[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Identifying Source of SPAM

Posted on 2011-03-11
4
Medium Priority
?
261 Views
Last Modified: 2012-08-13
I was having a problem with mail queues on my Exchange server filling up with unidentified mail.  By increasing the logging on my Exchange server, I was able to identify which host is sending the mail.  What would be the best way to go about identifying what on that host is sending the mail?
0
Comment
Question by:gtkdw
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 5

Expert Comment

by:sweeps
ID: 35112438
you can try http://www.mxtoolbox.com it is a blacklist site but give you alot of information.  that is a good place to start.  and this site will give you some information on the site.  http://www.networksolutions.com/whois/index.jsp
0
 

Author Comment

by:gtkdw
ID: 35112537
To clarify - the host that is pushing the mail to my Exchange server is on my network.  I am looking for the best way to identify what on that host is sending the mail.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35113458
You can download and install Wireshark and then run a network trace to see what is happening on your network and then filter port 25 traffic and see where the traffic is coming from.

http://www.wireshark.org/

Are you sure the host is internal and not an external host using your server as an authenticated relay?  That is the more usual source of spam and my article might help you with this:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2556-Why-are-my-outbound-queues-filling-up-with-mail-I-didn't-send.html

Alan
0
 
LVL 23

Accepted Solution

by:
Suliman Abu Kharroub earned 1000 total points
ID: 35113981
Check the machine for viruses.

also you can check for any process sending emails on port 25:
-Close outlook and any mail clients apps.
-run  " netstat -a -n -o"
-search for Foreign ports 25
-identify the process on the task manager..
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question