Exchange Server Forums

Finding SPAM bots

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [Microsoft Exchange 2003] >> Exchange 2003 SBS >> Finding SPAM bots

Page: [1]

Message

<< Older Topic Newer Topic >>

Finding SPAM bots - 7.Dec.2011 9:44:16 AM

isdpcman

Posts: 137
Joined: 3.Apr.2006
Status: offline

One of our clients has been blacklisted on SPAM sites because of SPAM emails being sent out. We cannot seem to pinpoint where this is coming from. Is there a quick/easy way to determine what account(s) are infected/being used for SPAM mailings? We need to clean this off ASAP. It's odd because our user accounts are all locked down and the AV hasn't seemed to catch this.

Post #: 1

Featured Links*

RE: Finding SPAM bots - 7.Dec.2011 9:47:25 AM

alanhardisty

Posts: 386
Joined: 28.Feb.2010
Status: offline

What is your environment? Presumably you have Exchange 2003 involved?

If you do - you should block TCP port 25 outbound for ALL internal IP's apart from the IP of your server, then if a client gets and infection, it can't send out mail unless it goes via the server, which is rare, but not impossible.

If you can log activity on port 25 when it is blocked, it won't take you long to figure out which computer(s) are infected.

Malwarebytes is a good tool to run once you have found the problem computer(s).

_____________________________

Alan Hardisty

http://www.it-eye.co.uk
http://alanhardisty.wordpress.com
http://www.exchange-certificates.com

(in reply to isdpcman)

Post #: 2

RE: Finding SPAM bots - 7.Dec.2011 9:59:38 AM

isdpcman

Posts: 137
Joined: 3.Apr.2006
Status: offline

We are running a Windows SBS 2003 server. How do I block outgoing port 25 on workstations, Alan? We have 45 PC's on the LAN. Windows firewall has been disabled (via GP). Any way to do this on a global scale from the server??

(in reply to alanhardisty)

Post #: 3