Client on LAN sending spam

I have a client on the network that is sending out spam and it has caused us to be blacklisted.  I need to find the computer that is doing it.  I am going to block port 25 on my sonicwall tomorrow at work to see if I can find it that way.  Was wondering if anyone had any other suggestions.

We are using outlook and we don't have an internal email server.
LVL 1
lrollinsIT ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan CraciunIT ConsultantCommented:
If you have a managed switch, set a port as mirror/monitor and connect a laptop with Wireshark to it. Capture the traffic and see what IP is sending mail.

HTH,
Dan
0
Zephyr ICTCloud ArchitectCommented:
For more info, there was a thread about it recently: http://www.experts-exchange.com/Security/Misc/Q_28334188.html
0
KorbusCommented:
If you have one infected machine, you might have more.  I would suggest you run a full scan on all computers in your network.  
Even with AV software installed, they cannot respond to new threats instantly.  If you get infected during the interval when a virus/malware program is released, and when the AV software is updated to protect against it:  this malware will NOT be automatically detected, unless you run a full system scan.  The normal "on-access" scanners will be too late, the file has already been put on your machine.  For this reason I recommend you have all your workstations run full av scans after-hours(nightly/weekly).  This ought to find the infected machine too.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

lrollinsIT ManagerAuthor Commented:
Thanks for all the comments.  I finally got it fixed.  I closed the port 25 and installed malware bytes on all the machines and ran full scans.  Did the trick....
0
Blue Street TechLast KnightCommented:
Please close this question by selecting your comment (http:#a39789210) as the answer. Thanks!
0
KorbusCommented:
Why would you suggest he select his own comment, diverseit?  
I suggest, Irollins, you select my comment, where I suggested full AV scans on all machines(at least part of your actual resolution), as the answer (or part of it).
0
Blue Street TechLast KnightCommented:
Sorry Korbus...but you are wrong!!! Just joking. :) In all seriousness I overlooked that...my mistake! Apologies.
0
KorbusCommented:
Thanks bud :)
0
lrollinsIT ManagerAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for lrollins's comment #a39789210

for the following reason:

Resolved problem on my own
0
KorbusCommented:
I suggested running scans on all machines.  This is part of the posted solution.  
The other part of the posted solution, closing port 25, was also posted in the askers original question.
0
lrollinsIT ManagerAuthor Commented:
NA
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
AntiSpam

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.