Solved

find workstations on network causing blacklist

Posted on 2013-05-28
2
202 Views
Last Modified: 2014-01-17
hi,
I suspect i have a workstation on our network that is sending out spam, because we keep getting blacklisted.

I have verified our Server (running exchange 2003) is not causing the issue, so it must be a workstation.

Whats some good ways to determine which workstation is causing the problem?

I could install pcap on all workstations and use wireshark to check but installing pcap on 100 workstations seems like a bad idea.
0
Comment
Question by:GTechForce
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 52

Accepted Solution

by:
Manpreet SIngh Khatra earned 500 total points
ID: 39203405
Look there isnt a simply way to track a machine for being compromised its check with it though

You can use EXMON to try and check which machine\user is getting high CPU constantly and then check them.
You can also enable NCSA logging for Email-flow and then check it. You can also enable Jounaling for sometime (Only if Enterprise)

- Rancy
0
 
LVL 19

Expert Comment

by:deroode
ID: 39203796
Usually you should be able to get a report from the company blacklisting you about why you are blacklisted. If they don't provide that, it would be smarter to check the internet traffic at the point where it gets to the internet, e.g. place a hub (yes, they still exist) between your network switch and your internet router, hook up a workstation on that hub and install Wireshark. That way you can see all traffic between your workstations and the internet.

Furthermore, make sure your exchange server doesn't serve as an open relay. Even if it does not send loads of spam, being an open relay will get you blacklisted.

Try http://www.mailradar.com/openrelay/ to test your service.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question