See what server IP is sending mail to iis mail relay: Difference between revisions

From roonics
Jump to navigation Jump to search
(Created page with "test")
 
No edit summary
Line 1: Line 1:
test
I recently had to change the IP of a mail relay but people were unsure who was still using via the old IP.
So I added the new IP as a secondary IP then ran this script once a week to report who was still using it, that allowed me to those systems updated to point to the new IP.
 
<pre>
Get-Item *.log | ForEach-Object { $fil=$_.Name; foreach ($line in Get-Content $fil ) { if ($line -like "*10.10.10.10*") Write-Output $fil" "$line }
$line | out-file -FilePath "c:\temp\output.log" -Append
}
 
</pre>
 
Run this in the log directory for the IIS mail server logs and it will output a file to c:\temp\output.log with any IPs that may be sending mail via 10.10.10.10
 
Example log file output:
<pre>
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
</pre>
 
So here we can see that a server 10.20.20.20 is trying to send mail via 10.10.10.10

Revision as of 13:46, 17 September 2021

I recently had to change the IP of a mail relay but people were unsure who was still using via the old IP. So I added the new IP as a secondary IP then ran this script once a week to report who was still using it, that allowed me to those systems updated to point to the new IP.

Get-Item *.log | ForEach-Object { $fil=$_.Name; foreach ($line in Get-Content $fil ) { if ($line -like "*10.10.10.10*") Write-Output $fil" "$line }
$line | out-file -FilePath "c:\temp\output.log" -Append
}

Run this in the log directory for the IIS mail server logs and it will output a file to c:\temp\output.log with any IPs that may be sending mail via 10.10.10.10

Example log file output:

10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -

So here we can see that a server 10.20.20.20 is trying to send mail via 10.10.10.10