Link to home
Start Free TrialLog in
Avatar of Haris Aboobaker
Haris AboobakerFlag for India

asked on

How to get owa and outlook anyware users activity Details

we are useing exchange server 2013

 and our users are connecting to my servers useing owa and outlook anyware from
    inside(local network) and outsite(internet)  

So how to get all users mail activity in  owa and outlook anyware  with mail subject ,Body
and attachment details  . any software or device meet this requirment

we are useing one anti spam Device (fortimail) this is only scan pop3 ,imap and smtp requisites this device does not scan https protocol because owa and outlook anyware   are "https " requests

Anti spam Device ( fortimail ) gives detailed mail activity report including mail subject,body and attachment details passing through this same device only for pop3,imap and smtp  this device does not give https activity like owa and outlook anyware

how to get https activity details for our company requirement like one scenario

 outlook anyware client sent spam mail to outside  because of some malware program in this machine . in this situation how to get spam generating machines ip, mail username and password   and mail content

The same scenario using pop3 /imap client we can get full details in our anti spam Device

Please Make a solution
Avatar of Mohammed Khawaja
Mohammed Khawaja
Flag of Canada image

Look at IIS and Exchange logs.  Exchange logs will give you information such as IP, from, to and subject.  You could use something like Splunk as it has Exchange apps so that you could get information you need as well dashboards, etc.
Avatar of Haris Aboobaker


ok .ok  but exchange iis logs give all users name, source ip, browser version etc ..that access the server .iis logs does not give mail content like subject,body and attachment i canot understand that mails are orginal or spam mail

The last week we are facing a incident ........... ,

one mail user sent lot of spam mail to out side users (around 96000 mails) this email id is a
shared mailbox like "".that is  multiple users accessing the same mail id from multiple location . in this time we can identified that spam generated mail id but canot get source ip of that mail  . I think that a https procol scanning  software / device is gives this type information( i do't know is it possible or not) like our antispam Devive (fortimail)

fortimail only scan  and give detailed reports of  pop3,imap and smtp protocols and also block
spam messages the same

any singleanti spam software/device support like fortimail+hhtps protocol access details and block spam mail through https protocol for meet our requirment
All email passes through Exchange using SMTP.
If your product sits on the Edge or gateway though, you need to get something that is Exchange integrated.
I am not aware of any product that can work at the client level through OWA.

Exchange doesn't record the source IP address of the email messages. This is by design, so IIS logs are the only option for tracking down the source of the message, but only after it has happened, nothing is going to do it for you in a realtime.

Avatar of NetoMeter Screencasts
NetoMeter Screencasts
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial