Solved

spoofing rogue email server/client

Posted on 2010-11-16
3
488 Views
Last Modified: 2012-05-10
Think a workstation on our network has a worm/trojan that has grabbed the address book and firing out rouge emails.

Multiple users have complained about receiving bogus emails.

Any good freeware or eval tool to throw on the network so I can see which workstaion is sending the rogue emails?
0
Comment
Question by:abpExpert
  • 2
3 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34147426
Please can you post an email header from one of the rogue emails.

Obscure any email addresses though.
0
 

Author Comment

by:abpExpert
ID: 34147948
The header just contains date and emai addresses from the address book of the infected user.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 250 total points
ID: 34148009
No IP addresses?

If nothing useful, please download Wireshark and start sniffing your network for traffic.  It should be fairly easy to see the computer throwing out lots of traffic.

Make sure you also have your firewall blocked on TCP port 25 for all computers apart from your mail server, otherwise you may get blacklisted.

Do you have logging enabled on your router / firewall?  If not enabled, it would be good to turn it on and monitor traffic.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Find out what you should include to make the best professional email signature for your organization.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
The Bounty Board allows you to request an article or video on any technical topic, or fulfill a bounty request to earn points. Watch this video to learn how to use the Bounty Board to get the content you want, earn points, and browse submitted bount…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question