Home > IT Answers > Exchange > SMTP queues sending spam. How can i find what...
Help

Question

  Asked: May 14 2008   2:52 PM GMT
  Asked by: ITKE

SMTP queues sending spam. How can i find what PC is sending these messages


SMTP, Exchange 2003, Spam, Exchange security

A question submitted on SearchExchange.com


It appears a PC on our network has a virus. This morning I found a few hundred messages in the SMTP queues being sent from security@eppi-card.com and security@eppi-card.co.us to hundreds of domains. Is there a way to see which PC sent these messages? Maybe a log showing the IP address that submitted the messages to the SMTP queue? I'm running Exchange 2003.

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window
Help

Answer Wiki (Improve, edit or add to this answer)

IMPROVE THIS ANSWER
View History
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
Last Answered: May 14 2008  3:11 PM GMT  by Labnuke99




Take a look at the message headers on the spam messages. A website that can assist with this task is here. You will be looking for the ip address of the first device in the chain. This will give you the host IP address (provided DHCP is not in use and the address has been released).

You could also scan your network for devices sending traffic on port 25.
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Exchange.

Looking for relevant Exchange Whitepapers? Visit the SearchExchange.com Research Library.


RSS - Discussions Help

Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register