SEND AS Auditing - Exchange 2007
Posted on 2015-01-09
Set logging level to Expert for SEND AS on my exchange mailbox servers.
Idea is that we need to be able to log whenever a user does a SEND AS operation from a shared mailbox to which they have access, in case we ever need to trace the email sent.
Anyway, following server reboot, it works but:-
1) Its in the application event log - I would have expected the Exchange Audting event log?
2) Most of the entries say /cn="username" sent a message as /cn=Microsoft private mdb. What is that and how do I determine which mailbox the email was sent from?