Track machine who access mail

...experts we are currently investigating a serious case in our organisation and would like to ask for an advise and possible assistance.

...a colleague who left the organization for employment offer in another company losses the opportunity to be employed, since somebody emailed the company [who offered him employment] using his lotus mail refusing the offer of employment.  The problem is that, the person might have his lotus id and password, since we din't find any other user in the activity log but the owner of the mailbox.

...can you assist me on a script that will alert administrator [maybe by sending email] and capture the machine [computer name] used to access victims mailbox, with date & time?  Of course this should be on the background and msg might not be save in sent folder.

...if you have any other solution, please let me know...this is really urgent. the way, there are 5 client machine listed in the person document > Client Information > Notes client machines  and we cannot pin point who's machine is being used to view/access victims mailbox.


Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sjef BosmanGroupware ConsultantCommented:
That smells like a criminal activity, what the "colleague" did, doesn't it? If I understand you right, your colleague AA in your company A applied for a job at company B. AA left your company, and then found out that someone (X) sent a mail in AA's name to company B telling them he didn't want the job after all. And now you want to trace back the steps of person X? That'll be very difficult if not impossible.

There is the Notes log.nsf database on the server, that might have session loggin enabled, so you can see when that person logged in (but not from what workstation). Also, user activity is logged in the log database.

There is the Notes log.nsf database on a workstation, luckily there are only 5 workstations you have to inspect. In the Miscellaneous Events section, you might see AA's name as a category. Then check whether there is a date AA must have left the company already.

If you have external users, who can do their mail using a browser on your server, it will even be more difficult. The mail could also have been created using other protocols than Notes-RPC or SMTP. Do you have the mail that company B received?

Next time:
- you should have put AA's name IMMEDIATELY in a group of usernames that is denied access to the server!
- enable Mail Journalling (see Admin Help db)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
In addition, I would immediately backup all logs from the server, since they normally only keep 7 days of data, and you may nee more time than that to extract info.

I hope this helps !
Lastly, change all the passwords on all users and consider turning on auto password change and pasword key  enforcement.

I hope this helps !
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Lotus IBM

From novice to tech pro — start learning today.