On Tue, Feb 26, 2002 at 04:59:35PM -0700, Settle, Sean wrote: > Is there a tool to determine which computer a MAPI message was sent from? > We would like to be able to determine the origin machine of email messages > as needed but have not had much luck finding a tool to give us this > information. Sean, get the full email-headers. Within those headers, you will find liens similar to: Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.19]) by outgoing.securityfocus.com (Postfix) with QMQP id 2945FA3286; Wed, 27 Feb 2002 11:31:38 -0700 (MST) As long as your exchange server hasn't been compromised in some way, the Received: line should contain the details you need. Note that some details are given by the end-user, and can thus be faked. Note that some details may be looked up in DNS, and thus can be faked, though with more difficulty. Since the connections to a server are TCP based, it is harder to fake the IP address. I hope this helps. -- Join the fight against terrorism by giving up your liberties today!
This archive was generated by hypermail 2b30 : Wed Feb 27 2002 - 16:45:44 PST