Client on LAN sending spam

I have a client on the network that is sending out spam and it has caused us to be blacklisted.  I need to find the computer that is doing it.  I am going to block port 25 on my sonicwall tomorrow at work to see if I can find it that way.  Was wondering if anyone had any other suggestions.

We are using outlook and we don't have an internal email server.
LVL 1
lrollinsIT ManagerAsked:
Who is Participating?
 
KorbusConnect With a Mentor Commented:
If you have one infected machine, you might have more.  I would suggest you run a full scan on all computers in your network.  
Even with AV software installed, they cannot respond to new threats instantly.  If you get infected during the interval when a virus/malware program is released, and when the AV software is updated to protect against it:  this malware will NOT be automatically detected, unless you run a full system scan.  The normal "on-access" scanners will be too late, the file has already been put on your machine.  For this reason I recommend you have all your workstations run full av scans after-hours(nightly/weekly).  This ought to find the infected machine too.
0
 
Dan CraciunIT ConsultantCommented:
If you have a managed switch, set a port as mirror/monitor and connect a laptop with Wireshark to it. Capture the traffic and see what IP is sending mail.

HTH,
Dan
0
 
Zephyr ICTCloud ArchitectCommented:
For more info, there was a thread about it recently: http://www.experts-exchange.com/Security/Misc/Q_28334188.html
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
lrollinsConnect With a Mentor IT ManagerAuthor Commented:
Thanks for all the comments.  I finally got it fixed.  I closed the port 25 and installed malware bytes on all the machines and ran full scans.  Did the trick....
0
 
Blue Street TechLast KnightCommented:
Please close this question by selecting your comment (http:#a39789210) as the answer. Thanks!
0
 
KorbusCommented:
Why would you suggest he select his own comment, diverseit?  
I suggest, Irollins, you select my comment, where I suggested full AV scans on all machines(at least part of your actual resolution), as the answer (or part of it).
0
 
Blue Street TechLast KnightCommented:
Sorry Korbus...but you are wrong!!! Just joking. :) In all seriousness I overlooked that...my mistake! Apologies.
0
 
KorbusCommented:
Thanks bud :)
0
 
lrollinsIT ManagerAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for lrollins's comment #a39789210

for the following reason:

Resolved problem on my own
0
 
KorbusCommented:
I suggested running scans on all machines.  This is part of the posted solution.  
The other part of the posted solution, closing port 25, was also posted in the askers original question.
0
 
lrollinsIT ManagerAuthor Commented:
NA
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.