How do I find the sender?
Apparently we have a machine on our network who is sending spam. I have SMTP loggin enabled and it is showing a massive amount of outgoing email being sent, but I can't tell from those logs what machine is sending the email. I am guessing that we have an infected machine. How can I tell what machine on my network is spamming? It is Exchange 2003 server and it is NOT setup as an external relay, but of course it does "allow all computers which successfully authenticate to relay". Message tracking is turned on, but I don't see how to use THOSE logs to find the offending machine (unless I am missing something...please tell me I am missing something). Is there some setting I can set on the Exchange server to find the offending machine (the machine that is sending out thousands of spam emails)?
December 7th, 2009 6:29am

Hi,I recommend you to use capture netmon and create filters to find the IP address.Netmon exampleshttp://blogs.technet.com/netmon/archive/2006/09/28/overview-of-netmon-by-yuri-diogenes.aspxRegards,Xiu
Free Windows Admin Tool Kit Click here and download it now
December 8th, 2009 2:10pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics