hotcam
asked on
Exchange Server 2003 mail delivery problem - Some users report receiving mail that is addressed to other users.
Hi all,
Short desc: Some users report receiving mail that is addressed to other users. These users -sometimes have LONG been deleted from AD and mailboxes purged. Other times, it's a current user. These mails do not appear to be addressed to the receiving user in the CC field.
Environment is Exchange 2003 (native) running on Standard Server 2003 SP1. 2003 Active directory 2000/2003 mixed mode. Incoming mail flow is Internet -> Watchguard firewall - > Barracuda Spam Device -> Exchange Server.
Here are two headers... The first message header is one that was addressed to a valid user "Georgia" but ended up in my mailbox. The second header is one that was addressed to a user that is no longer with the company and has long since been deleted/mailbox purged, but was accepted and delivered also to my mailbox.
I have heard reports of users getting similar mail. What would cause this problem?
##########################
Microsoft Mail Internet Headers Version 2.0
Received: from barracuda.yaddayadda.com ([192.168.1.33]) by dunsvr06.yaddayadda.com with Microsoft SMTPSVC(6.0.3790.1830);
Thu, 22 Jun 2006 20:47:46 -0400
X-ASG-Debug-ID: 1151023653-14393-1-2
X-Barracuda-URL: http://192.168.1.33:8000/cgi-bin/mark.cgi
Received: from CHOMIAK-S5YW5GZ (unknown [83.20.3.53])
by barracuda.yaddayadda.com (Spam Firewall) with ESMTP
id 22F3BD8DB; Thu, 22 Jun 2006 20:47:44 -0400 (EDT)
Message-ID: <95615586354603.5DDAC7FF8F
From: "Nixon" <Nixoncheeky@earthlink.net
To: <georgia@yaddayadda.com>
X-ASG-Orig-Subj: Recent stuff You always dreamt to rock hard erections…
Subject: Recent stuff You always dreamt to rock hard erections…
Date: Fri, 23 Jun 2006 02:47:29 +0200
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Thread-Index: 1OLsSha3AIja22EzeQ3vCFZKAn
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding:
X-Virus-Scanned: by Barracuda Spam Firewall at yaddayadda.com
X-Barracuda-Header-Alert: BAD HEADER Non-encoded 8-bit data (char 85 hex) in message header 'X-ASG-Orig-Subj'
X-ASG-Orig-Subj: ...ff You always dreamt to rock hard erections\205 \n
^
X-Barracuda-Spam-Score: 1.77
X-Barracuda-Spam-Status: No, SCORE=1.77 using global scores of TAG_LEVEL=2.5 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=3.0 tests=SARE_ADULT2, SUBJ_ILLEGAL_CHARS
X-Barracuda-Spam-Report: Code version 3.02, rules version 3.0.15342
Rule breakdown below pts rule name description
---- ---------------------- --------------------------
0.10 SUBJ_ILLEGAL_CHARS Subject contains too many raw illegal characters
1.67 SARE_ADULT2 BODY: Contains adult material
Return-Path: Nixonconvalescent@earthlin
X-OriginalArrivalTime: 23 Jun 2006 00:47:46.0298 (UTC) FILETIME=[A4D25DA0:01C6965
##########################
Addressed to a user that is no longer with the company and has long since been deleted/mailbox purged, but was accepted and delivered to a my mailbox.
##########################
Microsoft Mail Internet Headers Version 2.0
Received: from barracuda.yaddayadda.com ([192.168.1.33]) by dunsvr06.yaddayadda.com with Microsoft SMTPSVC(6.0.3790.1830);
Thu, 22 Jun 2006 10:35:13 -0400
X-ASG-Debug-ID: 1150986903-15395-2-0
X-Barracuda-URL: http://192.168.1.33:8000/cgi-bin/mark.cgi
Received: from JACOB-2YHHJQYFC (cpe-70-117-21-239.satx.re
by barracuda.yaddayadda.com (Spam Firewall) with ESMTP
id DA1D623F3C; Thu, 22 Jun 2006 10:35:03 -0400 (EDT)
Message-ID: <13061306174127.08147DB408
From: "Efren" <LucilleBurtj7@tokyo.com>
To: <geniece@yaddayadda.com>
X-ASG-Orig-Subj: Never-seen Get a better job
Subject: Never-seen Get a better job
Date: Thu, 22 Jun 2006 09:34:39 -0500
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Thread-Index: ZQJ1KWu6v72wo032X3AJC9c927
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding:
X-Virus-Scanned: by Barracuda Spam Firewall at yaddayadda.com
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=2.5 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=3.0 tests=
X-Barracuda-Spam-Report: Code version 3.02, rules version 3.0.15311
Rule breakdown below pts rule name description
---- ---------------------- --------------------------
Return-Path: TabithaSkinnerx0@europe.co
X-OriginalArrivalTime: 22 Jun 2006 14:35:13.0612 (UTC) FILETIME=[128388C0:01C6960
Short desc: Some users report receiving mail that is addressed to other users. These users -sometimes have LONG been deleted from AD and mailboxes purged. Other times, it's a current user. These mails do not appear to be addressed to the receiving user in the CC field.
Environment is Exchange 2003 (native) running on Standard Server 2003 SP1. 2003 Active directory 2000/2003 mixed mode. Incoming mail flow is Internet -> Watchguard firewall - > Barracuda Spam Device -> Exchange Server.
Here are two headers... The first message header is one that was addressed to a valid user "Georgia" but ended up in my mailbox. The second header is one that was addressed to a user that is no longer with the company and has long since been deleted/mailbox purged, but was accepted and delivered also to my mailbox.
I have heard reports of users getting similar mail. What would cause this problem?
