?
Solved

Email sent from Outlook, OWA or iPhone - Exchange 2010

Posted on 2016-08-30
7
Medium Priority
?
288 Views
Last Modified: 2016-09-19
Hi all,

is there any way to tell if a particular email was sent from Outlook, OWA or an iPhone.

We have a user from whose account an email was being sent but the user is denying that he sent that email. Now I need to figure out which device it went from so that we can focus on that area. iPhones are controlled through Airwatch.

Thanks.
0
Comment
Question by:Exchange User
7 Comments
 
LVL 18

Assisted Solution

by:Gaurav Singh
Gaurav Singh earned 500 total points
ID: 41776724
you can check the Email headers, that gives some information, check lime MIME type in email header
0
 
LVL 26

Expert Comment

by:pony10us
ID: 41776728
Also look at the sender's IP in the header.
0
 
LVL 3

Author Comment

by:Exchange User
ID: 41776767
I analyzed the 2 headers, one sent from my iPhone and the other from Outlook. The MIME version says 1.0 for both.

But when email is being sent from Outlook, the message ID has 'some ID'@serverFQDN.domain.local

When sending from iPhone, message ID is showing 'some ID'@domain.local

Any ideas ?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 43

Accepted Solution

by:
Adam Brown earned 1000 total points
ID: 41776809
The client data is contained in the message tracking log under the SourceContext variable. http://www.msexchange.org/kbase/ExchangeServerTips/ExchangeServer2013/ManagementAdministration/determine-clients-used-send-emails.html has some information on how to examine information in the tracking log. The following command is edited to show you the source data for all emails since august first:
Get-TransportService | Get-MessageTrackingLog -ResultSize Unlimited -Start 08/11/2016 -EventID SUBMIT | select sender,recipient,subject,sourcecontext

Open in new window

0
 
LVL 3

Author Comment

by:Exchange User
ID: 41776854
Get-TransportService is not recognized by Exchange 2010's EMS ?
0
 
LVL 3

Author Comment

by:Exchange User
ID: 41776987
@Adam I tried doing that with the toolbox option Tracking Log Explorer in the EMC. I have the data in front of me. Source Context here has different types of information. How do we read it ? Any ideas.
0
 
LVL 26

Assisted Solution

by:pony10us
pony10us earned 500 total points
ID: 41796821
The client type in the log created using Adam's solution should show you what you want to know.

MOMT = Outlook
OWA = Outlook Web Access
AirSync = Active Sync (usually a phone/pad/etc)

For more information you can look at:  http://markgossa.blogspot.com/2015/11/exchange-what-type-of-client-sent-email.html
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same. In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You …
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses
Course of the Month16 days, 17 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question