lieiti

macrumors newbie
Original poster
Mar 31, 2009
8
1
Miami
Hello, I need to learn please how to open and read OS X 'Mail' logs.

The goal is to find the destination IP for a particular email (need to prove for a legal case that the recipient of an email was in a particular location at the time of receiving that email).

I thought it would be included in the email's header, but learned that the header only contains the Sender's IP address and the relay server IPs that the email passes through on its way to the destination. The header does not record the destination IP address of the email recipient.

I learned that the MDA (mail delivery agent) and/or Mail client would record such information in its log, and believe in this instance it would be the OSX Mail app.

Does anyone know how to find these particular Mail logs that record incoming email information such as this?

Any and all information and/or other suggestions to achieve this result is highly appreciated!

The version of OSX on the computer is actually 10.6.8, but I could not find a section for it (perhaps too old). I am guessing / hoping however that 10.7 might be very close to 10.6 in this regard.

Thank you.
 

Weaselboy

Moderator
Staff member
Jan 23, 2005
29,196
8,835
California
The goal is to find the destination IP for a particular email (need to prove for a legal case that the recipient of an email was in a particular location at the time of receiving that email).
There is no way for you to know or learn that from your Mac. You will need to subpoena the email provider for that information.
 

lieiti

macrumors newbie
Original poster
Mar 31, 2009
8
1
Miami
Thank you Weaselboy for your reply. Please find attached a screenshot of a response I received from serverfault.com's forum.

This person believes that the logs of the 'MDA' responsible for delivery of the email would have this information. What would the MDA be in this instance? The local ISP, or perhaps the Hotmail account? Thanks.
 

Attachments

Weaselboy

Moderator
Staff member
Jan 23, 2005
29,196
8,835
California
This person believes that the logs of the 'MDA' responsible for delivery of the email would have this information. What would the MDA be in this instance? The local ISP, or perhaps the Hotmail account? Thanks.
Correct... the MDA (mail delivery agent) would be the ISP or whatever provider of the recipient's email service is. So if you sent an email to bob@hotmail.com, for example, you would need to subpoena records from Hotmail to find out from what IP address that mail was opened.