How to determine which device sent particular email from Microsoft Exchange?

asked 2021-11-23T14:38:29.89+00:00
Nikolay Evdokimov 101 Reputation points

Hello,

I understand that there were a lot of similar threads
Like this for example https://social.msdn.microsoft.com/Forums/en-US/2dd44e90-3021-44e6-a2ec-36ab61c2b27e/what-device-sent-an-email?forum=exchange2010

However my question is still a bit different. While in the tracking log you can find which type of cllient was used to send email (outlook, activesync or OWA) there is still no info about exact device (for example smartphone id) or client IP which sent the email.

If anyone could help to determine this I would be really appreciated.

Thank you in advance!

Best regards,
Nikolay Evdokimov

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
6,074 questions
{count} votes

2 answers

Sort by: Most helpful
  1. answered 2021-11-23T15:57:50.827+00:00
    Andy David - MVP 108.8K Reputation points Microsoft MVP

    I think you would have to match the message logs entries with the IIS logs ( assuming this is on-prem Exchange) for that user and the time sent.

    No comments

  2. answered 2021-11-24T05:57:25.737+00:00
    Joyce Shen - MSFT 16,306 Reputation points Microsoft Employee

    Hi @Nikolay Evdokimov

    Yes, we could check the IIS logs, How to find IP address from which client accessing mailbox using outlook / Owa / mobile device

    And this article will be helpful if you are not familiar with How to Read & Customize IIS Log Files
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    In addition, if the Exchange services are published via SNAT through a load balancer like KEMP, F5 etc, the IIS logs cannot get the real source IP. In this scenario, we will neef to Enable Advanced Logging on all Exchange 2016 Servers. Detailed steps can be seen here: Exchange: Get the real source IPs in the IIS hit logs for servers


    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    No comments