Solved

find workstations on network causing blacklist

Posted on 2013-05-28
2
199 Views
Last Modified: 2014-01-17
hi,
I suspect i have a workstation on our network that is sending out spam, because we keep getting blacklisted.

I have verified our Server (running exchange 2003) is not causing the issue, so it must be a workstation.

Whats some good ways to determine which workstation is causing the problem?

I could install pcap on all workstations and use wireshark to check but installing pcap on 100 workstations seems like a bad idea.
0
Comment
Question by:GTechForce
2 Comments
 
LVL 52

Accepted Solution

by:
Manpreet SIngh Khatra earned 500 total points
ID: 39203405
Look there isnt a simply way to track a machine for being compromised its check with it though

You can use EXMON to try and check which machine\user is getting high CPU constantly and then check them.
You can also enable NCSA logging for Email-flow and then check it. You can also enable Jounaling for sometime (Only if Enterprise)

- Rancy
0
 
LVL 19

Expert Comment

by:deroode
ID: 39203796
Usually you should be able to get a report from the company blacklisting you about why you are blacklisted. If they don't provide that, it would be smarter to check the internet traffic at the point where it gets to the internet, e.g. place a hub (yes, they still exist) between your network switch and your internet router, hook up a workstation on that hub and install Wireshark. That way you can see all traffic between your workstations and the internet.

Furthermore, make sure your exchange server doesn't serve as an open relay. Even if it does not send loads of spam, being an open relay will get you blacklisted.

Try http://www.mailradar.com/openrelay/ to test your service.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question