In this blog post I will show you a quick way to search through large amounts of Real Time Blacklists logs on an Exchange Server. This article assumes you have RBL Providers in place on an Exchange server which can be enabled as per the following article:
http://clintboessen.blogspot.com.au/2014/05/rbl-providers-and-exchange-2013.html
Once RBL listing is turned on, you will have a bunch of log files under the following directory (provided Exchange was installed to the default C:\ directory):
C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\AgentLog
We want to track down which RBL provider blocked an email from a spammer with the from address of bqmppf@apremiertravel.com but we first need to identify what log file contains the entry. To do this open a command prompt and navigate to the FrontEnd\AgentLogs directory.
Run the following command:
find /c "bqmppf@apremiertravel.com" *.log | find ":" | find /v ": 0"
After running this command we can see that it found one entry for bqmppf@apremiertravel.com in the file AGENTLOG20160313-1.LOG.
Open the log and search for the email in question.
We can see this email was blocked by zen.spamhaus.org RBL provider.
Hope this post was helpful.
http://clintboessen.blogspot.com.au/2014/05/rbl-providers-and-exchange-2013.html
Once RBL listing is turned on, you will have a bunch of log files under the following directory (provided Exchange was installed to the default C:\ directory):
C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\AgentLog
We want to track down which RBL provider blocked an email from a spammer with the from address of bqmppf@apremiertravel.com but we first need to identify what log file contains the entry. To do this open a command prompt and navigate to the FrontEnd\AgentLogs directory.
Run the following command:
find /c "bqmppf@apremiertravel.com" *.log | find ":" | find /v ": 0"
After running this command we can see that it found one entry for bqmppf@apremiertravel.com in the file AGENTLOG20160313-1.LOG.
Open the log and search for the email in question.
We can see this email was blocked by zen.spamhaus.org RBL provider.
Hope this post was helpful.
This is dummy text. It is not meant to be read. Accordingly, it is difficult to figure out when to end it. But then, this is dummy text. It is not meant to be read. Period.
ConversionConversion EmoticonEmoticon