Exchange 2010 Message Tracking Query Against Specific IP Address

May 1, 2014 3 comments

You may run into a scenario where you want to query your Exchange 2010 Message Tracking Logs to target a specific source IP address.   This often comes in handy if you have 3rd party applications or client SMTP relaying enabled in your environment.

The script will prompt you with 4 questions:

  1. The target IP
  2. Where to Email the Report
  3. How many hours to go back
  4. SMTP Server

Good luck!

Ed McKinzie

#Save as Message_Tracking_IP_Query.ps1
#Author: Ed McKinzie
#Use: Query Exchange 2010\2013 Message Tracking Logs for a specific sending IP Address
#Start of Script
#Delete any previous message tracking logs queries
remove-item .\*TrackingLogs.html
#Get the Variables for your query
$SMTP_IP=Read-Host “Enter a sending address you want to perform Message Tracking on”
$mailbox_report=Read-Host “Enter a mailbox\Email Address you want to Send this report”
$back_in_time =Read-Host “How far do you want to go back in time in hours:”
$SMTP_Server =Read-Host “Enter in the FQDN of your SMTP server:”
#Define the Dates
#Set the AD Environment
Set-ADServerSettings -ViewEntireForest:$True
#Start of the Array
#$comp is the variable for “Server”
@(foreach($comp in Get-TransportServer) {
$b = $b + “<br><font size=’2′>Message Tracking Log for <b>$SMTP_IP</b> from Server: <b>$Comp</b></font><HR><style>table{border-style:solid;border-width:0px;font-size:7pt;background-color:#ccc;width:80%;}th{text-align:left;}td{background-color:#fff;border-style:solid;border-width:0px;}body{font-family:verdana;font-size:7pt;}h1{font-size:7pt;}h2{font-size:10pt;}</style>”
$GetMessage_Tracking = get-messagetrackinglog -resultsize unlimited -server $comp -Start $StartDate -End $EndDate | where {$_.ClientIp -eq $SMTP_IP} | `
ConvertTo-Html -Head $b Timestamp, Sender, {$_.Recipients}, MessageSubject, ClientHostname, ClientIP,ServerHostname, `
ConnectorId, EventId, InternalMessageId, TotalBytes,Source,SourceContext | Add-content .\$SMTP_IP-TrackingLogs.html
$b = $null
 write-host “Parsing the logs on Server: $comp”
Send-MailMessage -To $mailbox_report -From “” `
-Subject “Exchange Mailbox Message Tracking on $SMTP_IP” -SmtpServer “$SMTP_Server” `
-Attachments .\$SMTP_IP-TrackingLogs.html `
-body (“Here are the Message tracking logs for $SMTP_Recipient between $StartDate and $EndDate”)