Identifying the source LAN IP address of the email on exchange server ?
- we have SBS 2003 server
- exchange 2003 mail server - Version: 6.5.7638.1
we have instances where our public gateway gets blacklisted on some spam databases over internet.
Then we try to patch all our 20 computers on the network with Microsoft security patches and run a full scan on the network to remove any viruses.
One thing we have noticed is today we had 3000 emails in our exchange system manger Queue. And when I looked at it - i realized it was all spam and junk emails going out.
We deleted all the emails in the Queue.
Questions:
========
1) Is there a way from SMTP logs or exchange log files we can look at to find the source internal Lan IP address or hostname of the PC in our network which is sending those emails out ?
2) We know for sure it might an infected PC - which might be sending spam emails out. But I wanted to know the source PC IP address/hostname which has been sending 3000 spam emails out through our exchange server. This will help me fix the infected PC directly rather than going through 20 computers all at a time.
3) Is there any tool which can alert us through email or give us a heads up saying - "HEY PC xyz is sending 1000 emails out " ?
- exchange 2003 mail server - Version: 6.5.7638.1
we have instances where our public gateway gets blacklisted on some spam databases over internet.
Then we try to patch all our 20 computers on the network with Microsoft security patches and run a full scan on the network to remove any viruses.
One thing we have noticed is today we had 3000 emails in our exchange system manger Queue. And when I looked at it - i realized it was all spam and junk emails going out.
We deleted all the emails in the Queue.
Questions:
========
1) Is there a way from SMTP logs or exchange log files we can look at to find the source internal Lan IP address or hostname of the PC in our network which is sending those emails out ?
2) We know for sure it might an infected PC - which might be sending spam emails out. But I wanted to know the source PC IP address/hostname which has been sending 3000 spam emails out through our exchange server. This will help me fix the infected PC directly rather than going through 20 computers all at a time.
3) Is there any tool which can alert us through email or give us a heads up saying - "HEY PC xyz is sending 1000 emails out " ?
ASKER
Yes they are same.
Symantec Mail Security for Microsoft Exchange 6
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok thanks for your advise
but for now is there a way to look at the smtp log and find te source LAN ip of emails going out ?
but for now is there a way to look at the smtp log and find te source LAN ip of emails going out ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Let's say if our firewall is setup for smtp 25 open only for exchange. So spam emails would be going out from exchange server only.
ASKER
Thanks
which anti spam security your are using for your exchange server ?