Spam spewing from within my system

I am a small ISP using canopy. I have a problem with a user that I can’t track down. They apparently have a virus on their pc that is spewing spam. It is causing my ip address to be blacklisted. I am relatively new to all of this. Can someone recommend a tool that would be effective in identifying the source of the spam. Hopefully one that won’t break me. Thanks in advance for your help. :?:

Depending on your network setup, you can use wireshark to sniff backbone traffic and then filter all port 25 traffic that does not originate from or go to your email server. You can also setup you router to only let your email server send email and then force all of your customers to use that to send mail out.

If you have BSD, or Linux routers at each of your tower locations you can do a trafshow -ni (interfaace of ap) to show the traffic on that interface. If’s it spewing as much as you say it is then it should show up pretty quickly. The offending IP should be listed in the info that the command displays.

However this is only effective if you know which tower it is on.