Solved

Identifying Source of SPAM

Posted on 2011-03-11
4
256 Views
Last Modified: 2012-08-13
I was having a problem with mail queues on my Exchange server filling up with unidentified mail.  By increasing the logging on my Exchange server, I was able to identify which host is sending the mail.  What would be the best way to go about identifying what on that host is sending the mail?
0
Comment
Question by:gtkdw
4 Comments
 
LVL 5

Expert Comment

by:sweeps
ID: 35112438
you can try http://www.mxtoolbox.com it is a blacklist site but give you alot of information.  that is a good place to start.  and this site will give you some information on the site.  http://www.networksolutions.com/whois/index.jsp
0
 

Author Comment

by:gtkdw
ID: 35112537
To clarify - the host that is pushing the mail to my Exchange server is on my network.  I am looking for the best way to identify what on that host is sending the mail.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35113458
You can download and install Wireshark and then run a network trace to see what is happening on your network and then filter port 25 traffic and see where the traffic is coming from.

http://www.wireshark.org/

Are you sure the host is internal and not an external host using your server as an authenticated relay?  That is the more usual source of spam and my article might help you with this:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2556-Why-are-my-outbound-queues-filling-up-with-mail-I-didn't-send.html

Alan
0
 
LVL 23

Accepted Solution

by:
Suliman Abu Kharroub earned 250 total points
ID: 35113981
Check the machine for viruses.

also you can check for any process sending emails on port 25:
-Close outlook and any mail clients apps.
-run  " netstat -a -n -o"
-search for Foreign ports 25
-identify the process on the task manager..
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question