On Mon, 2008-03-24 at 08:01 +0000, Mark Rogers wrote:
Either way any suggestions welcomed, particularly ones I can work on via a VPN connection rather than going to site.
NB: I've played with programs like Ethereal/Wireshark in the past, and I'm sure that's what I should be looking at, but I've always found myself looking at too much information and unable to see the wood for the trees. So pointers to tutorials gratefully received!
I would say that unless you have something cleverer than a standard modem/router then wireshark on the line at the gateway would be your best bet. Just remember you may have to mess about a little or install a Hub at this point if you are dealing with a switched network.
Once you have collected a bit of information it is easy to filter the results down to SMTP traffic only, then filter out your exchange server.
Alternatively things like Netgear DG834's will log dropped packets if you banned SMTP out from anything other than the exchange server. That would quickly point to the culprit and unless there is any explicit reason why everyone needs SMTP outbound I would be tempted to leave that rule in place anyway.
If you are wanting to do this on site then it really starts to depend on how things are set up there. Is it for example a typical SBS setup where the exchange server also happens to be the default gateway for the clients ? or is there a remote machine on the outbound route (or on a hub attached to the outbound route) that you can access remotely ? If not what is the the default gateway (as in terms of device) ?