WinGate Forums

[alyork]

We have LAN that one or more of the workstations is sending out spam email. Like 30,000 plus in a few minutes for phony Rolex watches.

The from email is being spoofed. Don't know how the target email is being derived.

The problem is that we cannot figure out where the spam email is being generated. We've run scans on all the computers and removed every spyware etc., hit we can find. Checking the Wingate\Mail\spool directories shows counts of:

\dead 600
\holding 35000
\domains\mail.telus.net 35000

in 7 minutes.

Is there some way in Wingate we can tell where an email is being sent from?

Thanks - Al

[labull]

How is the outbound connection being made? Is it via NAT?

What ever service it's on check the logs and see who is connecting on port 25. Turn on debug logging if necessary.

[adrien]

Another option is that the spam does not even originate from the LAN.

depending on your mail and networking setup, is it possible the mail is coming in from the outside?

In any case, you need to look at the SMTP server logs, to see where the mail is coming from. If you're getting that much, it should be easy to spot?