-3

I have seen that the IP address of my mail server has added to blocked IP address list on http://psbl.org. I am using this server for personal use. So, it is not that much of an issue that I am, as a non IT pro, handling the server.

I suspect that someone obtained the password of one of the e-mail addresses or my server got infected by a spamware. I am trying to find out if there is any sign of a spamware inside the server by using SysInternals' tools but I haven't seen anything unusual (or I don't know where and what to look).

Is there any way I can inspect the SMTP traffic of my mail server to see usual e-mails going out from my server? First, I thought that Wireshark would be a suitable tool but I am not that experienced with that tool as well.

Also, which approach should I follow to be sure that my server doesn't have a spamware?

I am on Windows Server 2008 R2.

Dan
  • 15,280
  • 1
  • 35
  • 67
tugberk
  • 907
  • 4
  • 13
  • 29
  • OK, you guys drive me crazy here. Why on God's green earth do you want to close this question? I mean, seriously why? – tugberk Oct 16 '12 at 12:42
  • tugberk, I think the issue is "I am using this server for personal use", combined with the line in the faq which states that a question is off topic if it concerns "Anything in a home setting". Because of that, it seems like a better fit for SuperUser. – dsolimano Oct 16 '12 at 13:03
  • @dsolimano why does it matter? If I delete that line, would this question be suddenly legit? There you go! – tugberk Oct 16 '12 at 13:06
  • @tugberk It matters because it's the key Unique Selling Point of ServerFault. We try hard to keep things on topic and prevent the dilution of attracted skills to the site. – Dan Oct 16 '12 at 13:09

1 Answers1

1

Check out what your server looks like to the outside world here: http://www.mxtoolbox.com/

Run the SMTP diagnostics to make sure you aren't an open relay, which is a common mistake, and will get you on a blacklist within 15 minutes of setting up a new mail serve, since spammers are constantly scanning for open relays. Do you have any type of perimeter defense in front of this box, or is is just connected to the internet?

If you are using Exchange, look at the queue in ESM. If you are an open relay, it will be FULL.

DanBig
  • 11,393
  • 1
  • 28
  • 53