Solved

spoofing rogue email server/client

Posted on 2010-11-16
3
485 Views
Last Modified: 2012-05-10
Think a workstation on our network has a worm/trojan that has grabbed the address book and firing out rouge emails.

Multiple users have complained about receiving bogus emails.

Any good freeware or eval tool to throw on the network so I can see which workstaion is sending the rogue emails?
0
Comment
Question by:abpExpert
  • 2
3 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34147426
Please can you post an email header from one of the rogue emails.

Obscure any email addresses though.
0
 

Author Comment

by:abpExpert
ID: 34147948
The header just contains date and emai addresses from the address book of the infected user.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 250 total points
ID: 34148009
No IP addresses?

If nothing useful, please download Wireshark and start sniffing your network for traffic.  It should be fairly easy to see the computer throwing out lots of traffic.

Make sure you also have your firewall blocked on TCP port 25 for all computers apart from your mail server, otherwise you may get blacklisted.

Do you have logging enabled on your router / firewall?  If not enabled, it would be good to turn it on and monitor traffic.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now