need help handling spam relay.

By tech06 ·
Several of our contacts claim that a spam was sent out from our firewall (Sonicwall SOHO3). The IP was our firewall's NAT public address.
We use a third-party mail server. Since this our first incident, how to begin troubleshooting/tracking down this issue?
Please input is greatly appreciated.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

There is one possibility

by HAL 9000 Moderator In reply to need help handling spam r ...

You have an infected machine on the inside of the Firewall that is generating spam and sending it the moment that it's turned on.

If your computers are all clean then the most likely problem is that your IP Address has been Spoofed, if that's the case there is very little that you can do about it as the people responsible can be anywhere in the world and out of your ability to do anything about.

You can also check the Sent Mail Items to see if the supposed mail was actually sent from your IP address as recently I've been seeing several Return Mail Notices to unknown E-Mail address returned to me through one of my ISP's and they are not even showing as originating from me and carry an IP Address that isn't being used.


Related Discussions

Related Forums