- we have SBS 2003 server
- exchange 2003 mail server - Version: 6.5.7638.1
we have instances where our public gateway gets blacklisted on some spam databases over internet.
Then we try to patch all our 20 computers on the network with Microsoft security patches and run a full scan on the network to remove any viruses.
One thing we have noticed is today we had 3000 emails in our exchange system manger Queue. And when I looked at it - i realized it was all spam and junk emails going out.
We deleted all the emails in the Queue.
1) Is there a way from SMTP logs or exchange log files we can look at to find the source internal Lan IP address or hostname of the PC in our network which is sending those emails out ?
2) We know for sure it might an infected PC - which might be sending spam emails out. But I wanted to know the source PC IP address/hostname which has been sending 3000 spam emails out through our exchange server. This will help me fix the infected PC directly rather than going through 20 computers all at a time.
3) Is there any tool which can alert us through email or give us a heads up saying - "HEY PC xyz is sending 1000 emails out " ?