Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to figure out who sent a particular message?

Status
Not open for further replies.
RachelD

RachelD

MIS
Jun 14, 2000
136
0
0
US
Anyone know a way to figure out who sent a particular email message from my network to the Internet? We don't use any kind of message tracking, so all I'm working with are my logs. I have the message ID, date, time and recipient's email - now I want to figure out which of my users sent it.

Just before last weekend, because of a rash of spam sent to non-existent users from a specific domain, I blocked that domain from sending us mail. I was concerned that the failed messages would pile up in the mailbox and cause trouble.

Anyway, checking my logs for evidence that my spammer had decided to continue trying despite being blocked, I found that a message from someone on my network was sent to the blocked domain. I don't think someone inside is participating in spamming, and I am concerned I am preventing legitimate mail from getting through. How do I figure out who sent the message so that I can ask them about it?
 
Sort by date Sort by votes
I see 2 possible solutions to your problem.

1. Send an e-mail to al users stating the problem and ask them to respond. This will keep the users from thinking "big brother" is watching all of the time.

2. Write an agent in lotusscript that uses the dbdirectory property of the notessession. This would go through each mail db and search for a document with the sendto, copyto, or bcopyto of the e-mail address in question. When the address is found, copy the database title and date of the message to a variable. Then create a new document and set the body equal to this variable. Lastly use the send method to mail it to yourself at the end of the agent. A couple of notes:

A. The agent must be ran by someone that has accesss to all of the databases. For example the server or an administrator with the appropriate access.

B. The time should not be used as the possibility exists that the worstation (which sets the creation date/time) having a different time than the server.

Hope this helps...

Craig
 
Upvote 0 Downvote
I figured those were my options - thanks. I was hoping not to have to ask anyone, and I didn't want to manually examine databases. Unfortunately my lotus script skills are best described as below basic! I'll give it a shot

thanks
 
Upvote 0 Downvote
The server notes log will have many "Mail Event Log Entry" documents selected by the "Mail Routing Events" view which are full of lines like the following:

25/02/2002 12:31:51 Router: Message 000DE299 transferred to MAILHUB01/SERVER/CORP for gerry polak <gpolak69@yahoo.com> @ CORPDMZ@CORPSMTP from Barry McKenzie/SALES/MEL/CORP/AU Size: 36K

Maybe searching these would be easier for you.

Dale
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

P
  • Question
How to run an SPSS syntax from command line?
Replies
0
Views
790
paulus62
P
KK_
  • Locked
  • Question
Is there any way to get machine ID
Replies
1
Views
1K
pmonett
pmonett
MDGarcia
  • Locked
  • Question
.js blocked due to MIME type error
Replies
0
Views
1K
MDGarcia
MDGarcia
MDGarcia
  • Locked
  • Question
Error msg: Network operation did not complete in a reasonable amount of time; please retry
Replies
5
Views
1K
MDGarcia
MDGarcia
KK_
  • Locked
  • Question
Lotus approach
Replies
0
Views
1K
KK_
KK_

Part and Inventory Search

Sponsor

Back
Top