I need some help with tracking down the source of a possible botnet on my network. My ISP tells me that there are SPAM emails originating from my network. Anything I could try to find the exact client being the culprit?
To track it down on your network use one of these methods
1. Click on Reports\Other\Email and select the by Source IP report. This will list all SMTP sources on your network
2. Run a traffic distribution report and use TCP port 25 as the destination port. You can then drill down on the traffic total to identify the SMTP sources