All the answers I have seen on the web point to internal mail servers but its our web host that looks after our email. So how do I use wireshark to find out which machine is being used as a spam bot? To be clear we have been informed that one of our machines is sending out spam but its our external hosted mail server that is being logged and blocked all the machines in house 'appear' to be fine running the usual antivirus, spy bot etc but I'm pretty confident that at least one of our internal machines is compromised..... I just need to find out which. Thanks asked 20 Aug '13, 02:52  renrows |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
For me it's not quite clear, you did get a complaint that you're spamming, right? Which system is sending the spam? If it's the IP of your internet-link, then it must be an internal machine that's sending it out. But if the complaint was against your external mail-server, then it might be an open relay or might be infected with malware etc. Thanks for clarifying!