See what server IP is sending mail to iis mail relay: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 28: | Line 28: | ||
[[Category:IIS]] | [[Category:IIS]] | ||
[[Category:Mail relay]] | [[Category:Mail relay]] | ||
<comments /> |
Latest revision as of 10:07, 20 March 2022
I recently had to change the IP of a mail relay but people were unsure who was still using via the old IP. So I added the new IP as a secondary IP then ran this script once a week to report who was still using it, that allowed me to those systems updated to point to the new IP.
Get-Item *.log | ForEach-Object { $fil=$_.Name; foreach ($line in Get-Content $fil ) { if ($line -like "*10.10.10.10*") Write-Output $fil" "$line } $line | out-file -FilePath "c:\temp\output.log" -Append }
Run this in the log directory for the IIS mail server logs and it will output a file to c:\temp\output.log with any IPs that may be sending mail via 10.10.10.10
Example log file output:
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - - 10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - - 10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - - 10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - - 10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - - 10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - - 10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - - 10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
So here we can see that a server 10.20.20.20 is trying to send mail via 10.10.10.10 <comments />