How can I find a computer on my network that is doing mass mailings?

You could connect a hub in between the router and your LAN and then plug a computer into the hub and install a traffic monitor on it such as Microsoft network monitor or wire shark

http://www.wireshark.org/

You will then be able to monitor all that goes on and set up filters etc


It's been a long time since I played with DD-WRT, but on most business-level routers they have the ability to write a log each time a firewall rule is matched.

I would create a firewall rule for Port 25 (assuming that the mass mailer is using the standard SMTP port) and get it to write a log with the source IP every time it happens. It should then be pretty easy to locate the culprit.


I am also not sure how to track without netflow or SNMP logging. But would recommend you just restrict outbound SMTP traffic to your mail server(s)

Below assumes a mail server IP of 192.168.1.2 on the network 192.168.1.0/24

iptables -I FORWARD 1 -p tcp -s 192.168.1.2 --dport 25 -j ACCEPT
iptables -I FORWARD 2 -p tcp -s 192.168.1.1/24 --dport 25 -j REJECT