?
Solved

Best way to identify e-mails being received by receive connector on exchange 2007

Posted on 2015-02-02
5
Medium Priority
?
133 Views
Last Modified: 2015-02-06
We're in the process of decomissioning an exchange 2007 server but first we need to see what devices are still relaying mail to it. What would be the best way to query the transport log files and can anyone provide an example of the best way to pull this information out?

Cheers.
0
Comment
Question by:tegenius
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 19

Accepted Solution

by:
Adam Farage earned 1600 total points
ID: 40583936
Its a pain but there is a way, as I have done this a lot in the past...

Take the transport logs from the server, and then parse them using log parser.

Now let's say we want to know all the senders that are submitting the most mail to our system. We need to group by RemoteSendingHost that is a reversed IP and for our convenience group by and order in descending order:

logparser "select REVERSEDNS(EXTRACT_PREFIX(remote-endpoint,0,':')) as RemoteSendingHost, count(*) as Hits from RECV*.log group by RemoteSending

Host order by Hits DESC" -i:CSV -nSkipLines:4  -o:DATAGRID

This is what I use, and the code above comes from here
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40584226
You can use powershell for this using message tracking.

Get-MessageTrackingLog -Server <2007 HTserver> -Start "mm/dd/yyyy" -End "mm/dd/yyyy"

To find your default retention for your Exchange 2007 Server use the below command...
Get-TransportServer <2007 HTservr> | fl *messagetracking*

This will give you the values that your Exchange server/s are setup with.

Will.
0
 

Author Comment

by:tegenius
ID: 40584234
@Will: Cheers :) I can now see what connectors are set to log.

@ Adam: Perfect. The document you linked to pretty much solves this issue.

As a bonus, is there a way of identifying subjects from the logs (as they are all GUIDs) or are these encrypted?
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 400 total points
ID: 40584255
Yes you can also use the -MessageSubject switch to search for specific Subject words etc.

Get-MessageTrackingLog -Server <2007 HTserver> -Start "mm/dd/yyyy" -End "mm/dd/yyyy" 
 -MessageSubject "how are you"

Open in new window


Also reference the link below for additional details...
MessageTrackingLog using -MessageSubject

Will.
0
 

Author Closing Comment

by:tegenius
ID: 40594864
Cheers guys.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question