Solved

Best way to identify e-mails being received by receive connector on exchange 2007

Posted on 2015-02-02
5
115 Views
Last Modified: 2015-02-06
We're in the process of decomissioning an exchange 2007 server but first we need to see what devices are still relaying mail to it. What would be the best way to query the transport log files and can anyone provide an example of the best way to pull this information out?

Cheers.
0
Comment
Question by:tegenius
  • 2
  • 2
5 Comments
 
LVL 19

Accepted Solution

by:
Adam Farage earned 400 total points
ID: 40583936
Its a pain but there is a way, as I have done this a lot in the past...

Take the transport logs from the server, and then parse them using log parser.

Now let's say we want to know all the senders that are submitting the most mail to our system. We need to group by RemoteSendingHost that is a reversed IP and for our convenience group by and order in descending order:

logparser "select REVERSEDNS(EXTRACT_PREFIX(remote-endpoint,0,':')) as RemoteSendingHost, count(*) as Hits from RECV*.log group by RemoteSending

Host order by Hits DESC" -i:CSV -nSkipLines:4  -o:DATAGRID

This is what I use, and the code above comes from here
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40584226
You can use powershell for this using message tracking.

Get-MessageTrackingLog -Server <2007 HTserver> -Start "mm/dd/yyyy" -End "mm/dd/yyyy"

To find your default retention for your Exchange 2007 Server use the below command...
Get-TransportServer <2007 HTservr> | fl *messagetracking*

This will give you the values that your Exchange server/s are setup with.

Will.
0
 

Author Comment

by:tegenius
ID: 40584234
@Will: Cheers :) I can now see what connectors are set to log.

@ Adam: Perfect. The document you linked to pretty much solves this issue.

As a bonus, is there a way of identifying subjects from the logs (as they are all GUIDs) or are these encrypted?
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 100 total points
ID: 40584255
Yes you can also use the -MessageSubject switch to search for specific Subject words etc.

Get-MessageTrackingLog -Server <2007 HTserver> -Start "mm/dd/yyyy" -End "mm/dd/yyyy" 
 -MessageSubject "how are you"

Open in new window


Also reference the link below for additional details...
MessageTrackingLog using -MessageSubject

Will.
0
 

Author Closing Comment

by:tegenius
ID: 40594864
Cheers guys.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question