Link to home
Start Free TrialLog in
Avatar of E Fernandez
E Fernandez

asked on

workstation sending out spam

We seem to have a problem with one of our machines on the network it seems to be sending out spam. Is their a way to find out what machine this on from the exchange server. We have exchange server 2016,
Avatar of Saif Shaikh
Saif Shaikh
Flag of India image

enable the verbose login on the send connector on exchange 2016.

Check the logs: %ExchangeInstallPath%TransportRoles\Logs\Hub\ProtocolLog\SmtpSend

You will be able to see the IP address from where the mail was been started.

Also check the queue and see if you see an DSN messages with the specific user in question. The user will be in the FROM address.
Also reset the password for the affected user mailbox and keep a strong password.

Scan the PC with antivirus/malware and also check if the user PC public IP and exchange server public IP is blacklisted in mxtoolbox.com under blacklist tab.
ASKER CERTIFIED SOLUTION
Avatar of Martyn Spencer
Martyn Spencer
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I am going to add to my above comment that you should, ideally, be preventing any SMTP traffic from exiting your network unless it is from a known and authorised source. This way, you can minimise the effect of software that embeds its own SMTP server from sending spam emails.

Following masnrock's suggestions will also help.
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Split:
-- 'Martyn Spencer' (https:#a42684269)
-- 'masnrock' (https:#a42684447)


If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

seth2740
Experts-Exchange Cleanup Volunteer