Need help tracking local sender IPs on Exchange 2010
We have upwards of 500+ NDR notices, daily, coming back to our Exchange 2010, destined for a single email address. This occurs even if the users PC is wiped and not in use. We are trying to find a way, within Exchange that we can identify the private IP of the possible compromised culprit.
Email ServersExchangeWindows Server 2008Active Directory
Anyway to expand the results? Gives me 3 highest senders, which are the exchange server, relay server and content filter.
Jeremy Weisinger
How many Exchange servers do you have? You should run it against each one that has the hub transport.
If all you get is the 3 IP then no clients are submitting to the Exchange server you queried.
tamray_tech
ASKER
Just the one, but have discovered that the school content filter IP comes into play here as the source for all smtp traffic, so attempting do discover what workstations send the most smtp traffic.