Avatar of tamray_tech
tamray_tech
 asked on

Need help tracking local sender IPs on Exchange 2010

We have upwards of 500+ NDR notices, daily,  coming back to our Exchange 2010, destined for a single email address. This occurs even if the users PC is wiped and not in use. We are trying to find a way, within Exchange that we can identify the private IP of the possible compromised culprit.
Email ServersExchangeWindows Server 2008Active Directory

Avatar of undefined
Last Comment
Jeremy Weisinger

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Jeremy Weisinger

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
tamray_tech

ASKER
Anyway to expand the results? Gives me 3 highest senders, which are the exchange server, relay server and content filter.
Jeremy Weisinger

How many Exchange servers do you have? You should run it against each one that has the hub transport.

If all you get is the 3 IP then no clients are submitting to the Exchange server you queried.
tamray_tech

ASKER
Just the one, but have discovered that the school content filter IP comes into play here as the source for all smtp traffic, so attempting do discover what workstations send the most smtp traffic.

Thank you for your assistance.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Jeremy Weisinger

Sorry I couldn't be more help.