Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 216
  • Last Modified:

find workstations on network causing blacklist

hi,
I suspect i have a workstation on our network that is sending out spam, because we keep getting blacklisted.

I have verified our Server (running exchange 2003) is not causing the issue, so it must be a workstation.

Whats some good ways to determine which workstation is causing the problem?

I could install pcap on all workstations and use wireshark to check but installing pcap on 100 workstations seems like a bad idea.
0
Brad Nelson
Asked:
Brad Nelson
1 Solution
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Look there isnt a simply way to track a machine for being compromised its check with it though

You can use EXMON to try and check which machine\user is getting high CPU constantly and then check them.
You can also enable NCSA logging for Email-flow and then check it. You can also enable Jounaling for sometime (Only if Enterprise)

- Rancy
0
 
deroodeSystems AdministratorCommented:
Usually you should be able to get a report from the company blacklisting you about why you are blacklisted. If they don't provide that, it would be smarter to check the internet traffic at the point where it gets to the internet, e.g. place a hub (yes, they still exist) between your network switch and your internet router, hook up a workstation on that hub and install Wireshark. That way you can see all traffic between your workstations and the internet.

Furthermore, make sure your exchange server doesn't serve as an open relay. Even if it does not send loads of spam, being an open relay will get you blacklisted.

Try http://www.mailradar.com/openrelay/ to test your service.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now