We are running on Exchange 2007. This week, our exchange being attacked by spammers.Our exchange mail flow would be incoming/outgoing mail from/to internet will be pass thru Borderware anti-spam.
When the problem occured, our vendor detected that spam mail were being send from our Exchange Hub Transport server to Internet, they detected the Sender IP address 10.x.x.22 from the log I sent them. They asked me to search for actual source IP, so I did used the Exchange Message Tracking log and found out the the ClientIP address is 188.8.131.52 (external). Why was that? I do get the actual source IP address. Any tool available?