Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

find workstations on network causing blacklist

Posted on 2013-05-28
2
Medium Priority
?
205 Views
Last Modified: 2014-01-17
hi,
I suspect i have a workstation on our network that is sending out spam, because we keep getting blacklisted.

I have verified our Server (running exchange 2003) is not causing the issue, so it must be a workstation.

Whats some good ways to determine which workstation is causing the problem?

I could install pcap on all workstations and use wireshark to check but installing pcap on 100 workstations seems like a bad idea.
0
Comment
Question by:Brad Nelson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 52

Accepted Solution

by:
Manpreet SIngh Khatra earned 2000 total points
ID: 39203405
Look there isnt a simply way to track a machine for being compromised its check with it though

You can use EXMON to try and check which machine\user is getting high CPU constantly and then check them.
You can also enable NCSA logging for Email-flow and then check it. You can also enable Jounaling for sometime (Only if Enterprise)

- Rancy
0
 
LVL 19

Expert Comment

by:deroode
ID: 39203796
Usually you should be able to get a report from the company blacklisting you about why you are blacklisted. If they don't provide that, it would be smarter to check the internet traffic at the point where it gets to the internet, e.g. place a hub (yes, they still exist) between your network switch and your internet router, hook up a workstation on that hub and install Wireshark. That way you can see all traffic between your workstations and the internet.

Furthermore, make sure your exchange server doesn't serve as an open relay. Even if it does not send loads of spam, being an open relay will get you blacklisted.

Try http://www.mailradar.com/openrelay/ to test your service.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question