This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 17%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENE%3C/text%3E%3C/svg%3E)
Hello,
I understand that there were a lot of similar threads
Like this for example https://social.msdn.microsoft.com/Forums/en-US/2dd44e90-3021-44e6-a2ec-36ab61c2b27e/what-device-sent-an-email?forum=exchange2010
However my question is still a bit different. While in the tracking log you can find which type of cllient was used to send email (outlook, activesync or OWA) there is still no info about exact device (for example smartphone id) or client IP which sent the email.
If anyone could help to determine this I would be really appreciated.
Thank you in advance!
Best regards,
Nikolay Evdokimov
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 67%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Have you checked the suggestions below using iis log? Any update now?
I think you would have to match the message logs entries with the IIS logs ( assuming this is on-prem Exchange) for that user and the time sent.
Yes, we could check the IIS logs, How to find IP address from which client accessing mailbox using outlook / Owa / mobile device
And this article will be helpful if you are not familiar with How to Read & Customize IIS Log Files
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
In addition, if the Exchange services are published via SNAT through a load balancer like KEMP, F5 etc, the IIS logs cannot get the real source IP. In this scenario, we will neef to Enable Advanced Logging on all Exchange 2016 Servers. Detailed steps can be seen here: Exchange: Get the real source IPs in the IIS hit logs for servers
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.