Solved

find workstations on network causing blacklist

Posted on 2013-05-28
2
198 Views
Last Modified: 2014-01-17
hi,
I suspect i have a workstation on our network that is sending out spam, because we keep getting blacklisted.

I have verified our Server (running exchange 2003) is not causing the issue, so it must be a workstation.

Whats some good ways to determine which workstation is causing the problem?

I could install pcap on all workstations and use wireshark to check but installing pcap on 100 workstations seems like a bad idea.
0
Comment
Question by:GTechForce
2 Comments
 
LVL 52

Accepted Solution

by:
Manpreet SIngh Khatra earned 500 total points
ID: 39203405
Look there isnt a simply way to track a machine for being compromised its check with it though

You can use EXMON to try and check which machine\user is getting high CPU constantly and then check them.
You can also enable NCSA logging for Email-flow and then check it. You can also enable Jounaling for sometime (Only if Enterprise)

- Rancy
0
 
LVL 19

Expert Comment

by:deroode
ID: 39203796
Usually you should be able to get a report from the company blacklisting you about why you are blacklisted. If they don't provide that, it would be smarter to check the internet traffic at the point where it gets to the internet, e.g. place a hub (yes, they still exist) between your network switch and your internet router, hook up a workstation on that hub and install Wireshark. That way you can see all traffic between your workstations and the internet.

Furthermore, make sure your exchange server doesn't serve as an open relay. Even if it does not send loads of spam, being an open relay will get you blacklisted.

Try http://www.mailradar.com/openrelay/ to test your service.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now