How to identify servers that are relaying through Exchange Servers

Posted on 2011-10-20
Last Modified: 2012-06-21
Hi Experts,

My company is migrating from Exchange 2003 to 2010. We have dozens of systems that relay email through our Exchange Servers but we don't have all applications well documented so I'm pretty sure when Exchange 2003 goes down, many systems will stop sending mails.

Exchange SMTP Logs are enabled. How could I filter it out to show me all IP's that are relaying emails through this server?

If it can't be done from log files, Do you know any tool that can be use to accomplish that task?


Rodrigo Garcone
Question by:garconer
    LVL 12

    Expert Comment

    by:Deepu Chowdary
    Checking port 25 allows u to know who are connecting to exchange server.
    Check Network Monitor tool once.

    Author Comment


    Thanks for your post. Actually I don't want to do a real time monitoring on port 25, I prefer to look at the logs, since doing real time monitoring can affect server's performance.

    Is there any way to extract that information from the log files?

    Tks for your post!

    Rodrigo Garcone
    LVL 23

    Expert Comment

    by:Stelian Stan
       To verify which servers are relaying log into Exchange 2003 server and start Exchange System Manager.
        Expand the organization_name object, and then expand the Servers node. Expand the server_name object of the server on which you want to control mail relay, and then expand the Protocols node.
        Expand the SMTP node, right-click the virtual SMTP server on which you want to control mail relay, and then click Properties
        Click Relay.
        In the Relay Restriction check the ip addresses of the servers are relaying

    Author Comment

    That's the problem. Someone had set all internal subnets addresses with relay permissions.
    LVL 41

    Accepted Solution

    This sounds like a job for some Unix tools. You can install Cygwin on a workstation whuch will give you access to the standard tools. What I am suggesting isn't pretty, but will hopefully work for you.

    Look at your SMTP logs. It should hopefully record the IP addresses of the servers sending you mail. If it also records the IP address of your Exchange Server, that might make things a little harder. I am going to assume that the ip address of the Exchange server is not in the file. If it is, open up the log in Excel and remove that column.

    I am assuming IP space for this example

    !this will show you all lines where your Exchange server talked to something on 192.168. Look at it and make note of some local servers relaying
    $cat filename.log |grep 192.168 |less

    !assume that you earlier found that and were relaying. We now want to remove those IP addresses from the output.
    $cat filename.log |grep 192.168 |grep -v |grep -v |less

    !keep repeating the process by building up your list of addresses that you want to filter out until nothing is left.

    What we did was to give the IP address of the original Exchange server as a secondary IP to the new Exchange server when the old server was finally retired. We also pointed the DNS to the new server, so servers relaying mail via IP or DNS name worked.

    Author Closing Comment


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do email signature updates give you a headache?

    Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

    Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
    Use these top 10 tips to master the art of email signature design. Create an email signature design that will easily wow recipients, promote your brand and highlight your professionalism.
    In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now