1

We have two Exchange Servers (2016 CU9), EX-OLD and EX-NEW. There are various systems, processes, scheduled tasks and scripts in the business that send emails through our Exchange servers by connecting through SMTP.

We've tracked down a large number of these and updated their configuration to use EX-NEW but are quietly confident that there will still be processes lurking that are using EX-OLD.

Is there a way to determine what's still using EX-OLD for SMTP via Exchange?

Rob
  • 647
  • 1
  • 7
  • 27
  • 2
    Look at the Exchange transport logs, run a network capture on the server for a few hours and see what inbound SMTP traffic is hitting it, etc., etc. – joeqwerty May 09 '19 at 11:45
  • What's the configuration of your virtual directories and DNS records? You can check the IIS log as well. – joyceshen May 10 '19 at 03:15
  • @joeqwerty - that sounds like the start of an answer to me! :) Regarding Exchange transport logs, that sounds like the most promising as some of these processes are periodic and may run only once a week - having wireshark or similar running for that long doesn't seem ideal, assuming that the logs will give me sufficient info (message id, source server?) to track things down – Rob May 10 '19 at 06:31
  • @joyceshen I'm not sure how either of those will help, AFAIK IIS isn't responsible for receiving SMTP email in Exchange and the IP addresses behind EX-OLD and EX-NEW won't have any bearing on the discovery process? – Rob May 10 '19 at 06:32

0 Answers0