Spam Botnet on my LAN - How can I use the Sonicwall to identify the culprit?
Posted on 2014-01-22
I have a Sonicwall TZ100 configured as a network edge device, and I was just blacklisted because my Firewall IP is shown sending SPAM messages. I have setup a rule blocking all SMTP out with the copiers and Servers as exceptions and we have not been re-listed.
The infection persists on the network, however, and I am unable to track down where it is coming from.
How can I use the Sonicwall to see which host(s) are sending email now that the rule is blocking? I cannot figure out how to see this with the log settings, it's pretty awful.