possible infected spam server? trying to track down what is sending out spam
Posted on 2011-03-10
I am running exchange 2003 sp2 and have barracuda spam filter filtering inbound and outbound.
rpc/http is enabled
i have a situation where spam is being sent by my servers. The ip in the headers are from a foregin country. They are somehow connecting to my email server and sending out spam.
could it be possible that one of my pop/imap users is infected with a virus and authenticating and then seding out spam?
how can i find the offending users.
I turned up loggin on pop3 and imap but do not see the offending ip anywhere.
need help in tracking down the offending user. or can it be my server has a security hole?
i am blocking the spam going outbound from the spam filter but need to get to the bottom
why its sending out.
Thanks in advance
Received: from User ([126.96.36.199]) by server1.com with Microsoft SMTPSVC(6.0.3790.3959);
Thu, 10 Mar 2011 07:41:33 -0500
From: Online TV Software<firstname.lastname@example.org>
Subject: Watch 9000 World Wide TV Channels on your Computer, TV or SmartPhone
Date: Thu, 10 Mar 2011 14:41:27 +0200
X-ASG-Orig-Subj: Watch 9000 World Wide TV Channels on your Computer, TV or SmartPhone