Question:

Generic exchange account that was used to send out an inappropriate message. Any way to track IP?

by  |  earlier

0 LIKES UnLike

A site has the ability to send from this generic account but I need to isolate the machine from where it was sent. The message was sent via OWA. I couldn't find anything in exchange system manager.

 Tags:

   Report

5 ANSWERS


  1. I'd say that the only shot you have is to look in the web server logs on the OWA server.  Look at the properties of the web site in IIS and find out what directory/file the site is logging to.  Look in there for the time of the message, and you should find the IP address of the machine that connected to OWA.

    Other than that, the message tracking in ESM might help.


  2. Read the FULL headers of the message, this will give the IP address of the originating machine.

  3. Use this: http://whatismyipaddress.com/

  4. Even internally, you still have full headers.


  5. I know that you can find the locaton of where an email was sent from using the header. There's a site call What's My IP which will give you instructions on finding the header and and it will scan the header for its location. I'm not guarenteeing it will work, but you can give it a try. http://whatismyipaddress.com/staticpages...

Question Stats

Latest activity: earlier.
This question has 5 answers.

BECOME A GUIDE

Share your knowledge and help people by answering questions.