Sean, The tip for getting that detail is to; RIGHT CLICK on the message whilst in the Inbox to view PROPERTIES, then; Click on the tab "DETAILS", then click on the "MESSAGE SOURCE" button then READ the detail in the header to identify the PC. If you want a more global way of doing this we could write a program to do this if you want to look at bulk mail entries rather than one by one using the above process. Someone may have already written the script for this so I'm not rushing out doing any design yet. Regards Rob ============================================ PC Profile is Australia's ONLY anti-piracy (self-help / non-policing) advisory service and solutions provider based in Adelaide, Sth Australia email: robharmat_private http://www.pcprofile.com ============================================= ----- Original Message ----- From: "Rob Harmer" <robharmat_private> To: "Settle, Sean" <SeanSettleat_private>; <forensicsat_private> Sent: Thursday, February 28, 2002 6:51 AM Subject: Re: Exchange/MAPI message origin > Sean, > > Wouldn't the Properties/Message Source dialog boxes give most of that > detail? > > For instance is your PC node name "ntex6npc" at alliant.com? > > Regards > > Rob Harmer > http://www.pcprofile.com > > FYI your inbound message shows header details such as; > > Return-Path: <forensics-return-699-robharm=pcprofile.comat_private> > Received: from williams.adgrafix.com ([208.230.142.2]) > by mta08.mail.mel.aone.net.au with ESMTP > id > <20020227184243.PFPM25799.mta08.mail.mel.aone.net.auat_private> > for <robharmat_private>; Thu, 28 Feb 2002 05:42:43 +1100 > Received: from outgoing.securityfocus.com (outgoing3.securityfocus.com > [66.38.151.27]) > by williams.adgrafix.com (8.9.3/8.9.3) with ESMTP id NAA27409 > for <robharmat_private>; Wed, 27 Feb 2002 13:42:41 -0500 (EST) > Received: from lists.securityfocus.com (lists.securityfocus.com > [66.38.151.19]) > by outgoing.securityfocus.com (Postfix) with QMQP > id 2945FA3286; Wed, 27 Feb 2002 11:31:38 -0700 (MST) > Mailing-List: contact forensics-helpat_private; run by ezmlm > Precedence: bulk > List-Id: <forensics.list-id.securityfocus.com> > List-Post: <mailto:forensicsat_private> > List-Help: <mailto:forensics-helpat_private> > List-Unsubscribe: <mailto:forensics-unsubscribeat_private> > List-Subscribe: <mailto:forensics-subscribeat_private> > Delivered-To: mailing list forensicsat_private > Delivered-To: moderator for forensicsat_private > Received: (qmail 8446 invoked from network); 26 Feb 2002 23:58:24 -0000 > Message-ID: <CF60153E84EAD5118C4A00306E01D6091161F6at_private> > From: "Settle, Sean" <SeanSettleat_private> > To: forensicsat_private > Subject: Exchange/MAPI message origin > Date: Tue, 26 Feb 2002 16:59:35 -0700 > MIME-Version: 1.0 > X-Mailer: Internet Mail Service (5.5.2653.19) > Content-Type: text/plain; > charset="iso-8859-1" > > Is there a tool to determine which computer a MAPI message was sent from? > We would like to be able to determine the origin machine of email messages > as needed but have not had much luck finding a tool to give us this > information. > > Sean Settle > X Network Services Q NPC X > Phoenix, AZ > SMTP: seansettleat_private > > > ----------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ----- Original Message ----- > From: "Settle, Sean" <SeanSettleat_private> > To: <forensicsat_private> > Sent: Wednesday, February 27, 2002 10:29 AM > Subject: Exchange/MAPI message origin > > > > Is there a tool to determine which computer a MAPI message was sent from? > > We would like to be able to determine the origin machine of email messages > > as needed but have not had much luck finding a tool to give us this > > information. > > > > Sean Settle > > X Network Services Q NPC X > > Phoenix, AZ > > SMTP: seansettleat_private > > > > > > ----------------------------------------------------------------- > > This list is provided by the SecurityFocus ARIS analyzer service. > > For more information on this free incident handling, management > > and tracking system please see: http://aris.securityfocus.com > > > ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Feb 27 2002 - 17:35:22 PST