IP Blacklisted, a computer on network is infected and emitting email spam.

Hi , our public UP is being blacklisted by CBL.

Reason given: This IP is infected (or NATting for a computer that is infected) with an botnet that is emitting email spam. The infection is probably sendsafe.

I'm assuming that one o the 25 or so computers in my network is infected.

Question: Is there a way usnijg the Sonicwall to determine in a machine is acting as an SMTP server and sending out spam email?

My SonicWall is a new model NSA 2600 with updated SonicOC
Steve HoodIT ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David FavorLinux/LXD/WordPress/Hosting SavantCommented:
First thing to do is block all outgoing SMTP (port 25) traffic, otherwise your ISP may shutdown all IPs associated with your machine.

Also there are other actions you should block too, like port 433 UDP traffic, as this is another attack emitted by hacked machines.

Once you have all outgoing traffic blocked, then you can clean your machine without concern of your ISP bringing down your machine.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dr. KlahnPrincipal Software EngineerCommented:
I'm sure the Sonicwall can do it, but while you're waiting for that procedure ...

If you don't mind pushing some useful software out to each machine, then install Microsoft TCP View on each system.  Run it on each system and see which one has numerous outgoing connections to remote port 25.  That'll be the guilty party.

https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
AntiSpam

From novice to tech pro — start learning today.