LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Email monitoring (https://www.linuxquestions.org/questions/linux-security-4/email-monitoring-416325/)

akhil.gaur 02-16-2006 11:00 PM
Email monitoring
 
Hi freinds,

I want to monitor few email accounts in free mail sites liker yahoo,gmail,msn,rediffmail.
I want to get the ipaddress sender's email id mac address (if possible)

Any help
.
:confused: :Pengy:

Capt_Caveman 02-18-2006 01:23 AM
What are you trying to accomplish? Do these accounts belong to you?

imemyself 02-19-2006 01:29 AM
Its not possible to get the MAC address. The only MAC address you would get would be the closest router to where-ever the email ends up(when packets are routed, they have the IP address of the end destination that they need to go to and the MAC address set to the next hop/router they will go through.) As far as the IP address goes(assuming you have access to the accounts), you might be able to find something out if the webmail service allows you to view the source of the message or access the messages via POP3/IMAP. You could then look at the headers and see the email servers that the message went through. For example
Code:
Received: by 10.64.178.10 with SMTP id a10cs6057qbf;
        Mon, 6 Feb 2006 16:14:24 -0800 (PST)
Received: by 10.54.76.1 with SMTP id y1mr4396389wra;
        Mon, 06 Feb 2006 16:13:59 -0800 (PST)
Return-Path: <bounces@interact.novell.com>
Received: from interact.novell.com (velik.provo.novell.com [137.65.244.34])
        by mx.gmail.com with ESMTP id 64si1371815wra.2006.02.06.16.14.22;
        Mon, 06 Feb 2006 16:14:23 -0800 (PST)
Received-SPF: pass (gmail.com: domain of bounces@interact.novell.com designates 137.65.244.34 as permitted sender)
Received: from minuet.provo.novell.com ([137.65.246.40])
        by interact.novell.com with ESMTP; Mon, 06 Feb 2006 17:06:13 -0700
This is from the source of an email sent from Novell to my Gmail account. You can see the message started at minuet.provo.novell.com aka 137.65.246.40, and then went through various email servers until it got to 10.64.178.10, which is a private IP address(so the host is not directly on the Internet) and is presumably an email server on Google's internal network.

akhil.gaur 02-21-2006 03:02 AM
thanks for suggestion.

I want to monitor these account from any where that is if they login to those account from any where ie outside from my LAN still i should get a copy of an email sent to and from those account.
beside email other information required is ipaddress of system and senders/recivers email address.

Please advice

will be thankful to you

kevkim55 02-21-2006 03:55 AM
Do these accounts you are worried about belong to you ? Really ?

akhil.gaur 02-21-2006 05:03 AM
Some of these accounts are hold by me and my friends and we are doing this to check the security feature employed by the free mail service provider as some time we use to share secure information on these accounts.

unSpawn 02-21-2006 05:19 AM
Some of these accounts are hold by me and my friends
With emphasis on "some".


and we are doing this to check the security feature employed by the free mail service provider
which, except from printing the remote users IP in the email header, are?


as some time we use to share secure information on these accounts.
That's not an argument for "testing" "security features" of free mail service provider: it's *solely* your *problem*.
*You* decided to share information using a public service, so you should encrypt messages, period.


All times are GMT -5. The time now is 05:32 PM.