?
Solved

spoofing rogue email server/client

Posted on 2010-11-16
3
Medium Priority
?
492 Views
Last Modified: 2012-05-10
Think a workstation on our network has a worm/trojan that has grabbed the address book and firing out rouge emails.

Multiple users have complained about receiving bogus emails.

Any good freeware or eval tool to throw on the network so I can see which workstaion is sending the rogue emails?
0
Comment
Question by:abpExpert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34147426
Please can you post an email header from one of the rogue emails.

Obscure any email addresses though.
0
 

Author Comment

by:abpExpert
ID: 34147948
The header just contains date and emai addresses from the address book of the infected user.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 1000 total points
ID: 34148009
No IP addresses?

If nothing useful, please download Wireshark and start sniffing your network for traffic.  It should be fairly easy to see the computer throwing out lots of traffic.

Make sure you also have your firewall blocked on TCP port 25 for all computers apart from your mail server, otherwise you may get blacklisted.

Do you have logging enabled on your router / firewall?  If not enabled, it would be good to turn it on and monitor traffic.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question