I'm new to administrating Exchange. I took over from another guy and recently discovered that the Exchange server had a fully open relay. Unfortunately, I discovered it when spam started getting sent through the mail server. I closed the relay, but we now have reason to believe that the old IT guy was the source of the spam.
I'm trying to find a way to get a list of all incoming relay (SMTP) request that have come into the mail server in the past 3-4 weeks and the IP that they originated from. I'm meeting with the DA tomorrow about pressing charges against this guy (for this and many other issues) and they want to supena (sp?) his ISP to try and confirm that they came from his IP address.
Is there any way I can get this info?
Software/Hardware used: Microsoft Exchange 2003 SP2, running on Windows 2003 Small Business Server