Is there a way within Exchange 2003 to view a log of which emails might have been rejected by the Exchange server?

Posted on 2011-02-25
Last Modified: 2012-05-11
Is there a way within Exchange 2003 to view a log of which emails might have been rejected by the Exchange server?

Several users outside of my organization have sent emails to users within my organization that were never received.

I need to be able to check to see if these emails actually made it to our organization's Exchange server and then if they were rejected for being too big, for containing spam, etc.

How can I do this?
Question by:Knowledgeable
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 38

Accepted Solution

Hypercat (Deb) earned 500 total points
ID: 34981616
You would need to have both SMTP logging and Message Tracking turned on. Between the two tracking methods, you should be able to see anything that happens to that message within Exchange. Keep in mind that if you have any third party software or appliance for spam filtering or antivirus filtering, these logs wouldn't show that activity.  You can turn on SMTP logging in the properties of the Default SMTP server in the Exchange System Manager. Message Tracking is turned on in the properties of the server in the ESM.

Author Comment

ID: 34981716
What are the exact steps that I would take to turn on both SMTP logging and Message Tracking within Exchange Server 2003?
LVL 38

Assisted Solution

by:Hypercat (Deb)
Hypercat (Deb) earned 500 total points
ID: 34981820
1. Open the Exchange System Manager.
2. Expand the objects until you see your server name - you may be displaying administrative groups, in which case you would expand that group. If you don't have administrative groups displayed, then you'll just see a Servers object.
3. Click on the server name. Then right-click and select Properties.
4. On the General tab, click "Enable message tracking" and "Remove old log files." Accept the defaults for number of days for the log files and the location of the message tracking logs.
5. Click OK to close out of the server properties.
6. Expand the server object, and then expand Protocols/ SMTP and click on the Default SMTP virtual server object.
7. Right-click the Default SMTP virtual server and click Properties.
8. On the General tab, click "Enable logging" and select "NCSA Common Log File Format" from the drop-down list.
9. Click Properties next to the log file location and make sure Daily is selected.
10. You will see in the properties that the SMTP logs will be stored by default in the C:\Windows\System32\Logfiles folder in a subfolder name SMTP. You can change the location of the log files if you want to do so.
11. Click OK to close out of the virtual server properties.

To view message tracking information, in the ESM go to Tools/Message Tracking.

To view the SMTP logs, go to the Logfiles/SMTP folder (or wherever else you opted to save them), and open the applicable file(s). They can be opened in Notepad or Wordpad.


Author Comment

ID: 35013317
Does anyone else have any further comments or suggestions?

Featured Post

Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question