OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Settle, Sean (SeanSettlealliantfs.com)
Date: Wed Feb 27 2002 - 14:36:59 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    That information only exists for SMTP messages, and in this case ntex6npc is
    the origin mail server, not my workstation name. In this case the message
    was sent from an internal user to another internal user from their own
    mailbox (that is the mailbox of the recipient). We were trying to determine
    which computer the message originated from in the hopes of tracking down the
    user who sent the message.

    Sean Settle
    "The Trouble with doing anything right the first time is that nobody
    appreciates how difficult it was."
    X Network Services Q NPC X
    SMTP: seansettlealliantfs.com

    -----Original Message-----
    From: Rob Harmer [mailto:robharmpcprofile.com]
    Sent: Wednesday, February 27, 2002 1:21 PM
    To: Settle, Sean; forensicssecurityfocus.com
    Subject: Re: Exchange/MAPI message origin

    Sean,

    Wouldn't the Properties/Message Source dialog boxes give most of that
    detail?

    For instance is your PC node name "ntex6npc" at alliant.com?

    Regards

    Rob Harmer
    http://www.pcprofile.com

    FYI your inbound message shows header details such as;

    Return-Path: <forensics-return-699-robharm=pcprofile.comsecurityfocus.com>
    Received: from williams.adgrafix.com ([208.230.142.2])
              by mta08.mail.mel.aone.net.au with ESMTP
              id
    <20020227184243.PFPM25799.mta08.mail.mel.aone.net.auwilliams.adgrafix.com>
              for <robharmozemail.com.au>; Thu, 28 Feb 2002 05:42:43 +1100
    Received: from outgoing.securityfocus.com (outgoing3.securityfocus.com
    [66.38.151.27])
     by williams.adgrafix.com (8.9.3/8.9.3) with ESMTP id NAA27409
     for <robharmpcprofile.com>; Wed, 27 Feb 2002 13:42:41 -0500 (EST)
    Received: from lists.securityfocus.com (lists.securityfocus.com
    [66.38.151.19])
     by outgoing.securityfocus.com (Postfix) with QMQP
     id 2945FA3286; Wed, 27 Feb 2002 11:31:38 -0700 (MST)
    Mailing-List: contact forensics-helpsecurityfocus.com; run by ezmlm
    Precedence: bulk
    List-Id: <forensics.list-id.securityfocus.com>
    List-Post: <mailto:forensicssecurityfocus.com>
    List-Help: <mailto:forensics-helpsecurityfocus.com>
    List-Unsubscribe: <mailto:forensics-unsubscribesecurityfocus.com>
    List-Subscribe: <mailto:forensics-subscribesecurityfocus.com>
    Delivered-To: mailing list forensicssecurityfocus.com
    Delivered-To: moderator for forensicssecurityfocus.com
    Received: (qmail 8446 invoked from network); 26 Feb 2002 23:58:24 -0000
    Message-ID: <CF60153E84EAD5118C4A00306E01D6091161F6ntex6npc.alliant.com>
    From: "Settle, Sean" <SeanSettlealliantfs.com>
    To: forensicssecurityfocus.com
    Subject: Exchange/MAPI message origin
    Date: Tue, 26 Feb 2002 16:59:35 -0700
    MIME-Version: 1.0
    X-Mailer: Internet Mail Service (5.5.2653.19)
    Content-Type: text/plain;
     charset="iso-8859-1"

    Is there a tool to determine which computer a MAPI message was sent from?
    We would like to be able to determine the origin machine of email messages
    as needed but have not had much luck finding a tool to give us this
    information.

    Sean Settle
    X Network Services Q NPC X
    Phoenix, AZ
    SMTP: seansettlealliantfs.com

    -----------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com

    ----- Original Message -----
    From: "Settle, Sean" <SeanSettlealliantfs.com>
    To: <forensicssecurityfocus.com>
    Sent: Wednesday, February 27, 2002 10:29 AM
    Subject: Exchange/MAPI message origin

    > Is there a tool to determine which computer a MAPI message was sent from?
    > We would like to be able to determine the origin machine of email messages
    > as needed but have not had much luck finding a tool to give us this
    > information.
    >
    > Sean Settle
    > X Network Services Q NPC X
    > Phoenix, AZ
    > SMTP: seansettlealliantfs.com
    >
    >
    > -----------------------------------------------------------------
    > This list is provided by the SecurityFocus ARIS analyzer service.
    > For more information on this free incident handling, management
    > and tracking system please see: http://aris.securityfocus.com
    >

    -----------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com