[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Email sent from Outlook, OWA or iPhone - Exchange 2010

Posted on 2016-08-30
7
Medium Priority
?
250 Views
Last Modified: 2016-09-19
Hi all,

is there any way to tell if a particular email was sent from Outlook, OWA or an iPhone.

We have a user from whose account an email was being sent but the user is denying that he sent that email. Now I need to figure out which device it went from so that we can focus on that area. iPhones are controlled through Airwatch.

Thanks.
0
Comment
Question by:Exchange User
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 18

Assisted Solution

by:Gaurav Singh
Gaurav Singh earned 500 total points
ID: 41776724
you can check the Email headers, that gives some information, check lime MIME type in email header
0
 
LVL 26

Expert Comment

by:pony10us
ID: 41776728
Also look at the sender's IP in the header.
0
 
LVL 3

Author Comment

by:Exchange User
ID: 41776767
I analyzed the 2 headers, one sent from my iPhone and the other from Outlook. The MIME version says 1.0 for both.

But when email is being sent from Outlook, the message ID has 'some ID'@serverFQDN.domain.local

When sending from iPhone, message ID is showing 'some ID'@domain.local

Any ideas ?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 43

Accepted Solution

by:
Adam Brown earned 1000 total points
ID: 41776809
The client data is contained in the message tracking log under the SourceContext variable. http://www.msexchange.org/kbase/ExchangeServerTips/ExchangeServer2013/ManagementAdministration/determine-clients-used-send-emails.html has some information on how to examine information in the tracking log. The following command is edited to show you the source data for all emails since august first:
Get-TransportService | Get-MessageTrackingLog -ResultSize Unlimited -Start 08/11/2016 -EventID SUBMIT | select sender,recipient,subject,sourcecontext

Open in new window

0
 
LVL 3

Author Comment

by:Exchange User
ID: 41776854
Get-TransportService is not recognized by Exchange 2010's EMS ?
0
 
LVL 3

Author Comment

by:Exchange User
ID: 41776987
@Adam I tried doing that with the toolbox option Tracking Log Explorer in the EMC. I have the data in front of me. Source Context here has different types of information. How do we read it ? Any ideas.
0
 
LVL 26

Assisted Solution

by:pony10us
pony10us earned 500 total points
ID: 41796821
The client type in the log created using Adam's solution should show you what you want to know.

MOMT = Outlook
OWA = Outlook Web Access
AirSync = Active Sync (usually a phone/pad/etc)

For more information you can look at:  http://markgossa.blogspot.com/2015/11/exchange-what-type-of-client-sent-email.html
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
This video discusses moving either the default database or any database to a new volume.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question