• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 495
  • Last Modified:

spoofing rogue email server/client

Think a workstation on our network has a worm/trojan that has grabbed the address book and firing out rouge emails.

Multiple users have complained about receiving bogus emails.

Any good freeware or eval tool to throw on the network so I can see which workstaion is sending the rogue emails?
  • 2
1 Solution
Alan HardistyCo-OwnerCommented:
Please can you post an email header from one of the rogue emails.

Obscure any email addresses though.
abpExpertAuthor Commented:
The header just contains date and emai addresses from the address book of the infected user.
Alan HardistyCo-OwnerCommented:
No IP addresses?

If nothing useful, please download Wireshark and start sniffing your network for traffic.  It should be fairly easy to see the computer throwing out lots of traffic.

Make sure you also have your firewall blocked on TCP port 25 for all computers apart from your mail server, otherwise you may get blacklisted.

Do you have logging enabled on your router / firewall?  If not enabled, it would be good to turn it on and monitor traffic.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now