Announcement

Collapse
No announcement yet.

See who is sending mass emails?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • See who is sending mass emails?

    Morning guys,


    I have (some random pc) on (a huge network) that is sending toms of spam, and now we're blacklisted.

    ..whats the simpliest way to narrow down whos pc is infected?

    is there any way to see who has...

    the most exchange connections?
    most network traffic?
    sending the most email?

    Network is sbs 2008


    Thank you in advance!

  • #2
    Re: See who is sending mass emails?

    Start by locking down the Firewall to only allow external port 25 trafiic from your mail server. See if it then has some logs that show port 25 traffic.

    Comment


    • #3
      Re: See who is sending mass emails?

      If the Exchange server was being abused then it will show in the queues as spammers lists are not clean.
      Furthermore most bots will have their own SMTP engine. Therefore the firewall suggestion above is the most effective as a BOT will show very quickly.

      Simon.
      --
      Simon Butler
      Exchange MVP

      Blog: http://blog.sembee.co.uk/
      More Exchange Content: http://exchange.sembee.info/
      Exchange Resources List: http://exbpa.com/
      In the UK? Hire me: http://www.sembee.co.uk/

      Sembee is a registered trademark, used here with permission.

      Comment


      • #4
        Re: See who is sending mass emails?

        Originally posted by Virtual View Post
        Start by locking down the Firewall to only allow external port 25 trafiic from your mail server. See if it then has some logs that show port 25 traffic.
        this is the best, almost any firewall has logs or alerting ability to email/notify you when a certain blocked rule is triggered, that will get you the IP of the infected PC and you can go from there

        it's also a MUST HAVE rule for any business, only your mail servers should be able to send out on port 25, no one else.

        Comment

        Working...
        X