[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 139
  • Last Modified:

Best way to identify e-mails being received by receive connector on exchange 2007

We're in the process of decomissioning an exchange 2007 server but first we need to see what devices are still relaying mail to it. What would be the best way to query the transport log files and can anyone provide an example of the best way to pull this information out?

Cheers.
0
tegenius
Asked:
tegenius
  • 2
  • 2
2 Solutions
 
Adam FarageEnterprise ArchCommented:
Its a pain but there is a way, as I have done this a lot in the past...

Take the transport logs from the server, and then parse them using log parser.

Now let's say we want to know all the senders that are submitting the most mail to our system. We need to group by RemoteSendingHost that is a reversed IP and for our convenience group by and order in descending order:

logparser "select REVERSEDNS(EXTRACT_PREFIX(remote-endpoint,0,':')) as RemoteSendingHost, count(*) as Hits from RECV*.log group by RemoteSending

Host order by Hits DESC" -i:CSV -nSkipLines:4  -o:DATAGRID

This is what I use, and the code above comes from here
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
You can use powershell for this using message tracking.

Get-MessageTrackingLog -Server <2007 HTserver> -Start "mm/dd/yyyy" -End "mm/dd/yyyy"

To find your default retention for your Exchange 2007 Server use the below command...
Get-TransportServer <2007 HTservr> | fl *messagetracking*

This will give you the values that your Exchange server/s are setup with.

Will.
0
 
tegeniusAuthor Commented:
@Will: Cheers :) I can now see what connectors are set to log.

@ Adam: Perfect. The document you linked to pretty much solves this issue.

As a bonus, is there a way of identifying subjects from the logs (as they are all GUIDs) or are these encrypted?
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Yes you can also use the -MessageSubject switch to search for specific Subject words etc.

Get-MessageTrackingLog -Server <2007 HTserver> -Start "mm/dd/yyyy" -End "mm/dd/yyyy" 
 -MessageSubject "how are you"

Open in new window


Also reference the link below for additional details...
MessageTrackingLog using -MessageSubject

Will.
0
 
tegeniusAuthor Commented:
Cheers guys.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now