I have a user that has left the company, but due to an employee contract he has e-mail access until the end of the year. The problem is that whatever computer he is using is probably infected with some kind of botnet.
Every night his e-mail sends out about 30 e-mails in German with trojan attachments. GFI has blocked all of these e-mails, but since I have no access to the computer he may be using at his new job, I cannot ensure those computers are clean. I need to find out what IP this is coming from. Is there a way to do this? If I find out it is the IP of his new company, I can shut down access until that computer has been cleaned.