Solved

How to find a Spam Generatir in my Network

Posted on 2011-03-13
8
348 Views
Last Modified: 2012-05-11
Dear Experts

i am running most of my clients on Windows XP with Syamantec Endpoint Virus Protection & having Exchange 2003 Enterprise Server, from last few days I have constatnly been black listed on various spam engines, shown at MXTOOLBOX, How can I check which of the computer is generating these thousands of spam messages.

I have run a relay check & found that relay is not allowed, I have also blocked the HTTP & HTTPS access to my mail server from outside.

Please Help.
0
Comment
Question by:inteq
8 Comments
 
LVL 11

Accepted Solution

by:
Pieter Jordaan earned 250 total points
ID: 35125946
Hi

I had a similar problem a while ago, and found a computer on my network that delivers email straight to the mail server port 25. It could manipulate the entire email, including from, to and attachments.

We had to configure exchange connectors for all the authorized mail hosts, and block everything else.

I found the computer by changing the mail server IP address, and then configuring a pfsense firewall to use the IP address so that I could filter through the connections, and forward packets to exchange.

There must be a simpler way to find the machine / machines that are delivering the emails.
I did not look at Windows tools to do that.

The simplest would be to change the exchange connector to only accept emails from specified IP addresses, or to block your LAN IP range on that port.

Depending on the size of your network, you could try a different Anti-Virus, like AVG - http://free.avg.com to try and find it. I haven't had good luck with viruses using Syamantec. I'm sure AVG will pick up virusses that Syamantec missed.

Good luck.
0
 
LVL 23

Assisted Solution

by:phototropic
phototropic earned 250 total points
ID: 35126016
0
 
LVL 11

Expert Comment

by:Pieter Jordaan
ID: 35126106
True.

I suppose the 30 day trial will also do the trick.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 23

Expert Comment

by:phototropic
ID: 35423969
Please share points with BitFreeze.  His initial post is the meat and potatos of this answer.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35424169
Sorry - thought I selected the "Split" option.
I am going to "Object" to this, so a Moderator can make that happen.

Good call - thanks.
0
 

Expert Comment

by:ModernMatt
ID: 35455459
Starting the process to split the points.

Thanks, all!

ModernMatt
Experts Exchange Moderator
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many HijackThis tutorials on the web already, so this article is about tips that help utilize HijackThis' full potential as a diagnostic tool. Download HijackThis from a TrendMicro link or from known reliable sources only. http://free.…
For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now