your assistance! :)