A blacklisting issue for a client led to dusting of my Ethereal experience and employing the new flavour of the veritable packet sniffing tool to narrow down smtp traffic from a specific machine. The product installation from www.wireshark.org was quick and clear in its instruction. Installing on a laptop connected to the external facing internet router – I switched on port mirroring to let the unit see the traffic being directed out from the server. Limiting the protocol filters to smtp and the source address of the originating mail server very quickly identified the traffic flows that were occuring. Checking the message queues in exchange identified a number of suspicious items and allowed the filter results to be corroborated.
As a diagnostic tool – its hard to beat Wireshark for its power in visualising the data flowing on your network – well worth taking the time to install on a laptop and using it to view the results. I have no doubt you will learn a lot from its output.
The next stage in my problem however – is to see what is causing the mails to be generated as the server is not an open relay. This will through exchange SMTP logging and reviewing the event logs to show how the mails are originating. Back with more