Home > Exchange 2010, Exchange 2013 > Exchange 2010 Message Tracking Query Against Specific IP Address

Exchange 2010 Message Tracking Query Against Specific IP Address

You may run into a scenario where you want to query your Exchange 2010 Message Tracking Logs to target a specific source IP address.   This often comes in handy if you have 3rd party applications or client SMTP relaying enabled in your environment.

The script will prompt you with 4 questions:

  1. The target IP
  2. Where to Email the Report
  3. How many hours to go back
  4. SMTP Server

Good luck!

Ed McKinzie

#Save as Message_Tracking_IP_Query.ps1
#Author: Ed McKinzie edmckinzie.wordpress.com
#Use: Query Exchange 2010\2013 Message Tracking Logs for a specific sending IP Address
#Start of Script
#Delete any previous message tracking logs queries
remove-item .\*TrackingLogs.html
#Get the Variables for your query
$SMTP_IP=Read-Host “Enter a sending address you want to perform Message Tracking on”
$mailbox_report=Read-Host “Enter a mailbox\Email Address you want to Send this report”
$back_in_time =Read-Host “How far do you want to go back in time in hours:”
$SMTP_Server =Read-Host “Enter in the FQDN of your SMTP server:”
#Define the Dates
#Set the AD Environment
Set-ADServerSettings -ViewEntireForest:$True
#Start of the Array
#$comp is the variable for “Server”
@(foreach($comp in Get-TransportServer) {
$b = $b + “<br><font size=’2′>Message Tracking Log for <b>$SMTP_IP</b> from Server: <b>$Comp</b></font><HR><style>table{border-style:solid;border-width:0px;font-size:7pt;background-color:#ccc;width:80%;}th{text-align:left;}td{background-color:#fff;border-style:solid;border-width:0px;}body{font-family:verdana;font-size:7pt;}h1{font-size:7pt;}h2{font-size:10pt;}</style>”
$GetMessage_Tracking = get-messagetrackinglog -resultsize unlimited -server $comp -Start $StartDate -End $EndDate | where {$_.ClientIp -eq $SMTP_IP} | `
ConvertTo-Html -Head $b Timestamp, Sender, {$_.Recipients}, MessageSubject, ClientHostname, ClientIP,ServerHostname, `
ConnectorId, EventId, InternalMessageId, TotalBytes,Source,SourceContext | Add-content .\$SMTP_IP-TrackingLogs.html
$b = $null
 write-host “Parsing the logs on Server: $comp”
Send-MailMessage -To $mailbox_report -From “postmaster@domain.com” `
-Subject “Exchange Mailbox Message Tracking on $SMTP_IP” -SmtpServer “$SMTP_Server” `
-Attachments .\$SMTP_IP-TrackingLogs.html `
-body (“Here are the Message tracking logs for $SMTP_Recipient between $StartDate and $EndDate”)

  1. May 1, 2014 at 2:26 PM

    This script works great and even hits all the server in the array. The only thing I wanted to let you know is that it does cause the CPU to go to 100% and stay there while the script is running.

  2. May 1, 2014 at 2:45 PM

    Are you running it from a scripting server or one of the HUB servers in the array? Either way, the message tracking logs will be parsed and will likely cause the CPU usage to increase, but not substantially……running the script in both my editor and directly in the Exchange shell, I only see the PS process use 20-25% of the CPU. (VM machine with 4 logical procs).


    Ed M.

    • May 1, 2014 at 3:21 PM

      I ran it from a HA CAS\HUB server. I will try running it again and watch the CPU.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: