Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Wich user sent a e-mail from a shared account in MS Outlook 07 using MAPI in Exchange Server

Posted on 2011-03-15
6
Medium Priority
?
286 Views
Last Modified: 2012-05-11
Hi,

We need to know the user who sent us a message from a shared exchange account :
 
TESTE (test@xpto.com) is the account name of our team member mail account. There are 20 people that have access to it and can send e-mails from it. When someone receive a mail from this team mail account, the sender´s identification name is always from "TESTE <test@xpto.com>", but as the sender´s usually signs at the end of the message the name, no big deal. The problem is when the sender (user) intentionally don´t sign the message, and the recipient  can´t know who sent it (there are 20 possibilities).  

As all of the 20 people that could send messages from test@xpto.com have to authenticate to mapi, maybe it will be possible to check which user sent it on some logs....we just need to know who was the user.

Below is the e-mail header we received from the unknow user (we got it from MS Outlook message proprieties):

Received: from SDC1RI00EVS03.xpto.local ([fe80::39cb:6a9d:fbef:aee3]) by
 SDC1RI00ECH01.xpto.local ([110.12.0.101]) with mapi; Mon, 14 Mar 2011 15:02:07
 +0000
Content-Type: application/ms-tnef; name="winmail.dat"
Content-Transfer-Encoding: binary
From: TESTE <test@xpto.com>
To: Salgado <salgado@xpto.com>
CC: Gois <gois@xpto.com>
Disposition-Notification-To: TESTE <test@xpto.com>
Date: Mon, 14 Mar 2011 15:03:03 +0000
Subject: test
Thread-Topic: test
Thread-Index: AcviWOqrGR28Z5FDQ/yXEUbBrHnagw==
Message-ID: <51CD5B63E71D6249A3A72237A954E84982DA8981B8@SDC1RI00EVS03.xpto.local>
Accept-Language: xx
Content-Language: xx
X-MS-Has-Attach:
X-MS-Exchange-Organization-SCL: -1
X-MS-TNEF-Correlator: <51CD5B63E71D6249A3A72237A954E84982DA8981B8@SDC1RI00EVS03.xpto.local>
MIME-Version: 1.0

thaks for your interest,  
0
Comment
Question by:Gr3mling
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 12

Expert Comment

by:Navdeep
ID: 35146069
What is version of your exchange server?
0
 

Author Comment

by:Gr3mling
ID: 35146500
I think it allready is Exchange 2010, but not short. If not, it will be 2007.

I appreciate if you could give the solution for both versions, if possible.

Thanks,
0
 
LVL 12

Accepted Solution

by:
Navdeep earned 2000 total points
ID: 35146613
There is no natively logging for mapi sessions. The only way i can think of is if the email is sent via owa and on CAS server you have NCSA logging enabled for IIS server. That can record the client IP again it will only give you the client IP but not the actual user.
0
Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

 

Author Comment

by:Gr3mling
ID: 35151522
We will try that!

I was thinking that if we have the MAPI Message ID "Message-ID: <51CD5B63E71D6249A3A72237A954E84982DA8981B8@SDC1RI00EVS03.xpto.local>" and the sender user still to have it in is inbox folder,we could seek on the server database in wich user account  the message is...ist that possible?
0
 

Author Comment

by:Gr3mling
ID: 35151561
Sorry, I wanna say "iuser still to have it in his sent items folder".   In MS Outlook 07, when we send a mail from a secondary exchange account (as test@xpto.com) the mail stays on the "sent items" of primary account (usually the personal one).

0
 
LVL 12

Expert Comment

by:Navdeep
ID: 35153032
That would be manually checking each one sent items folder and what if the message is hard deleted
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article I discuss my selections of the Top Four free Outlook OST File Viewers available. Open, view and read even damaged OST files by using these tools. They all provide a clear preview of all data such as emails, notes, tasks, calendars, e…
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question