Tuesday, August 17, 2021

Spamming inside network, public IP getting blocked

Looking after a large network which all users have a BYOD and their own subnet. As of late there has been spam and email blockings against the Public WAN IP. Until the gremlin or gremlins are found it will continue to cause endless blockings to spam lists.

What will be the best way to monitor SMTP traffic and stop oland identify this happening again. I'm thinking running a device with Wireshark and a port 25 display filter on the core switch. Will this be enough to capture SMTP traffic and the offending local IP? There is no funds to throw in a content filtering device so it will have to be a manual, freeware process to find the infected device.

Any help is much appreciated



No comments:

Post a Comment