We help IT Professionals succeed at work.

Unidentified traffic to Exchange 2007 mail server ?

Shakthi777 used Ask the Experts™

I'm running Exchange 2007 on Windows 2003 R2 SP2 64 bit. And I noticed regular inbound traffic to the email server. By the firewall logs it's consumed by SMTP in the mail server.

How can I handle this situation?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
I'm sorry if I don't quite understand your question.  There is supposed to be regular inbound traffic to the mail server on the SMTP port.  That is how mail is transferred.


oh yah I have missed the interesting part of it :p apology... ! I was monitoring it for past 12 hours and average it's has 1 Mbps inbound traffic.. we don't have that much of email traffic ..

so how do we analyze this traffic on SMTP ?
It is almost certainly SPAM that is being killed by your mail server's anti-spam.
Do you have a domain with an MX record pointed to it?  By that I mean, is the mail server live with a real domain like example.com or something?  If so, it's even more likely that it is spam.

I'd take a look at your anti-spam logs, assuming you have anti-spam of some sort.

If you really want to take a look at the traffic itself, install something like ethereal or some other packet inspection software and have a peek, although I doubt you have anything to worry about.
Enable verbose logging on the receive connector which receives emails from internet.
You can open the log file using Excel and apply any filter based on your requirement like the source IP, Recipient, Sender email address etc..

Check this


tnx !