This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

All the answers I have seen on the web point to internal mail servers but its our web host that looks after our email. So how do I use wireshark to find out which machine is being used as a spam bot? To be clear we have been informed that one of our machines is sending out spam but its our external hosted mail server that is being logged and blocked all the machines in house 'appear' to be fine running the usual antivirus, spy bot etc but I'm pretty confident that at least one of our internal machines is compromised..... I just need to find out which.

Thanks

asked 20 Aug '13, 02:52

renrows's gravatar image

renrows
11112
accept rate: 0%

For me it's not quite clear, you did get a complaint that you're spamming, right? Which system is sending the spam? If it's the IP of your internet-link, then it must be an internal machine that's sending it out. But if the complaint was against your external mail-server, then it might be an open relay or might be infected with malware etc. Thanks for clarifying!

(21 Aug '13, 02:11) pfuender
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×2

question asked: 20 Aug '13, 02:52

question was seen: 1,766 times

last updated: 21 Aug '13, 02:11

p​o​w​e​r​e​d by O​S​Q​A