##########################
Microsoft Mail Internet Headers Version 2.0
Received: from barracuda.yaddayadda.com ([192.168.1.33]) by dunsvr06.yaddayadda.com with Microsoft SMTPSVC(6.0.3790.1830);
Thu, 22 Jun 2006 20:47:46 -0400
X-ASG-Debug-ID: 1151023653-14393-1-2
X-Barracuda-URL: http://192.168.1.33:8000/cgi-bin/mark.cgi
Received: from CHOMIAK-S5YW5GZ (unknown [83.20.3.53])
by barracuda.yaddayadda.com (Spam Firewall) with ESMTP
id 22F3BD8DB; Thu, 22 Jun 2006 20:47:44 -0400 (EDT)
Message-ID: <95615586354603.5DDAC7FF8F
From: "Nixon" <Nixoncheeky@earthlink.net
To: <georgia@yaddayadda.com>
X-ASG-Orig-Subj: Recent stuff You always dreamt to rock hard erections…
Subject: Recent stuff You always dreamt to rock hard erections…
Date: Fri, 23 Jun 2006 02:47:29 +0200
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Thread-Index: 1OLsSha3AIja22EzeQ3vCFZKAn
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding:
X-Virus-Scanned: by Barracuda Spam Firewall at yaddayadda.com
X-Barracuda-Header-Alert: BAD HEADER Non-encoded 8-bit data (char 85 hex) in message header 'X-ASG-Orig-Subj'
X-ASG-Orig-Subj: ...ff You always dreamt to rock hard erections\205 \n
^
X-Barracuda-Spam-Score: 1.77
X-Barracuda-Spam-Status: No, SCORE=1.77 using global scores of TAG_LEVEL=2.5 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=3.0 tests=SARE_ADULT2, SUBJ_ILLEGAL_CHARS
X-Barracuda-Spam-Report: Code version 3.02, rules version 3.0.15342
Rule breakdown below pts rule name description
---- ---------------------- --------------------------
0.10 SUBJ_ILLEGAL_CHARS Subject contains too many raw illegal characters
1.67 SARE_ADULT2 BODY: Contains adult material
Return-Path: Nixonconvalescent@earthlin
X-OriginalArrivalTime: 23 Jun 2006 00:47:46.0298 (UTC) FILETIME=[A4D25DA0:01C6965
##########################
Addressed to a user that is no longer with the company and has long since been deleted/mailbox purged, but was accepted and delivered to a my mailbox.
##########################
Microsoft Mail Internet Headers Version 2.0
Received: from barracuda.yaddayadda.com ([192.168.1.33]) by dunsvr06.yaddayadda.com with Microsoft SMTPSVC(6.0.3790.1830);
Thu, 22 Jun 2006 10:35:13 -0400
X-ASG-Debug-ID: 1150986903-15395-2-0
X-Barracuda-URL: http://192.168.1.33:8000/cgi-bin/mark.cgi
Received: from JACOB-2YHHJQYFC (cpe-70-117-21-239.satx.re
by barracuda.yaddayadda.com (Spam Firewall) with ESMTP
id DA1D623F3C; Thu, 22 Jun 2006 10:35:03 -0400 (EDT)
Message-ID: <13061306174127.08147DB408
From: "Efren" <LucilleBurtj7@tokyo.com>
To: <geniece@yaddayadda.com>
X-ASG-Orig-Subj: Never-seen Get a better job
Subject: Never-seen Get a better job
Date: Thu, 22 Jun 2006 09:34:39 -0500
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Thread-Index: ZQJ1KWu6v72wo032X3AJC9c927
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding:
X-Virus-Scanned: by Barracuda Spam Firewall at yaddayadda.com
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=2.5 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=3.0 tests=
X-Barracuda-Spam-Report: Code version 3.02, rules version 3.0.15311
Rule breakdown below pts rule name description
---- ---------------------- --------------------------
Return-Path: TabithaSkinnerx0@europe.co
X-OriginalArrivalTime: 22 Jun 2006 14:35:13.0612 (UTC) FILETIME=[128388C0:01C6960
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
dont trust the header of ANY email,,, especiall if it comes from a SPAMMER, its called a malformed header. Read up on it.
ASKER
I will certainly do that... Leaving this open for now, hopefully...I can get some more people to chime in.
This is totally SPAM related. The email headers and address used or shown are VERY often incorrect.
Do you have a SPAM filter that can at least keep these from going to their inbox? There is nothing you can do (from what I have experienced) to stop these emails, or to show who they were really addressed to. The whole point of the SPAMMER is to confuse the mail server and SPAM blockers so it will get delievered to as many people as possible. This is why the headers are all jacked up, etc.
Good luck,
Rob
Do you have a SPAM filter that can at least keep these from going to their inbox? There is nothing you can do (from what I have experienced) to stop these emails, or to show who they were really addressed to. The whole point of the SPAMMER is to confuse the mail server and SPAM blockers so it will get delievered to as many people as possible. This is why the headers are all jacked up, etc.
Good luck,
Rob
ASKER
Thanks, and yes, the barracuda is the device that's supposed to handle it the spam. You can see what the cuda thought about it in the headers. For the most part, it does a great job if it. For whatever reason, these aren't scoring high enough :-(
ASKER
If they use the BCC field, wouldn't the message still end up in the mailbox of the user with the TO: field being correct for that user? From my experience with the BCC field is that each recipient gets the message where the TO: field is addressed -to that user- as if they were the only one that got it...
1) Ben sends message BCC to: Mary, Greg
2a) Greg gets message
To: Greg
From: Ben
2b) Mary gets Message
To: Mary
From: Ben
In this case,
1) Ben sends message (assuming BCC) to: Georgia
2) Brian gets message
To: Georgia
From: Ben
Seems like some kind of "message routing problem" Am I missing something?