See what server IP is sending mail to iis mail relay

From roonics
Revision as of 14:46, 17 September 2021 by Jlambert (talk | contribs)
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

I recently had to change the IP of a mail relay but people were unsure who was still using via the old IP. So I added the new IP as a secondary IP then ran this script once a week to report who was still using it, that allowed me to those systems updated to point to the new IP. 

Get-Item *.log | ForEach-Object { $fil=$_.Name; foreach ($line in Get-Content $fil ) { if ($line -like "*10.10.10.10*") Write-Output $fil" "$line }
$line | out-file -FilePath "c:\temp\output.log" -Append
}

Run this in the log directory for the IIS mail server logs and it will output a file to c:\temp\output.log with any IPs that may be sending mail via 10.10.10.10

Example log file output: 

10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -

So here we can see that a server 10.20.20.20 is trying to send mail via 10.10.10.10

Retrieved from "https://www.roonics.com/index.php?title=See_what_server_IP_is_sending_mail_to_iis_mail_relay&oldid=592"