See what server IP is sending mail to iis mail relay

From roonics
Revision as of 13:49, 17 September 2021 by Jlambert (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

I recently had to change the IP of a mail relay but people were unsure who was still using via the old IP. So I added the new IP as a secondary IP then ran this script once a week to report who was still using it, that allowed me to those systems updated to point to the new IP.

Get-Item *.log | ForEach-Object { $fil=$_.Name; foreach ($line in Get-Content $fil ) { if ($line -like "*10.10.10.10*") Write-Output $fil" "$line }
$line | out-file -FilePath "c:\temp\output.log" -Append
}

Run this in the log directory for the IIS mail server logs and it will output a file to c:\temp\output.log with any IPs that may be sending mail via 10.10.10.10

Example log file output:

10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -

So here we can see that a server 10.20.20.20 is trying to send mail via 10.10.10.10