I have to research the user reactions to an incoming phishing mail.
Therefore i'm trying to track if a user opened an e-mail. I'm using an Exchange Server and have complete access to the logfiles. I want to use the imap flags (/Seen, /Answered etc.) to get this information.
My problem is, that i can't connect my imap log to a message-id or something different unique identifier.
Here an example of the imap log
2019-07-26T19:01:47.641Z,000000000000001B,15,[fe80::1435:3fe7:d31e:230f%14]:1993,[fe80::1435:3fe7:d31e:230f%14]:22505,alicetracker,1,24,57,uid+fetch,fetch 2:* (FLAGS),"R=OK;Rows=1;UidValidity=14;UidNext=2;ActivityContextData=Dbl:BudgUse.T[]=0.945299983024597;Budget=""Owner:Sid~S-1-5-21-2443813523-3910580689-2609561915-1147~Imap~false,Conn:1,MaxConn:Unlimited,MaxBurst:3600000,Balance:3600000,Cutoff:Unlimited,RechargeRate:600000,Policy:GlobalThrottlingPolicy_6ead7ca9-720e-4f9c-8a7c-eaaf9fd5866e,IsServiceAccount:False,LiveTime:00:07:08.8466978""",
Is there any way to manipulate the Exchange-Server that i can use the imap-logs for that issue?
Thanks!
Related
Hi Good day to everyone here.
My first questions, here we go but i'll try to explain it the best way I could.
I develop auto sending email features using javaxmail in my application for my customer.
Previously when using setting smtp.office365.com I able to send email and the copies of sent email are display in Sent Items folder.
Recently when there are hiccup with smtp office (time out frequently), the IT department at my customer change the setting to use local server instead for smtp (with ip address 172.162.etc.etc). However since the start using this new setting, the email no longer appear in Sent Items but the email still able to sent out ( I test sending email to myself and able to received it ).
Since Im not really familiar and have very limited knowledge on server side for mail server, is there anything I can suggest to the IT department to check for? I only can login the email account on web (https://outlook.office.com/mail/) but when using outlook it required authentication. With web mail i already go thru all settings available and didn't see anything related.
Thanks in advance. Sorry if the question confusing and misleading.
Well, of course - your local SMTP server knows absolutely nothing about your remote Exchange mailbox. It cannot possibly place anything in your Sent Items folder.
You need to send using your Exchange Server - its SMTP server does place sent messages in the Sent Items folder owned by the authenticated user. Keep in mind that MS has recently disabled basic auth in M365. You need to re-enable it for your tenant and the particular mailbox used to send messages.
On our website we use a MySQL table which contains all users. Some of the users should be able to send mails to all users. Unfortunately I haven't got the right idea how to implement such a system.
My current design:
A privileged user writes a mail to users#website.com using his personal mail software.
A server is waiting for incoming mails.
As soon as it receives a mail, it matches the 'From' field with the database.
If the user is not found or hasn't got the special flag, discard the mail.
Forward the mail to all users (mail addresses are saved in the database)
Send the sender a confirmation mail.
How can I implement such a system? I'm not required to stick to a certain programming language even though C++, PHP or Node.JS would be preferred.
As a jumping off point, look into IMAP/SMTP. You can, with any language, log into an email inbox, get emails, read them, etc etc etc. Set up your mailbox with an account users#website.com that receives legitimate emails. Then set up a cron job that checks the inbox every 5 minutes or so. If no emails are found, then you are done. If there is an email there, process it, run your checks against your DB, and then send it using SMTP, and then send the confirmation to the user.
If handling IMAP is too hard, you may just want to make a form on your website that privileged users can use which sends the emails to the users.
First, let me get this out of the way and say this isn't a spam application. I'm writing an app that allows users to share files with multiple friends easily via email.
Right now, I'm using SKPSMTPMessage to send out emails to a list of recipients at the user's request. It works, but I wonder if there isn't a better solution here. For example, if it might be better to send the smtp info and attachments to my server, and conduct the sending from there in order to avoid repetitive attachment uploads on the device.
I am also considering how to handle cases where there is no connection available (determining connection error vs other kinds of errors and persisting the failed message for a later retry).
Any advice on the best way to structure this service would be greatly appreciated.
In order to customize the user experience for sending e-mail you need access to their email details, IMAP, POP, etc. if you want that user to be the one sending the e-mail.
