Solved

How to find a Spam Generatir in my Network

Posted on 2011-03-13
8
386 Views
Last Modified: 2012-05-11
Dear Experts

i am running most of my clients on Windows XP with Syamantec Endpoint Virus Protection & having Exchange 2003 Enterprise Server, from last few days I have constatnly been black listed on various spam engines, shown at MXTOOLBOX, How can I check which of the computer is generating these thousands of spam messages.

I have run a relay check & found that relay is not allowed, I have also blocked the HTTP & HTTPS access to my mail server from outside.

Please Help.
0
Comment
Question by:inteq
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 11

Accepted Solution

by:
Pieter Jordaan earned 250 total points
ID: 35125946
Hi

I had a similar problem a while ago, and found a computer on my network that delivers email straight to the mail server port 25. It could manipulate the entire email, including from, to and attachments.

We had to configure exchange connectors for all the authorized mail hosts, and block everything else.

I found the computer by changing the mail server IP address, and then configuring a pfsense firewall to use the IP address so that I could filter through the connections, and forward packets to exchange.

There must be a simpler way to find the machine / machines that are delivering the emails.
I did not look at Windows tools to do that.

The simplest would be to change the exchange connector to only accept emails from specified IP addresses, or to block your LAN IP range on that port.

Depending on the size of your network, you could try a different Anti-Virus, like AVG - http://free.avg.com to try and find it. I haven't had good luck with viruses using Syamantec. I'm sure AVG will pick up virusses that Syamantec missed.

Good luck.
0
 
LVL 23

Assisted Solution

by:phototropic
phototropic earned 250 total points
ID: 35126016
0
 
LVL 11

Expert Comment

by:Pieter Jordaan
ID: 35126106
True.

I suppose the 30 day trial will also do the trick.
0
SuperAntiSpyware Licenses Discounted by 25% !

Exclusive offer to Experts Exchange Members!
Buy SuperAntiSpyware License(s) from us and save 25% on the regular purchase price.
- Includes Full SuperAntiSpyware Vendor Support Entitlements
- Your Subscription does not begin until you activate your license
- Buy for your friends

 
LVL 23

Expert Comment

by:phototropic
ID: 35423969
Please share points with BitFreeze.  His initial post is the meat and potatos of this answer.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35424169
Sorry - thought I selected the "Split" option.
I am going to "Object" to this, so a Moderator can make that happen.

Good call - thanks.
0
 

Expert Comment

by:ModernMatt
ID: 35455459
Starting the process to split the points.

Thanks, all!

ModernMatt
Experts Exchange Moderator
0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Symantec EndPoint Protection 15 74
How to check for a virus on a remote machine? 11 73
Virus that hides folders 6 62
WinZIp - quick question 8 41
So you got the Conficker. You could go to each machine and run the eye chart test (http://www.confickerworkinggroup.org/infection_test/cfeyechart.html), but in a bigger environment, or if you prefer to work smarter and not harder, you need some …
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question