Hi guys our domain was recently blacklisted,the case was that alot of spam was coming from our side.Is there a way to know the specific user that is sending the spam from my networkWe have a corporate anti virus in this case NOD 32 .Thank you
How many users are you? On Fri, Jan 28, 2011 at 1:31 PM, boniface njoroge <bonifacenjoroge5@gmail.com> wrote:
Hi guys our domain was recently blacklisted,the case was that alot of spam was coming from our side.Is there a way to know the specific user that is sending the spam from my networkWe have a corporate anti virus in this case NOD 32 .Thank you _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
1. Check that your mail server is not an open relay 2. Monitor connections to your server's port 25 from within the network. Try wireshark for SMTP traffic On 28 January 2011 13:31, boniface njoroge <bonifacenjoroge5@gmail.com>wrote:
Hi guys our domain was recently blacklisted,the case was that alot of spam was coming from our side.Is there a way to know the specific user that is sending the spam from my networkWe have a corporate anti virus in this case NOD 32 .Thank you _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
What type of connection are you on. Do you get a public IP via DHCP? Do you have a mail server. You can check the logs if Logging is enabled. Alternatively, scan computers for viruses. Your gateway is also a good place to sniff for unusual smtp traffic. On Fri, Jan 28, 2011 at 1:33 PM, Simon Mbuthia <simon.mbuthia@gmail.com>wrote:
1. Check that your mail server is not an open relay 2. Monitor connections to your server's port 25 from within the network. Try wireshark for SMTP traffic
On 28 January 2011 13:31, boniface njoroge <bonifacenjoroge5@gmail.com>wrote:
Hi guys our domain was recently blacklisted,the case was that alot of spam was coming from our side.Is there a way to know the specific user that is sending the spam from my networkWe have a corporate anti virus in this case NOD 32 .Thank you _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
On Fri, Jan 28, 2011 at 1:31 PM, boniface njoroge < bonifacenjoroge5@gmail.com> wrote:
Hi guys our domain was recently blacklisted,the case was that alot of spam was coming from our side.Is there a way to know the specific user that is sending the spam from my networkWe have a corporate anti virus in this case NOD 32 .Thank you
Hello Boni, If you have a mail server on your network, then the best thing for you to do is to enable detailed logging for SMTP sessions. Coupled with knowledge of your network (how IPs are used by your LAN hosts) it becomes very easy to figure out if it is your server that is compromised or one of the hosts on your LAN. All other answers you will receive are wild shots:) -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
participants (5)
-
Alvin Jason Ochieng -
Boniface -
boniface njoroge -
Odhiambo Washington -
Simon Mbuthia