How to find out which server is sending spam?
in [Microsoft Exchange]
|
From: 2Sweet on 2 Mar 2010 22:28 I have some Windows 2003 servers that are using SMTP, port 25. I suspected one of the server is sending spam mails. How to find out which server is sending out high volume spam mails?
From: John Oliver, Jr. [MVP] on 2 Mar 2010 22:44 Well, your firewall may be able to tell you this information depending on what reporting features it has. You can also turn off SMTP on each server to see which one is causing the issue but a little more information on your setup would be helpful as this has nothing to do with Exchange Server, unless Exchange is installed on these Win 2003 Servers? -- John Oliver, Jr MCSE, MCT, CCNA Exchange MVP 2009 Microsoft Certified Partner "2Sweet" <chongcmw(a)hotmail.com> wrote in message news:uTKoaGouKHA.2436(a)TK2MSFTNGP04.phx.gbl... > I have some Windows 2003 servers that are using SMTP, port 25. I suspected > one of the server is sending spam mails. > > How to find out which server is sending out high volume spam mails?
From: 2Sweet on 3 Mar 2010 01:50 MS Exchange 2003 is running on Windows 2003 Server Operating System. All emails route throught the MS Exchange Sever, SMTP Gateway. I was wondering whether can check from the MS Exchange Server? My network IP address was blocked by "xbl.spamhaus.org RBL database". I am trying to find out which machine send spam mails. "John Oliver, Jr. [MVP]" <jcoliverjr(a)hotmail.com> wrote in message news:OlMnpOouKHA.812(a)TK2MSFTNGP06.phx.gbl... > Well, your firewall may be able to tell you this information depending on > what reporting features it has. You can also turn off SMTP on each server > to see which one is causing the issue but a little more information on > your setup would be helpful as this has nothing to do with Exchange > Server, unless Exchange is installed on these Win 2003 Servers? > > -- > John Oliver, Jr > MCSE, MCT, CCNA > Exchange MVP 2009 > Microsoft Certified Partner > > > "2Sweet" <chongcmw(a)hotmail.com> wrote in message > news:uTKoaGouKHA.2436(a)TK2MSFTNGP04.phx.gbl... >> I have some Windows 2003 servers that are using SMTP, port 25. I >> suspected one of the server is sending spam mails. >> >> How to find out which server is sending out high volume spam mails? >
From: John Elliot on 3 Mar 2010 09:42 On 3/3/2010 1:50 AM, 2Sweet wrote: > MS Exchange 2003 is running on Windows 2003 Server Operating System. > All emails route throught the MS Exchange Sever, SMTP Gateway. I was > wondering whether can check from the MS Exchange Server? > > My network IP address was blocked by "xbl.spamhaus.org RBL database". I > am trying to find out which machine send spam mails. > I am making the following suggestions assuming your Exchange was used to send spam. * If you have a copy of at least one spam message you can check its header to get the IP address of the actual machine in your network. * If you don't a copy, check Exchanges Queue folder. It is possible some of the messages are still sitting in the queue. If you find one, check its header. It is very likely that the culprit machine never used your Exchange but was sending emails directly to the Internet. If that is the case, you will have a hard time finding out which machine did it. I recommend you block out-bound port 25 from every machine but your Exchange server. This way if an internal machine gets infected, it won't be able to send emails to the Internet. Regards, JE.
From: Jaime on 3 Mar 2010 09:44
It may not even be your mail server. Depending on your setup, it's possible that an infected client PC on your network is spamming. As a *very* basic method, you could download "TCP View" from MS, run that on the servers, and look for a lot of SMTP/Port 25 activity. Not terrible elegant, but it may lead you in the right direction. technet.microsoft.com/en-us/sysinternals/bb897437.aspx -- James Orlando (Goofy says "Hey"), Florida "2Sweet" <chongcmw(a)hotmail.com> wrote in message news:OOUHD3puKHA.4220(a)TK2MSFTNGP05.phx.gbl... > MS Exchange 2003 is running on Windows 2003 Server Operating System. > All emails route throught the MS Exchange Sever, SMTP Gateway. I was > wondering whether can check from the MS Exchange Server? > > My network IP address was blocked by "xbl.spamhaus.org RBL database". I am > trying to find out which machine send spam mails. > > > "John Oliver, Jr. [MVP]" <jcoliverjr(a)hotmail.com> wrote in message > news:OlMnpOouKHA.812(a)TK2MSFTNGP06.phx.gbl... >> Well, your firewall may be able to tell you this information depending >> on what reporting features it has. You can also turn off SMTP on each >> server to see which one is causing the issue but a little more >> information on your setup would be helpful as this has nothing to do with >> Exchange Server, unless Exchange is installed on these Win 2003 Servers? >> >> -- >> John Oliver, Jr >> MCSE, MCT, CCNA >> Exchange MVP 2009 >> Microsoft Certified Partner >> >> >> "2Sweet" <chongcmw(a)hotmail.com> wrote in message >> news:uTKoaGouKHA.2436(a)TK2MSFTNGP04.phx.gbl... >>> I have some Windows 2003 servers that are using SMTP, port 25. I >>> suspected one of the server is sending spam mails. >>> >>> How to find out which server is sending out high volume spam mails? >> > |