On Tue, Feb 26, 2002 at 04:59:35PM -0700, Settle, Sean wrote:
> Is there a tool to determine which computer a MAPI message was sent from?
> We would like to be able to determine the origin machine of email messages
> as needed but have not had much luck finding a tool to give us this
> information.
Sean, get the full email-headers. Within those headers, you will find
liens similar to:
Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.19])
by outgoing.securityfocus.com (Postfix) with QMQP
id 2945FA3286; Wed, 27 Feb 2002 11:31:38 -0700 (MST)
As long as your exchange server hasn't been compromised in some way, the
Received: line should contain the details you need. Note that some
details are given by the end-user, and can thus be faked. Note that some
details may be looked up in DNS, and thus can be faked, though with more
difficulty. Since the connections to a server are TCP based, it is
harder to fake the IP address.
I hope this helps.
--
Join the fight against terrorism by giving up your liberties today!
This archive was generated by hypermail 2b30 : Wed Feb 27 2002 - 16:45:44 PST