I have a couple of clients running Windows 10 using my Sendmail server. I don't have immediate access to one of them, but the other is my wife. Starting two days ago, when my wife turns on her laptop, my mail server immediately blocks our entire home network - rate limiting. I've put an Untangle firewall into our home network, and found that in fact it is her laptop, trying to communicate with Port 25 on my mail server (only), about 20-100 connection attempts per minute. I'm guessing it's trying to send spam via my mail server. No actual spam has been sent because, while the malware has been able to retrieve the server name from her mail config, it has not retrieved credentials, and the mail server requires credentials for relaying. None of the malware scanners I have access to have found it, and the volunteers at Bleeping Computer have also come up empty. So I have to find this myself.
So I guess the main question is: On Windows 10, is there any way to know which application is connecting to a specified external port (in this case 25) in real-time, or record who's asking for connections to port 25? Because this thing is opening the port, blindly slapping something through it, and closing it; it's not holding things open for any length of time, and teh firewall logs indicate that it's using a different high-number port for each outbound attempt.
