Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Tracing mails

Status
Not open for further replies.
YFronts

YFronts

IS-IT--Management
Jul 22, 2003
54
FR
Hi,
A weird situation - I received a message through the Exchange server masquerading as a message from a hotmail address of an employee. This employee clearly had no idea and is not responsible for the origin of the mail.
The worrying thing is that a file attached to the mail is a file available on the internal LAN only and private!
I do not have logging of messages on the gateway server, so I only have to message itself to trace. Can anyone give me any tips on how to trace this message?
Any help much appreciated.
 
Sort by date Sort by votes
Start with the header, at least you can see where it realy came from.

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC![/sub]
 
Upvote 0 Downvote
Thanks Marc, what is the easiest way to see the full header?
 
Upvote 0 Downvote
Sorry found it, in view/options. Someone must have hacked her account...
 
Upvote 0 Downvote
Ok, check the originatin IP address and you are close.
 
Upvote 0 Downvote
The origin IP is shown as the site gateway public IP. The client is Outlook express which no one in the office uses. I'm a bit stumped...
 
Upvote 0 Downvote
Check the ones in bold, as there are multiple IP's in a header.
This is an example of a notification on this thread.

Microsoft Mail Internet Headers Version 2.0
Received: from xxx by yyyy with Microsoft SMTPSVC...
Tue, 2 Dec 2003 12:26:10 +0100
Return-Path: <notifyme@tecumsehgroup.com>
Delivered-To: me
Received: (qmail 21619 invoked from network); 2 Dec 2003 11:25:05 -0000
Received: from unknown (HELO xxx.yyy.xxx) [333.444.555.666])
(envelope-sender <notifyme@tecumsehgroup.com>)
by xyz.my-isp.xx (qmail-ldap-1.03) with SMTP
for <me@here.xx>; 2 Dec 2003 11:25:05 -0000
Received: from 127.0.0.1 (localhost [127.0.0.1])
by y.x.z (Postfix) with SMTP id BD18837E42
for <me@here.xx>; Tue, 2 Dec 2003 12:25:05 +0100 (MET)
Received: from mail.tecumsehgroup.com (mail.tecumsehgroup.com [216.45.19.20])
by my.isp.xx (Postfix) with ESMTP id 3DB3537E55
for <me@here.xx>; Tue, 2 Dec 2003 12:25:05 +0100 (MET)
Received: from [216.45.19.18] (notifyme@tecumsehgroup.com) by mail.tecumsehgroup.com; Tue, 2 Dec 2003 06:33:27 -0500
X-WM-Posted-At: mail.tecumsehgroup.com; Tue, 2 Dec 03 06:33:27 -0500
Content-type: text/plain
Date: Tue, 02 Dec 2003 06:28:56 -0500
From: notifyme@tecumsehgroup.com
Subject: Tek-Tips Forums: Tracing mails
To: me@here.xx

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
1K
DrB0b
DrB0b
Rajesh Karunakaran
  • Locked
  • Question
How to redirect all outgoing mails to a particular email id for scrutinizing purpose
Replies
0
Views
83
Rajesh Karunakaran
Rajesh Karunakaran
ThomasJuul
  • Locked
  • Question
Unable to send internal mails after export.
Replies
1
Views
83
ShackDaddy
ShackDaddy
win2kwire
  • Locked
  • Question
MS Outlook: More than 1000 undeliverable e-mails were received in 30 mins
Replies
0
Views
64
win2kwire
win2kwire
019er
  • Locked
  • Question
Powershell script to output total received mails for 1 mailbox.
Replies
0
Views
57
019er
019er

Part and Inventory Search

Sponsor

Back
Top