Link to home
Create AccountLog in
Avatar of OCUBE
OCUBEFlag for United States of America

asked on

Identifying the source LAN IP address of the email on exchange server ?

- we have SBS 2003 server
- exchange 2003 mail server - Version: 6.5.7638.1

we have instances where our public gateway gets blacklisted on some spam databases over internet.

Then we try to patch all our 20 computers on the network with Microsoft security patches and run a full scan on the network to remove any viruses.

One thing we have noticed is today we had 3000 emails in our exchange system manger Queue. And when I looked at it - i realized it was all spam and junk emails going out.

We deleted all the emails in the Queue.

Questions:
========

1) Is there a way from  SMTP logs or exchange log files we can look at to find the source internal Lan IP address or hostname of the PC in our network which is sending those emails out ?


2) We know for sure it might an infected PC - which might be sending spam emails out.  But I wanted to know the source PC IP address/hostname which has been sending 3000 spam emails  out through our exchange server.  This will help me fix the infected PC directly rather than going through 20 computers all at a time.

3)  Is there any tool which can alert us through email or give us a heads up saying - "HEY PC xyz is sending 1000 emails out " ?

Avatar of Ajay Sharma
Ajay Sharma
Flag of India image

is your internet browsing ip and mail sending IP same ?
which anti spam security your are using for your exchange server ?
Avatar of OCUBE

ASKER



 Yes they are same.

 Symantec Mail Security for Microsoft Exchange 6
SOLUTION
Avatar of Ajay Sharma
Ajay Sharma
Flag of India image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of OCUBE

ASKER

Ok thanks for your advise

but for now is there a way to look at the smtp log and find te source LAN ip of emails going out ?
ASKER CERTIFIED SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of OCUBE

ASKER

Let's say if our firewall is setup for smtp 25 open only for exchange. So spam emails would be going out from exchange server only.
Avatar of OCUBE

ASKER

Thanks