Sean, Wouldn't the Properties/Message Source dialog boxes give most of that detail? For instance is your PC node name "ntex6npc" at alliant.com? Regards Rob Harmer http://www.pcprofile.com FYI your inbound message shows header details such as; Return-Path: <forensics-return-699-robharm=pcprofile.comat_private> Received: from williams.adgrafix.com ([208.230.142.2]) by mta08.mail.mel.aone.net.au with ESMTP id <20020227184243.PFPM25799.mta08.mail.mel.aone.net.auat_private> for <robharmat_private>; Thu, 28 Feb 2002 05:42:43 +1100 Received: from outgoing.securityfocus.com (outgoing3.securityfocus.com [66.38.151.27]) by williams.adgrafix.com (8.9.3/8.9.3) with ESMTP id NAA27409 for <robharmat_private>; Wed, 27 Feb 2002 13:42:41 -0500 (EST) Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.19]) by outgoing.securityfocus.com (Postfix) with QMQP id 2945FA3286; Wed, 27 Feb 2002 11:31:38 -0700 (MST) Mailing-List: contact forensics-helpat_private; run by ezmlm Precedence: bulk List-Id: <forensics.list-id.securityfocus.com> List-Post: <mailto:forensicsat_private> List-Help: <mailto:forensics-helpat_private> List-Unsubscribe: <mailto:forensics-unsubscribeat_private> List-Subscribe: <mailto:forensics-subscribeat_private> Delivered-To: mailing list forensicsat_private Delivered-To: moderator for forensicsat_private Received: (qmail 8446 invoked from network); 26 Feb 2002 23:58:24 -0000 Message-ID: <CF60153E84EAD5118C4A00306E01D6091161F6at_private> From: "Settle, Sean" <SeanSettleat_private> To: forensicsat_private Subject: Exchange/MAPI message origin Date: Tue, 26 Feb 2002 16:59:35 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Is there a tool to determine which computer a MAPI message was sent from? We would like to be able to determine the origin machine of email messages as needed but have not had much luck finding a tool to give us this information. Sean Settle X Network Services Q NPC X Phoenix, AZ SMTP: seansettleat_private ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ----- Original Message ----- From: "Settle, Sean" <SeanSettleat_private> To: <forensicsat_private> Sent: Wednesday, February 27, 2002 10:29 AM Subject: Exchange/MAPI message origin > Is there a tool to determine which computer a MAPI message was sent from? > We would like to be able to determine the origin machine of email messages > as needed but have not had much luck finding a tool to give us this > information. > > Sean Settle > X Network Services Q NPC X > Phoenix, AZ > SMTP: seansettleat_private > > > ----------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Feb 27 2002 - 18:11:18 PST