Depending also on the client/servers you are running, there may be other ways to check this. The netscape server we were using at my previous job kept logs as to which IP address had sent a specific message. Since it was an unix SMTP server it's very cofigurable and verbose in information it keeps. This log was configurable in every way including retention so we could maintain email logs for months. This would allow us to see which computer the email originated from and allowed us to track internal spammers very well. I'm not familiar with Exchange, so I don't know what logging level it has. Since you are talking about sending MAPI messages, it's safe to assume that you are using a Windows client. What's unclear is the server in question. I've found that tracking a particular message through servers is fairly easy providing a) they're your servers, and b) you've set up appropriate logging. If you're trying to trace emails on your own network, this may be enough for you. Other than that, you may not have too much luck in tracing things outside your own sphere of control much beyond the header information. ISP's tend to be protective(with good reason) about their mail logs should they even keep any. Header information is quite useful howeever. Here's a sample from the header of an email my mom sent me. Received: (qmail 21654 invoked by uid 0); 27 Feb 2002 19:19:07 -0000 Received: from tomts21.bellnexxia.net (HELO tomts21-srv.bellnexxia.net) (209.226.175.183) by mx0.gmx.net (mx025-rz3) with SMTP; 27 Feb 2002 19:19:07 -0000 Received: from SUDCAWIN98U1 ([64.230.67.93]) by tomts21-srv.bellnexxia.net (InterMail vM.4.01.03.23 201-229-121-123-20010418) with SMTP id <20020227191849.FGAY785.tomts21-srv.bellnexxia.net@SUDCAWIN98U1> for <albertledererat_private>; Wed, 27 Feb 2002 14:18:49 -0500 Message-ID: <005201c1bfdc$75951760$0264a8c0@SUDCAWIN98U1> As you can see, there's a hole lot of information there. Note that the received tags appear in reverse chronological order. The third 'Received' tag is the most interesting as it lists my mom's PC's hostname and IP address(I altered it a bit for safety). This is interesting because it lists the IP address/hostname of the computer that orgininally sent the message. What's also interesting is that the Message-ID tag also contains the hostname of the originating computer. As you can see, the entire path of the email from my mom's PC to my ISP's email server is traced and tagged. As far as I remember, there's a reason for all this too. If a server fails somewhere along the way, it uses this information to send a failure notification back to you. Of course, a router with NAT will hide the IP address and a hostname is easy enough to change. I hope this helps in your endeavors. Albert ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Feb 27 2002 - 19:50:23 PST