-3

I have seen that the IP address of my mail server has added to blocked IP address list on http://psbl.org. I am using this server for personal use. So, it is not that much of an issue that I am, as a non IT pro, handling the server.

I suspect that someone obtained the password of one of the e-mail addresses or my server got infected by a spamware. I am trying to find out if there is any sign of a spamware inside the server by using SysInternals' tools but I haven't seen anything unusual (or I don't know where and what to look).

Is there any way I can inspect the SMTP traffic of my mail server to see usual e-mails going out from my server? First, I thought that Wireshark would be a suitable tool but I am not that experienced with that tool as well.

Also, which approach should I follow to be sure that my server doesn't have a spamware?

I am on Windows Server 2008 R2.

Nobody
  • 15,510
tugberk
  • 945

1 Answers1

1

Check out what your server looks like to the outside world here: http://www.mxtoolbox.com/

Run the SMTP diagnostics to make sure you aren't an open relay, which is a common mistake, and will get you on a blacklist within 15 minutes of setting up a new mail serve, since spammers are constantly scanning for open relays. Do you have any type of perimeter defense in front of this box, or is is just connected to the internet?

If you are using Exchange, look at the queue in ESM. If you are an open relay, it will be FULL.

DanBig
  • 11,445