Solved

How to know IP Sender´s of a message in Outlook 07 using Exchange Server

Posted on 2011-03-15
13
570 Views
Last Modified: 2012-05-11
Hi,

We use MS Outlook 07 in our company and i know that e-mail server is Exchange (07 our, maybe now, 2010). In MS Outlook 07, I have my own exchange mail account configured as primary account (me@xpto.com) and a team mail account as secondary (test@xpto.com) - and its the same for all members . Some of my team members sent me a e-mail from the team mail account (test@xpto.com) to my personal mail account (me@xpto.com) from a computer connected  to our lan company. If i can get the sender IP I can know who sent me the e-mail.

Can i know the sender ip only with Outlook our other mail client?how?

If not, it is possible to the exchange server administrator know it by the logs (MAPI, IIS)? how? (if so, i will ask him for it).

For your help, i paste below the header of the e-mail that i received (got it from message properties in Ms Outlook):

Received: from SDC1RI00EVS03.xpto.local ([fe80::39cb:6a9d:fbef:aee3]) by
 SDC1RI00ECH01.xpto.local ([110.12.0.101]) with mapi; Mon, 14 Mar 2011 15:02:07
 +0000
Content-Type: application/ms-tnef; name="winmail.dat"
Content-Transfer-Encoding: binary
From: TESTE <test@xpto.com>
To: Salgado <salgado@xpto.com>
CC: Gois <gois@xpto.com>
Disposition-Notification-To: TESTE <test@xpto.com>
Date: Mon, 14 Mar 2011 15:03:03 +0000
Subject: test
Thread-Topic: test
Thread-Index: AcviWOqrGR28Z5FDQ/yXEUbBrHnagw==
Message-ID: <51CD5B63E71D6249A3A72237A954E84982DA8981B8@SDC1RI00EVS03.xpto.local>
Accept-Language: xx
Content-Language: xx
X-MS-Has-Attach:
X-MS-Exchange-Organization-SCL: -1
X-MS-TNEF-Correlator: <51CD5B63E71D6249A3A72237A954E84982DA8981B8@SDC1RI00EVS03.xpto.local>
MIME-Version: 1.0

Thanks,
0
Comment
Question by:Gr3mling
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
13 Comments
 
LVL 5

Expert Comment

by:ccns
ID: 35142588
Best thing to do would be to ask them all to sign emails with their name? wouldnt that be easier??
sometimes traingint users is easier than going the long way around things.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35142668
no you can't, if outlook is configured with an exchange account (MAPI) client IP will not be logged
0
 

Author Comment

by:Gr3mling
ID: 35142753
In that case, how can the exchange administrator know it (IP our User)?

0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 49

Expert Comment

by:Akhater
ID: 35142763
sorry if the client was connected using MAPI  you cannot know the IP
0
 

Author Comment

by:Gr3mling
ID: 35142868
It means that in shared accounts in MS Outlook that uses MAPI its impossible to know who sent the e-mails, so, people can´t do jokes without being caught since they don´t sign the e-mail.  Right?

There is a way to other systems administrators get the sender´s IP  (all we use in our company is microsoft - server, IIS, etc) ??

thanks,
0
 

Author Comment

by:Gr3mling
ID: 35142871
I wanna say "can do jokes" in the comment before.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35142875
No there is no way to know the IP of a sender if the later was connected using MAPI sorry

if you are running exchange 2010 you might want to consider mailbox auditing but at the cost of extra load on the servers
0
 

Author Comment

by:Gr3mling
ID: 35142971
If ithe admin can´t know the ip, as MAPI connections are authenticated can he know the user?

thanks,
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35143049
The user is authenticated of course From: TESTE <test@xpto.com>

This is the user unless i missunderstood the questiin
0
 

Author Comment

by:Gr3mling
ID: 35143120
No,

TESTE (test@xpto.com) is the account name of our team member mail account. There are 20 people that have access to it and can send e-mails from it. When someone receive a mail from this team mail account, the sender´s identification name is always from "TESTE", but as the sender´s usually signs at the end of the message the name, no big deal. The problem is when the sender (user) intentionally don´t sign the message, and the recipient  can´t know know who sent it (there are 20 possibilities).  

As all of the 20 people that could send messages from test@xpto.com have to authenticate to mapi, maybe it will be possible to check which user sent it on some logs....we just need to know who was the user. if it can´t be by the IP tracking, maybe there are more solutions...

thaks for your interest,  
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35144851
My question is how do tney access this mailbox? Are you usng this user credentials ?
0
 

Author Comment

by:Gr3mling
ID: 35151467
Yes. To access to test@xpto.com account (share account) users have to use each one credentials (the  active directory ones). There isn´t a unique password for the account.

thanks,
0
 
LVL 49

Accepted Solution

by:
Akhater earned 500 total points
ID: 35154638
well on your exchange server there is a RPC log that will tell you what user has logged on to this mailbox at what time but this won't be relevant in your case since all people are logged on but only one sent the email so....

you need to look into mailbox auditing this is what you are looking for
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
When you have clients or friends from around the world, it becomes a challenge to arrange a meeting or effectively manage your time. This is where Outlook's capability to show 2 time zones in one calendar comes in handy.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question