• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 429
  • Last Modified:

I appear to be a source of spam, any help?

I seem to be a source of spam, but cannot track it down.  I have an exchange 2007 server.  For the last couple of days, I have been getting a huge number of angry 'remove me' emails to one particular address in my organization, but they believe the emails are coming from nissan motors.  I have used mxtoolbox to confirm I am not an open relay and that I am not on any blocklists.  When I use Queue Viewer, I don't see anything unusual except that two of my real clients are blocking emails from my mx address due to 'intrusion prevention active' on their software.  I have run a complete AV scan of my entire network and nothing turned up.  I'm not sure I know how to definitely look to see if the emails are really originating from me, but the replies are definitely coming to me.  Any suggestions?
Moved from EE_Bugs, 250 points assigned by Netminder, 5 May 2011

Open in new window

3 Solutions
Try Malwarebytes on the machines that the e-mail is being sent from.

From what I have seen recently certain malware/viri grab a hold of someone's e-mail and they click on something stupid and boom, that PC gets infected and then steals the e-mail list from that PC and e-mails itself out using that persons contact list.

My first move here would be see who the offending sender is and scan that machine to death...:)

Sudeep SharmaTechnical DesignerCommented:
Look at the headers of the emails which you are receiving and try to find the source of the messages. It could be the sender who is infected (as suggested above by Tribus)

What makes you think you are the actual source of the spam?
Is it only the fact that one of your email addresses is the source address of the spam?
If that is the case it is probably just the case that someone is using your email address as the source for sending spam emails and they are being sent by completely different machines across the internet.
There is not much you can do to stop it but you could ensure you are making use of SPF and domainkeys. This will help spam filters identify the mails pretending to come from you as being spam and may also discourage spammers from using your domain as it will make their emails more likely to be blocked.
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

The first thing to do though in this case is to change the password of the offending account that is sending the spam.  Usually it's a key logger that got the users e-mail password.  Just by changing that password you can sometimes make it stop.

However the issue still remains of the key-logger.

Malwarebytes' should solve that for you on the users PC.
dongcamp100Author Commented:
Ultimately, I was not the source of the spam.  Thank you tribus, I had already used Malwarebytes, but it is a good suggestion.
dongcamp100Author Commented:
oops.  more...  thank you also Sudeep as that showed I was not the actual source and thank you grblades for the advice on steps to help prevent this in the future.

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now