Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, February 20, 2019 7:28 PM
Hello,
I have one email that was sent, but we would like to identify the device that it was sent from and the IP of that device.
This is on an Exchange 2010 SP3.
We already went through getting the info from the Get-MessageTrackingLog -messageID: MESSAGEID –Recipients RECIPIENT -EventID Receive | FL
On the return, under the SourceContext line I should be able to get the ClientType, but it does not return the type.
Would it be possible to get where it was sent from and the IP of that device ?
Anser Leon
All replies (3)
Thursday, February 21, 2019 7:18 AM ✅Answered
Hi,
1. Yes, in message tracking logs, there is a SourceContext field which reports the ClientType property for SUBMIT events. However, there's no SUBMIT event when an external sender sends an email to one of your users.
So if the email is from an external user, we cannot check the client type.
2. The Original Client IP is not available in Exchange 2010. From the official document, we even cannot find this field in message tracking event. For reference: Fields that are Used to Classify Each Message Tracking Event
The below image is a part of message tracking logs we got in Exchange 2013:
3. The Connect ID shows the name of source or destination Send connector or Receive connector. During the mail flow in your organization, if no connectors are used, it will be blank.
Additionally, Exchange Server 2010 will reach end of support on January 14, 2020. You could consider migrating from Exchange 2010 to Office 365 or Exchange 2016 for better services.
Regards,
Lydia Zhou
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact [email protected].
Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.
Wednesday, February 20, 2019 7:35 PM
Hi.
Get-MessageTrackingLog -Sender "<smtp>" -MessageSubject "<subject>" | Select-Object Eventid,Timestamp,OriginalClientIp,Connectorid
X-Originating-IP:
MCITP, MCSE. Regards, Oleg
Wednesday, February 20, 2019 8:42 PM
Thank you for your quick response.
I have ran the command an under OriginalClient IP and connector ID I get a blank column.
What would this mean?
Anser Leon