Determining Where Emails Are Originating

[sfortner]

I have an Exchange 5.5 SP4 installing on a Windows 2000 Domain Controller. I have turned relaying off completely within the IMS. There is only one mailbox on this server. However, the server continues to send out emails that would appear to be spam related. I think the emails may be NDRs to computers trying to relay. This server is behind a firewall with port 25 blocked, so I can't imagine how it is being reached except that it may be an internal infected computer. How can I determine which computer is connecting to my Exchange Server and trying to deliver mail? Is there one of the logging functions that will tell me this? Thanks.

 

[zbnet]

Turn on the SMTP Protocol Logging - this will write a logfile into \exchsrvr\imcdata\log which will have all the session informtation for every mail connection, including ip address of the connecting system.