On Wed, 2008-05-21 at 22:01 -0700, Ceyhun Atacan wrote: > Thanks Julien. I've been trying to map these properties to actual bytes > transmitted on the wire without any success so far. Is there any information > about the series of MAPI events that take place when, let's say, an email is > sent from outlook? I mean when an email is sent there are a bunch of > EcDoConnectEx messages and i can't put them into any context. I'd really > appreciate any pointers in this area. Also, what would be the best approach > to map MAPI calls to actual bytes transmitted? My starting point is the IDL > files but it's been very time consuming to go from a byte/structure in the > interface definition to what I see in a wireshark capture. I might be very > well missing something (a tool, document, etc.) completely so please let me > know if I'm in the wrong direction! > Cheers, > Ceyhun
Hi Ceyhun, You may probably be interested in the mapiproxy project (see recent post). Mapiproxy will downgrade the EMSMDB protocol version Outlook uses and force it not to use EcDoConnectEx/EcDoRpcExt but EcDoConnect/EcDoRpc. Furthermore it has a 'yet experimental' modules mechanism which should be suitable for your purposes. I'm planning to write the hooks section soon when I have stabilized/finalized the modules API. Cheers, Julien. > ----- Original Message ---- > From: Julien Kerihuel <[EMAIL PROTECTED]> > To: Ceyhun Atacan <[EMAIL PROTECTED]> > Cc: [email protected] > Sent: Wednesday, May 14, 2008 10:47:27 AM > Subject: Re: [openchange][devel] email/calendaring separation? > > On Wed, 2008-05-14 at 07:02 -0700, Ceyhun Atacan wrote: > > Hi all, > > In my project I'm trying to distinguish and identify individual e-mail > > and calendaring flows between Exchange and MAPI clients such as > > Outllook. First and foremost, is this possible? > > It is. > > Preliminary and quick ideas: > 1. check for PR_MESSAGE_CLASS property and looks whether it is > "IPM.Note" or "IPM.Appointment". > > 2. check for the folder message class. MAPI clients such as > Outlook "will assume" this messages are the same type than the > container. > > > Apparently wireshark doesn't support MAPI dissection and throws a > > bunch of unknown MAPI opnums when I capture some email traffic. > > It does have a new dissector I pushed a couple of weeks ago, but it yet > only support emsmdb traffic for server < Exchange 2003. We should be > pushing some code for E2k3 and above EcDoConnectEx (0xa) and EcDoRpcEx > (0xb) soon. > > > Is this something publicly available? > > For e2k3, not yet. It is under development, but not yet functional to > get included into libmapi trunk. > > > I'd like to help if there is a need in this area. > > Can you go further and develop the kind of help you are willing to > provide? > > Regards, > Julien. > -- Julien Kerihuel [EMAIL PROTECTED] OpenChange Project Manager GPG Fingerprint: 0B55 783D A781 6329 108A B609 7EF6 FE11 A35F 1F79
signature.asc
Description: This is a digitally signed message part
_______________________________________________ devel mailing list [email protected] http://mailman.openchange.org/listinfo/devel
