One of the things missed a lot in Exchange upgrades or migrations is the internal servers relaying mail to the Exchange infrastructure. I tend to run into this often, and the typical answer to "What servers are using Exchange as a relay?" is the sound of crickets.
As long as you have logging enabled on the receive connector this information can be gleaned from the logs. Log Parser is one way of doing this but I find that Log Parser is not normally installed on my client's servers. However PowerShell is always installed on an Exchange server and can easily get us the IPs of servers relaying through Exchange from the logs, and furthermore we can script it so that the DNS names are listed if a PTR exists for the IP address.
All you need to do is run the script using the -dir switch to point to the directory where your logs are at. Like this:
".\GetSMTPLogUniqueIPs.ps1 -dir "F:\Program Files\Microsoft\Exchange\V14\TransportRoles\Logs\ProtocolLog\SmtpReceive"
The script runs through ALL the logs in the folder so if you have a lot in there you may want to copy out just the last few weeks to speed up the time the script takes.
The script is pretty straightforward so I won't go into detail but there is one thing I wanted to mention. The GetHostEntry function will return the IP back if it cannot find a PTR record for the IP address. This means we have to check the returned value and if it is the same as the IP we use "Unknown" for the name instead of just repeating the IP.
If you don't want to see errors in the console when an IP can't be resolved just add $ErrorActionPreference="SilentlyContinue" to the script and the errors won't be displayed.
Get the script at GitHub: GetSMTPLogUniqueIPs.ps1