Re: "proving" a user received an email (good gosh)
From: bill davidsen (davidsen@tmr.com)Date: 06/24/02
- Next message: Christopher Browne: "Re: "proving" a user received an email (good gosh)"
- Previous message: Christopher Browne: "Re: "proving" a user received an email (good gosh)"
- In reply to: gaius.petronius: ""proving" a user received an email (good gosh)"
- Next in thread: Christopher Browne: "Re: "proving" a user received an email (good gosh)"
- Reply: Christopher Browne: "Re: "proving" a user received an email (good gosh)"
- Reply: : "Re: "proving" a user received an email (good gosh)"
- Reply: Doug Freyburger: "Re: "proving" a user received an email (good gosh)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: davidsen@tmr.com (bill davidsen) Date: Mon, 24 Jun 2002 17:54:18 +0000 (UTC)
In article <188cd7b2.0206232245.47c44a28@posting.google.com>,
gaius.petronius <rut@linuxmail.org> wrote:
| "proving" a user received an email (good gosh)
|
| boss calls me in
| manager X is a liar, says he never received this damn email.
|
| i check the logs
Which don't seem to indicate he did. They prove an email was sent, and
if the sender kept a copy he can show what was in it. But unless it was
sent "return receipt requested" that's where it ends.
B-i-g gap in the times.
| i see an entry about the time sender claims it was sent:
|
| exhibit A
| maillog:
| Jun 22 23:47:31 swm sendmail[5517]: g5MFlUu05517:
| from=<sender@address>, size=5988, class=0, nrcpts=2,
| msgid=<4778858448D8547D4A54BCC6118467D@>, proto=ESMTP, daemon=MTA
|
| i also see in
| exhibit B
| maillog:
| Jun 22 23:47:31 swm sendmail[5518]: g5MFlUu05517: to=<BigLiar>,
| delay=00:00:00, xdelay=00:00:00, mailer=local, pri=65536, dsn=2.0.0,
| stat=Sent
| maillog:Jun 22 23:47:31 swm sendmail[5518]: g5MFlUu05517:
| to=<AngryBOSS>, delay=00:00:00, xdelay=00:00:00, mailer=local,
| pri=65536, dsn=2.0.0, stat=Sent
|
| i see that the user also checked his email without errors
|
| exhibit C
| maillog:Jun 23 23:31:48 swm ipop3d[12224]: Login user=BigLiar
| host=4.unknown.com [227.1.0.n] nmsgs=2/2
|
|
| My question is, although i know that this 22:23:47:31 is most probably
| the mail in question, how can i link it to the message id
| 78858448D8547D4A54BCC6118467D@ ??
|
| This is probably more a security or forensics question.
| is there a way to tune the logs to report the message id of the email
| when the user logs in and receives?
|
| in exhibit C there is no apparent way i can say that he is receiving
| this particular message; all i can say is that the server is
| functioning properly and that there is no reason to doubt that when he
| logged in he did not receive all his email messages.
|
| is there a method to log the received message id?
- Next message: Christopher Browne: "Re: "proving" a user received an email (good gosh)"
- Previous message: Christopher Browne: "Re: "proving" a user received an email (good gosh)"
- In reply to: gaius.petronius: ""proving" a user received an email (good gosh)"
- Next in thread: Christopher Browne: "Re: "proving" a user received an email (good gosh)"
- Reply: Christopher Browne: "Re: "proving" a user received an email (good gosh)"
- Reply: : "Re: "proving" a user received an email (good gosh)"
- Reply: Doug Freyburger: "Re: "proving" a user received an email (good gosh)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
