OSX Mail logs access? How to find them?

  lieiti 17:17 19 Apr 2017
Locked

Hello, I need to learn please how to open and read OS X 'Mail' logs.

The goal is to find the destination IP for a particular email (need to prove for a legal case that the recipient of an email was in a particular location at the time of receiving that email).

I thought it would be included in the email's header, but learned that the header only contains the Sender's IP address and the relay server IPs that the email passes through on its way to the destination. The header does not record the destination IP address of the email recipient.

I learned that the MDA (mail delivery agent) and/or Mail client would record such information in its log, and believe in this instance it would be the OSX Mail app.

Does anyone know how to find these particular Mail logs that record incoming email information such as this?

Any and all information and/or other suggestions to achieve this result is highly appreciated!

The version of OSX on the computer is 10.6.8.

Thank you.

  Forum Editor 19:03 19 Apr 2017

"(need to prove for a legal case that the recipient of an email was in a particular location at the time of receiving that email)."

You cannot prove that the recipient of an email was in a specific location because the receiving IP address is simply that of a computer, not a person. If the computer's IP address is assigned dynamically by an Internet Service Provider you have no way of tracing an email recipient's location without access to the ISP's logs. In Europe, the information in those logs is protected by law, and an ISP may only divulge it to an authorised organisation or person if ordered to do so by a judge.

  lieiti 21:29 19 Apr 2017

Thank you for your reply. Please find attached a screenshot of a response I received from serverfault.com's forum.

This person believes that the logs of the 'MDA' responsible for delivery of the email would have this information. What is your opinion on this? Is the 'MDA' actually the ISP? Thank you.

  lieiti 21:31 19 Apr 2017

Could not upload an image, here is his reply copy and paste:

"SMTP Received headers are added by SMTP servers along the way. Retrieving mail from a server via IMAP or another protocol is not an SMTP function and therefore, those clients will not append Received header information.

To get this information, you will need to check the logs of whatever MDA was responsible for delivery to the user's mail client."

  Forum Editor 22:38 19 Apr 2017

The term MDA stands for 'Mail Delivery Agent', and is just another way of saying 'POP or IMAP server'.

You cannot gain access to those server logs because they will typically be held by the ISP, or the domain host in the case of a mailbox on a private domain.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5T review

How to draw a mandala

iPhone X review

Les meilleures enceintes Bluetooth à moins de 150 euros