Avatar of Haris Aboobaker
Haris AboobakerFlag for India asked on

How to get owa and outlook anyware users activity Details

we are useing exchange server 2013

 and our users are connecting to my servers useing owa and outlook anyware from
    inside(local network) and outsite(internet)  

So how to get all users mail activity in  owa and outlook anyware  with mail subject ,Body
and attachment details  . any software or device meet this requirment


we are useing one anti spam Device (fortimail) this is only scan pop3 ,imap and smtp requisites this device does not scan https protocol because owa and outlook anyware   are "https " requests

Anti spam Device ( fortimail ) gives detailed mail activity report including mail subject,body and attachment details passing through this same device only for pop3,imap and smtp  this device does not give https activity like owa and outlook anyware

how to get https activity details for our company requirement like one scenario

 outlook anyware client sent spam mail to outside  because of some malware program in this machine . in this situation how to get spam generating machines ip, mail username and password   and mail content

The same scenario using pop3 /imap client we can get full details in our anti spam Device

Please Make a solution
mail.jpg
Exchange

Avatar of undefined
Last Comment
NetoMeter Screencasts

8/22/2022 - Mon
Mohammed Khawaja

Look at IIS and Exchange logs.  Exchange logs will give you information such as IP, from, to and subject.  You could use something like Splunk as it has Exchange apps so that you could get information you need as well dashboards, etc.
ASKER
Haris Aboobaker

ok .ok  but exchange iis logs give all users name, source ip, browser version etc ..that access the server .iis logs does not give mail content like subject,body and attachment details..so i canot understand that mails are orginal or spam mail

The last week we are facing a incident ........... ,

one mail user sent lot of spam mail to out side users (around 96000 mails) this email id is a
shared mailbox like "sales@abc.com".that is  multiple users accessing the same mail id from multiple location . in this time we can identified that spam generated mail id but canot get source ip of that mail  . I think that a https procol scanning  software / device is gives this type information( i do't know is it possible or not) like our antispam Devive (fortimail)

fortimail only scan  and give detailed reports of  pop3,imap and smtp protocols and also block
spam messages the same

any singleanti spam software/device support like fortimail+hhtps protocol access details and block spam mail through https protocol for meet our requirment
Simon Butler (Sembee)

All email passes through Exchange using SMTP.
If your product sits on the Edge or gateway though, you need to get something that is Exchange integrated.
I am not aware of any product that can work at the client level through OWA.

Exchange doesn't record the source IP address of the email messages. This is by design, so IIS logs are the only option for tracking down the source of the message, but only after it has happened, nothing is going to do it for you in a realtime.

Simon.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
ASKER CERTIFIED SOLUTION
NetoMeter Screencasts

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question