Going through our zimbra.log today and looking for potential problems, I noticed a number of messages being queued up for unreachable servers in places where I doubt we have any legitimate business activity. Using grep, I can see all of the resend attempts and disconnection by hex characters, or by the questionable domains. What I would LIKE to be able to figure out is how to trace which machine might possibly be sending messages, preferably by internal IP address. Is it necessary to install additional logging tools? Any ideas?