The solution I use is to have the from address be an e-mail I control and use a 3rd party email provider, ex: SendGrid, PostMark, Mandrill and plug in to their api's to send e-mails.
Given there is a "FAILTO=''" option for cfmail, triggering an email to be sent to that email if the email didn't get delivered...
Is there a way to somehow assign an ID or tracking # to an email, store it in a database with that ID... then update the status of that email if it fails?
I'd like to track bouncebacks... preferably WITHOUT sending the FAILTO to a POP3 or IMAP and then checking it with cfimap...
Is there any alternate way of handling this?
Maybe an event gateway that is triggered upon email failure?
UPDATE: I've decided to take a different approach, utilizing the sendgrid API.
I'm hoping that lends me with a few more tools than CF offers.
The short answer to your question is unfortunately no.
A longer version with a possible solution:
The failTo email address populates the return-path in the email header, this then 'should' be used by mail servers for bounce backs (however see - http://www.bennadel.com/blog/1899-GMail-Seems-To-Ignore-The-Return-Path-Header-Defined-By-The-CFMail-FailTo-Attribute.htm for an example where it doesn't)
So you are going to need to monitor an Imap or pop account to see your mails, however you can set up an event gateway to monitor this, with detailed instructions here - http://www.alagad.com/documentation/imapGateway/ImapWatcher%20Gateway%20Documentation.pdf
What you're left with is needing to identify which mail matches which bounceback, when I've done something similar in the past I used unique id's for the failTo email addresses at a domain I owned. If you set that up and then use your listener cfc to look for the id in the return-path.
So your sending code would work along the lines of:
Generate unique id
Send mail
Add row to database with unique id
Your listener.cfc would then need to inspect the email returned and if it finds the unique id update the row with whatever information that you're after.
Hope that that at least helps even if you'll need to set up some other bits.
You could use a directly watcher on the undelivr folder to log the failed emails, only really a solution if its own server and not a shared server though.
As far as I know once it leave the spool and is off to your SMTP server CF assume it's been sent correctly.
The email will trickle down the chain of SMTP servers/relays and if anything happen the only instruction they have is to bounce it back to the from address or failto address if present. CF isn't listening at this point so it can't respond.
We use an external tool called Glock email processor to handle exceptions. It's not free, but works pretty well. You can find it here: http://www.glocksoft.com/email-processor/
You need to configure it to check the failto address and from there you can take many actions. I got it setup as a three strikes system.
Email address bounce, I increment a counter in my email table, at 3 I deactivate that email from the system.
Nothing you can't do yourself with cfpop though.
How can I check if an e-mail has been read using POP3/SMTP?
I am able to read e-mails, but I can not figure out if the e-mail has been read or not. Any suggestions are appreciated.
There is no completely reliable way to do this, while some servers support Read receipts it is dependent on the client to respond to the receipt request.
Another way people do this is by embedding a tracking image into an HTML email that will get pulled from a server and that hit constitutes the read however this is often not accurate as most email reader block html external content by default.
Sign up for a free account on statcounter.com. Goto the install code options, choose invisible tracking button and HTML only counter. Statcounter will now provide you an HTML Image snippet that you have to insert inside the body of your HTML email message.
The image isn't visible in the email but the person will have to click "Display Images" when they open their email client.
This is about the only way you can do it if your server or client does not support read receipts.
With POP3, emails are almost always deleted from the server after they are read. When a client connects to a POP3 server, the server usually transfers emails to the client and then deletes the email from its own storage. So, if you can read an email, chances are that it hasn't been read.
As far as I know this is a client side only detail when it comes to POP3. If you wanted to have the status reflected on multiple clients you'd need to used IMAP. With web mail readers they keep track of the unique message ID and whether or not it has been read on the client, but if you were to load it on a desktop pop3 client, it would not be flagged as read.
store the latest read email's message-id somewhere and check when you run to pop
There is no guarantee an e-mail has been read or not, especially 2 cases we won't receive a Read Receipt,
When user opens an email for the message a pop-up confirmation window opens, if user selects No then end user wont receive a read receipt.
From email settings, If user selects Never send a read receipt then also end user wont receive a read receipt.
If user enabled Read Receipt then, the request for the receipt is sent as a header attached to the mail using the method
MimeMessage.setHeader("Disposition-Notification-To", "email-id#domain.com");