I have a big project migrating email from an on-premise server to Office 365. The Exchange environment has been around for almost 2 decades and many applications route email throught Exchange.
I needed a way to find who is sending. So, I used LogParser 2.2 (Microsoft) to analyze the SMTP logs.
Take the code below, after installing LogParser, and run it in the directory where the SMTP logs are located. In my case, you can see it below.
The program will simply read all of the logs in the area where it is run from. You wind up with the results below. Perfect!
“C:\Program Files (x86)\Log Parser 2.2\logparser.exe” “SELECT EXTRACT_PREFIX(remote-endpoint,0,’:’) as IP,REVERSEDNS(EXTRACT_PREFIX(remote-endpoint,0,’:’)) as Name,Count(*) as Hits from *.log WHERE data LIKE ‘%EHLO%’ GROUP BY IP ORDER BY Hits DESC” -i:CSV -nSkipLines:4 -rtp:-1
https://practical365.com/exchange-server/exchange-2010-report-top-sender-ips-log-parser/ – This one has the query above.