Displaying message header information using powershell RRS feed

  • Question

  • I have a message that is being spoofed which I tracked down the messageid and all, but I want to be able to view the Header without having to bother the user.  I tried having him forward the message to me but I now understand that in doing so creates a new message and strips off any old headers.  I ran the get-messagetrackinglog cmdlet and tracked the message down, but I can't seem to find the command to allow me to view the message and header.  Any ideas?




    Thursday, July 21, 2011 2:36 PM

All replies

  • I should probably mention this is is Exchange 2007.
    Thursday, July 21, 2011 4:36 PM
  • Exchange doesn't store the full header information anywhere other then in the actual message so the only way you could get all the header information is from the source message which would involve you having access to mailbox in question (which i guess your trying to avoid).  You can use the client-ip from the message tracking logs (get-messagetrackinglog) to see what the IP Address of the MTA that submitted the message which may help you track if the message has been spoofed.


    Friday, July 22, 2011 2:36 AM
  • OK, so there is no way of exporting a complete message to say a txt file from the exchange server?
    Friday, July 22, 2011 1:14 PM
  • If you have access rights to the mailbox in question of course you can you can use any of the Exchange API to do that. Eg you could use the EWS Managed API and then use a powershell script like . This is a really simple mail client it has a button you can click which will grab the headers from the message and also another button you click to export the message to a eml file (which is just a plain text file you can open and look at the underlying MIME message).


    Friday, July 22, 2011 11:45 PM
  • Ah, perfect, thanks!
    Monday, July 25, 2011 3:13 PM