Determine who is sending the most spam in exchange 2007

I have a client who has SBS 2008 server on-site running exchange server 2007

It came to my attention recently that all their external email was being blocked. The undeliverables show that their IP address was blacklisted. This client has recently been added to SPAMHAUS blacklist.

We had a situation where we were using an outside spam filtering server for inbound email filtering, but had to stop that service because one of their customers had an in-housel SMTP server onsite - that automates delivery of email that was not received by my client - that kept getting their email blocked. Therefore, the client was not receiving any email coming from one of your most important customers

So, in the interim, I am rerouting all the outbound email through another mail server until I get the client IP address off the blacklist

I need to determine what is the best way to find what email address is receiving and sending the Most spam. The plan is to delete email addresses and create new email addresses for those users

Also, what is the best process I need to take to get this particular clients IP address removed from the blacklist
Andreas GieryicComputer Networking, OwnerAsked:
Who is Participating?
MikeIT ManagerCommented:
Ran into this problem a few years ago when I worked for a small construction firm.  What I did was enabled logging in our router/firewall, and just watched for massive amounts of mail traffic and was able to narrow it down to a single PC which turned out to be so deeply infested with malware that I had to wipe it completely.  If you go to the SpamHaus website and type in the IP it will give you directions on how to remove it from the lists; but I'd track down the issue before removing them.
Andreas GieryicComputer Networking, OwnerAuthor Commented:
Was your situation involving an exchange server or pop email ? I know if its pop email it's easier to trace. Not sure how to determine if all email is going out thru an exchange server versus the workstation.
MikeIT ManagerCommented:
We ran Exchange 2010 SP1.
Andreas GieryicComputer Networking, OwnerAuthor Commented:
Sorry for the late response. We did track down the user's PC . However not from the router but at the spam server that we forwarded out bound email to.

Shadowless127, your suggestion was a good suggestion and I will keep this in mind in the future.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.