SPAM Emails from random Domain sent from our outbound IP

We are having an issue that we have been alerted to by our Spam filtering provider and are asking for help on how to stop it (except for blacklisting the sender as we have done now), how it happened  and if we can prevent it from happening again.

Over 12,000 messages have been sent as the attached screenshot shows from our outbound IP address to the recipients.

Any ideas on how this happens, how we could prevent this again or how we can sort it except for blacklisting the sending address from our IP?

Thanks.
Spam-Issue.JPG
LVL 3
jdthedjAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

amanytxCommented:
Which Firewall are you using? most newer firewalls for SMB allow the creation of access control lists.I would create one that prohibits all internal hosts except the exchange/email server to use port 25 outbound. This way if you have an infected machine (which looks like it ) with mall ware all outbound SPAM messages will die on firewall.

Also I would segregate the exchange server on its own NAT IP. Have 1 public IP doing all the natting for your network and servers and another public IP just to NAT exchange/email server. This way to the public your email servers shows as a different host.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
robocatCommented:
Blocking port 25 on your company firewalls for all PCs is a good first step.

But if this happened it means that some PC has been infected with malware and is now part of a Botnet. This pc should be sanitized by using anti-malware software.

To prevent this from happening again, you need to better manage your PCs with adequate anti-virus/malware, removing admin rights from the users, educating users not to open suspect e-mails or visit suspect websites, etc.
0
jdthedjAuthor Commented:
Thank you for your feedback.
We have found the machine that has been infected and we will look at introducing the suggestions to prevent any further issues that have been suggested above.
0
amanytxCommented:
you are very welcome. Thanks for the points
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.