Solved

How to find a Spam Generatir in my Network

Posted on 2011-03-13
8
369 Views
Last Modified: 2012-05-11
Dear Experts

i am running most of my clients on Windows XP with Syamantec Endpoint Virus Protection & having Exchange 2003 Enterprise Server, from last few days I have constatnly been black listed on various spam engines, shown at MXTOOLBOX, How can I check which of the computer is generating these thousands of spam messages.

I have run a relay check & found that relay is not allowed, I have also blocked the HTTP & HTTPS access to my mail server from outside.

Please Help.
0
Comment
Question by:inteq
8 Comments
 
LVL 11

Accepted Solution

by:
Pieter Jordaan earned 250 total points
ID: 35125946
Hi

I had a similar problem a while ago, and found a computer on my network that delivers email straight to the mail server port 25. It could manipulate the entire email, including from, to and attachments.

We had to configure exchange connectors for all the authorized mail hosts, and block everything else.

I found the computer by changing the mail server IP address, and then configuring a pfsense firewall to use the IP address so that I could filter through the connections, and forward packets to exchange.

There must be a simpler way to find the machine / machines that are delivering the emails.
I did not look at Windows tools to do that.

The simplest would be to change the exchange connector to only accept emails from specified IP addresses, or to block your LAN IP range on that port.

Depending on the size of your network, you could try a different Anti-Virus, like AVG - http://free.avg.com to try and find it. I haven't had good luck with viruses using Syamantec. I'm sure AVG will pick up virusses that Syamantec missed.

Good luck.
0
 
LVL 23

Assisted Solution

by:phototropic
phototropic earned 250 total points
ID: 35126016
0
 
LVL 11

Expert Comment

by:Pieter Jordaan
ID: 35126106
True.

I suppose the 30 day trial will also do the trick.
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 23

Expert Comment

by:phototropic
ID: 35423969
Please share points with BitFreeze.  His initial post is the meat and potatos of this answer.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35424169
Sorry - thought I selected the "Split" option.
I am going to "Object" to this, so a Moderator can make that happen.

Good call - thanks.
0
 

Expert Comment

by:ModernMatt
ID: 35455459
Starting the process to split the points.

Thanks, all!

ModernMatt
Experts Exchange Moderator
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question