I had this question after viewing Exchange 2010 Log Spam E-mail
As part of my spam protection effort, I utilize Exchange Anti-Spam. As I get spam email, I identify the sending server IP (aaa.bbb.ccc.ddd) and then go into IP Block List and add aaa.bbb.ccc.0/24. For the most part, this works fine. However, on occasion, we're having legitimate senders being blocked due to their sending server being part of the aaa.bbb.ccc.0/24 network. If I go into the agent log, I get:
nnection Filtering Agent,OnMailCommand,Reject
0 5.7.1 External client with IP address aaa.bbb.ccc.54 does not have permissions to submit to this server.,LocalBlockList,entry created by administrator,
Unfortunately, this is not very useful in identifying who the sender is. Is there a way to configure the IP Block to state the sender? Basically, I need a way to tell email@example.com to send me an email and I can look at a log and see that firstname.lastname@example.org was rejected. They often get NDRs that just say the sending server gave up after so many tries.
Any assistance would be great.