asked on
Need help tracking local sender IPs on Exchange 2010
We have upwards of 500+ NDR notices, daily, coming back to our Exchange 2010, destined for a single email address. This occurs even if the users PC is wiped and not in use. We are trying to find a way, within Exchange that we can identify the private IP of the possible compromised culprit.
Email ServersExchangeWindows Server 2008Active Directory
Last Comment
Jeremy Weisinger
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Anyway to expand the results? Gives me 3 highest senders, which are the exchange server, relay server and content filter.
How many Exchange servers do you have? You should run it against each one that has the hub transport.
If all you get is the 3 IP then no clients are submitting to the Exchange server you queried.
If all you get is the 3 IP then no clients are submitting to the Exchange server you queried.
ASKER
Just the one, but have discovered that the school content filter IP comes into play here as the source for all smtp traffic, so attempting do discover what workstations send the most smtp traffic.
Thank you for your assistance.
Thank you for your assistance.
Sorry I couldn't be more help.