How to identify servers that are relaying through Exchange Servers

Posted on 2011-10-20
Medium Priority
Last Modified: 2012-06-21
Hi Experts,

My company is migrating from Exchange 2003 to 2010. We have dozens of systems that relay email through our Exchange Servers but we don't have all applications well documented so I'm pretty sure when Exchange 2003 goes down, many systems will stop sending mails.

Exchange SMTP Logs are enabled. How could I filter it out to show me all IP's that are relaying emails through this server?

If it can't be done from log files, Do you know any tool that can be use to accomplish that task?


Rodrigo Garcone
Question by:garconer
LVL 12

Expert Comment

by:Deepu Chowdary
ID: 37004088
Checking port 25 allows u to know who are connecting to exchange server.
Check Network Monitor tool once.

Author Comment

ID: 37004098

Thanks for your post. Actually I don't want to do a real time monitoring on port 25, I prefer to look at the logs, since doing real time monitoring can affect server's performance.

Is there any way to extract that information from the log files?

Tks for your post!

Rodrigo Garcone
LVL 23

Expert Comment

by:Stelian Stan
ID: 37004285
   To verify which servers are relaying log into Exchange 2003 server and start Exchange System Manager.
    Expand the organization_name object, and then expand the Servers node. Expand the server_name object of the server on which you want to control mail relay, and then expand the Protocols node.
    Expand the SMTP node, right-click the virtual SMTP server on which you want to control mail relay, and then click Properties
    Click Relay.
    In the Relay Restriction check the ip addresses of the servers are relaying
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 37004301
That's the problem. Someone had set all internal subnets addresses with relay permissions.
LVL 42

Accepted Solution

kevinhsieh earned 2000 total points
ID: 37006837
This sounds like a job for some Unix tools. You can install Cygwin on a workstation whuch will give you access to the standard tools. What I am suggesting isn't pretty, but will hopefully work for you.

Look at your SMTP logs. It should hopefully record the IP addresses of the servers sending you mail. If it also records the IP address of your Exchange Server, that might make things a little harder. I am going to assume that the ip address of the Exchange server is not in the file. If it is, open up the log in Excel and remove that column.

I am assuming IP space for this example

!this will show you all lines where your Exchange server talked to something on 192.168. Look at it and make note of some local servers relaying
$cat filename.log |grep 192.168 |less

!assume that you earlier found that and were relaying. We now want to remove those IP addresses from the output.
$cat filename.log |grep 192.168 |grep -v |grep -v |less

!keep repeating the process by building up your list of addresses that you want to filter out until nothing is left.

What we did was to give the IP address of the original Exchange server as a secondary IP to the new Exchange server when the old server was finally retired. We also pointed the DNS to the new server, so servers relaying mail via IP or DNS name worked.

Author Closing Comment

ID: 37007827

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
Upgrading from older Exchange server to the latest Exchange server can be tiresome, error-prone and risky, without being a seasoned exchange server administrators. It can become even problematic if you're an organization that runs on tight timeline…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses
Course of the Month9 days, 18 hours left to enroll

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question