+ Post New Thread
Results 1 to 7 of 7
Enterprise Software Thread, Tracing Email in Technical; Hi, We have an email that was sent to one of our users from another one of our users. It ...
  1. #1
    Divaldo's Avatar
    Join Date
    Feb 2008
    Location
    Leicestershire
    Posts
    80
    Thank Post
    25
    Thanked 4 Times in 4 Posts
    Rep Power
    14

    Tracing Email

    Hi,

    We have an email that was sent to one of our users from another one of our users.

    It was sent using Outlook 2010 and Exchange 2010. We're running a Windows 2008 R2 network.

    Is there any way to see what the name or IP address of the cumpter it was sent from was? If I look in the message header it just shows up as being from our Exchange server. If I look at the message tracking logs in Exchange, it shows the same.

    Or alternatively, can I see what computer the sender was logged onto at the time the email was sent?

    Thanks.

  2. #2

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,696
    Thank Post
    335
    Thanked 515 Times in 483 Posts
    Rep Power
    179
    Well depending how you set your logins up. Can't you view successful logins security log, at time/user etc?

    And shouldn't your header (if viewing full version) show the IP of the computer too?

    Out of curosity, does it matter what pc it was sent from, if you know their name/time etc? :P

    Steve

  3. #3
    Divaldo's Avatar
    Join Date
    Feb 2008
    Location
    Leicestershire
    Posts
    80
    Thank Post
    25
    Thanked 4 Times in 4 Posts
    Rep Power
    14
    Thanks for the reply Steve.

    When viewing the header in Outlook, it just shows the IP address of the Exchange server, not the client computer the email was sent from. Similarly, when viewing the logs on the Exchange server at that time, it just shows the name of the Exchange server as having logged in.

    The reason we want to know is becuase we suspect one of users has been logging on as someone else and sending emails on their behalf! If we can figure out what computer it was sent from, it will help us confirm this. It's a bit of detective work.

    Cheers.

  4. #4

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    Hi

    You can check your receive SMTP logs and they should show. Assuming you have not changed the default location.

    C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpRec eive

    Sukh

  5. #5
    Divaldo's Avatar
    Join Date
    Feb 2008
    Location
    Leicestershire
    Posts
    80
    Thank Post
    25
    Thanked 4 Times in 4 Posts
    Rep Power
    14
    Thanks Sukh, I don't have the ProtocolLog, but I do have C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\MessageTracking. In there I can see that it was someone using OWA that sent the email, which is a good start.

    I guess it's a case of looking at the logs in IIS next to see the IP address of who logged in?

  6. #6

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    Hi

    Yes, sorry, I should have mentioned that. Loo at the IIS logs, depending on what you have set for logging, it will show you the IP (If this is set to log).

    The protocol log, (on top of my head) is switched off by default or set to normal. Set to verbose and IP will be logged.

    Sukh

  7. Thanks to sukh from:

    Divaldo (13th April 2011)

  8. #7
    Divaldo's Avatar
    Join Date
    Feb 2008
    Location
    Leicestershire
    Posts
    80
    Thank Post
    25
    Thanked 4 Times in 4 Posts
    Rep Power
    14
    That's great, I have turned on the verbose logging now.

    Many thanks for your help.

SHARE:
+ Post New Thread

Similar Threads

  1. Legality of Tracing an IP
    By LosOjos in forum Internet Related/Filtering/Firewall
    Replies: 5
    Last Post: 2nd February 2010, 02:34 PM
  2. moodle email updation and email notification
    By monali in forum Virtual Learning Platforms
    Replies: 0
    Last Post: 3rd October 2009, 09:51 AM
  3. Have email come from distribution list email addy
    By -Jim in forum Windows Server 2000/2003
    Replies: 5
    Last Post: 31st March 2009, 10:04 PM
  4. tracing sender of hotmail message
    By beeswax in forum How do you do....it?
    Replies: 8
    Last Post: 30th November 2006, 09:33 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •