AboutPricingCommunityTeamsStart Free TrialLog in
Avatar of E Fernandez
E Fernandez
 asked on

workstation sending out spam

We seem to have a problem with one of our machines on the network it seems to be sending out spam. Is their a way to find out what machine this on from the exchange server. We have exchange server 2016,
ExchangeNetworking
Avatar of undefined
Last Comment
Seth Simmons
8/22/2022 - Mon
Saif Shaikh
enable the verbose login on the send connector on exchange 2016.

Check the logs: %ExchangeInstallPath%TransportRoles\Logs\Hub\ProtocolLog\SmtpSend

You will be able to see the IP address from where the mail was been started.

Also check the queue and see if you see an DSN messages with the specific user in question. The user will be in the FROM address.
Saif Shaikh
Also reset the password for the affected user mailbox and keep a strong password.

Scan the PC with antivirus/malware and also check if the user PC public IP and exchange server public IP is blacklisted in mxtoolbox.com under blacklist tab.
ASKER CERTIFIED SOLUTION
Martyn Spencer
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
masnrock
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Martyn Spencer
I am going to add to my above comment that you should, ideally, be preventing any SMTP traffic from exiting your network unless it is from a known and authorised source. This way, you can minimise the effect of software that embeds its own SMTP server from sending spam emails.

Following masnrock's suggestions will also help.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Seth Simmons
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Split:
-- 'Martyn Spencer' (https:#a42684269)
-- 'masnrock' (https:#a42684447)


If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

seth2740
Experts-Exchange Cleanup Volunteer
Plans and Pricing
Resources
Product
Podcasts
Careers
Contact Us
Teams
Certified Expert Program
Credly Partnership
Udemy Partnership
Privacy Policy
Terms of Use

© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent