Solved

Best way to identify e-mails being received by receive connector on exchange 2007

Posted on 2015-02-02
5
96 Views
Last Modified: 2015-02-06
We're in the process of decomissioning an exchange 2007 server but first we need to see what devices are still relaying mail to it. What would be the best way to query the transport log files and can anyone provide an example of the best way to pull this information out?

Cheers.
0
Comment
Question by:tegenius
  • 2
  • 2
5 Comments
 
LVL 19

Accepted Solution

by:
Adam Farage earned 400 total points
ID: 40583936
Its a pain but there is a way, as I have done this a lot in the past...

Take the transport logs from the server, and then parse them using log parser.

Now let's say we want to know all the senders that are submitting the most mail to our system. We need to group by RemoteSendingHost that is a reversed IP and for our convenience group by and order in descending order:

logparser "select REVERSEDNS(EXTRACT_PREFIX(remote-endpoint,0,':')) as RemoteSendingHost, count(*) as Hits from RECV*.log group by RemoteSending

Host order by Hits DESC" -i:CSV -nSkipLines:4  -o:DATAGRID

This is what I use, and the code above comes from here
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40584226
You can use powershell for this using message tracking.

Get-MessageTrackingLog -Server <2007 HTserver> -Start "mm/dd/yyyy" -End "mm/dd/yyyy"

To find your default retention for your Exchange 2007 Server use the below command...
Get-TransportServer <2007 HTservr> | fl *messagetracking*

This will give you the values that your Exchange server/s are setup with.

Will.
0
 

Author Comment

by:tegenius
ID: 40584234
@Will: Cheers :) I can now see what connectors are set to log.

@ Adam: Perfect. The document you linked to pretty much solves this issue.

As a bonus, is there a way of identifying subjects from the logs (as they are all GUIDs) or are these encrypted?
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 100 total points
ID: 40584255
Yes you can also use the -MessageSubject switch to search for specific Subject words etc.

Get-MessageTrackingLog -Server <2007 HTserver> -Start "mm/dd/yyyy" -End "mm/dd/yyyy" 
 -MessageSubject "how are you"

Open in new window


Also reference the link below for additional details...
MessageTrackingLog using -MessageSubject

Will.
0
 

Author Closing Comment

by:tegenius
ID: 40594864
Cheers guys.
0

Featured Post

Wish Marketing would stop bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

Suggested Solutions

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now