Logparser comes in handy once again!

I got a call this morning to have a look at a client's application server that has been misbehaving for the last few days. A quick glance learned me that from saturday until tuesday morning the application had sent out way too many emails. For the 4 period I had 1.3gb of IIS smtp logs.

Curious how many mails had been sent out exactly I copied the logs to my workstation and started logparser.

logparser "SELECT c-ip, COUNT(c-ip) FROM *.log WHERE cs-username =
'OutboundConnectionCommand' GROUP BY c-ip" -i:iisw3c -o:csv

Gave me a result which I'm still doubting. According to the query the server had sent out 4.3 million emails. During this time the server's cpu never spiked higher than 40%.

The recieving party wasn't totally ignorant either and took their own precautions so I'm now getting NDRs in a rate of about 60000/hour. Since this tends to eat up diskspace rather quickly I scheduled a script that cleans out the badmail every 10 minutes.