Solved

Identifying Source of SPAM

Posted on 2011-03-11
4
252 Views
Last Modified: 2012-08-13
I was having a problem with mail queues on my Exchange server filling up with unidentified mail.  By increasing the logging on my Exchange server, I was able to identify which host is sending the mail.  What would be the best way to go about identifying what on that host is sending the mail?
0
Comment
Question by:gtkdw
4 Comments
 
LVL 5

Expert Comment

by:sweeps
Comment Utility
you can try http://www.mxtoolbox.com it is a blacklist site but give you alot of information.  that is a good place to start.  and this site will give you some information on the site.  http://www.networksolutions.com/whois/index.jsp
0
 

Author Comment

by:gtkdw
Comment Utility
To clarify - the host that is pushing the mail to my Exchange server is on my network.  I am looking for the best way to identify what on that host is sending the mail.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
You can download and install Wireshark and then run a network trace to see what is happening on your network and then filter port 25 traffic and see where the traffic is coming from.

http://www.wireshark.org/

Are you sure the host is internal and not an external host using your server as an authenticated relay?  That is the more usual source of spam and my article might help you with this:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2556-Why-are-my-outbound-queues-filling-up-with-mail-I-didn't-send.html

Alan
0
 
LVL 23

Accepted Solution

by:
Suliman Abu Kharroub earned 250 total points
Comment Utility
Check the machine for viruses.

also you can check for any process sending emails on port 25:
-Close outlook and any mail clients apps.
-run  " netstat -a -n -o"
-search for Foreign ports 25
-identify the process on the task manager..
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
how to add IIS SMTP to handle application/Scanner relays into office 365.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now