We have a Office365, Exchange 2010, Exchange 2007 environment. :) I need to find the source IP of an e-mail that was sent through our Exchange 2007 environment. Just trying to track down the source of a internal spam storm. We are fully patched to the current versions on everything. Is ExMon still the tool of choice for doing this? Does it work in a Exchange 2007 CCR environment that is load ballanced with hardware load ballancers? Does it work in a Exchange 2010 DAG environment that is also load ballanced with hardware load ballancers? Thanks for any advice or gotchas, JasonJason Meyer

Generally, hardware load balancers change the IP address of the traffic into Exchange to their VIP, so in that case you'd have to look in the load balancers' logs, if they have them.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Generally, hardware load balancers change the IP address of the traffic into Exchange to their VIP, so in that case you'd have to look in the load balancers' logs, if they have them.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Hi Exmon "Client IP address" a list of all distinct IP address that are used by MAPI clients. (Note: The IP addresses that are listed in this column are the IP address after any proxy servers or network address translation. They might not be the MAPI client's actual IP address. ) It doesnt work in your case. I think that you should prevent internal spam on server not find source IP. It is very hard for you to prevent your users from getting virus. This case list other ways to prevent.Maybe it is helpful to you. Exchange 2007 Sending spam from internal address TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comTerence Yu TechNet Community Support

Hi Exmon "Client IP address" a list of all distinct IP address that are used by MAPI clients. (Note: The IP addresses that are listed in this column are the IP address after any proxy servers or network address translation. They might not be the MAPI client's actual IP address. ) It doesnt work in your case. I think that you should prevent internal spam on server not find source IP. It is very hard for you to prevent your users from getting virus. This case list other ways to prevent.Maybe it is helpful to you. Exchange 2007 Sending spam from internal address TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comTerence Yu TechNet Community Support

Hi Do you have anything update on your issue ?Terence Yu TechNet Community Support