Parse SMTP logs for SPAM sent

The email system we use for our non-corporate employees has been blacklisted by Fortiguard so some emails are not going through to DOMAIN.COM.  It states that we have been flagged as sending Spam in the last 30 days.  I have found a window of 5 days where we have gone from able to send mail to DOMAIN.COM to getting the blacklist error.  I need help with two things:

1.  What exactly to look for in the SMTP logs that would signal me that we have an infected PC sending SPAM out that server or something so I can try to find the source.  

2.  Any way to search the logs as they are around 100k lines each.  I really don't want to try and read through several 100k lines of plain text line-by-line.
LVL 10
qbakiesAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

shauncroucherCommented:
If it is an infected PC its very unlikely to be using your server to relay, it will just go out directly (incorporates its own SMTP engine). Make sure port 25 is blocked on all but the email server.

If the server is being abused, either it is an open relay (check using mxtoolbox.com diags) or someone is authenticating and sending mail through that way, you should check any logs you have for SMTP AUTH.

If you don't have POP/IMAP you can turn off authentication. If not, you should get all username passwords changed and make sure they are changed to something complex and changed regularly.

Shaun
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
qbakiesAuthor Commented:
Thank you for your help.
0
shauncroucherCommented:
Glad I could help

Shaun
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.