Question

SBS Premium 2003 - Exchange: random repeating emails

Asked by: realitybytes

Every so often, one of the users on our network will receive an email over and over again. This is a seemingly random problem. More often than not, the email includes an attachment, and the attachment is almost always corrupted. But there have been exceptions to both of these characteristics.

These are legitimate (not SPAM) emails from senders who have sent many emails before and since the repeating email. The same sender coould send another email on thesame day and the problem does not recur. I have been completely unsuccessful in trying to recreate the problem. There doesn't seem to be any rhyme or reason to the issue.

We are using Windows Small Business Server Premium 2003 with Microsoft Exchange 2003 as the email server. I've read through several different questions that seem to describe a similar problem. But the answer is almost always something to do with POP3. We are NOT using POP3. We are using SMTP. I've also seen one question where the problem was identified as SPAM SOAP. We are not using that product.

We are using GFI Mail Archiver 4 to archive our email, and GFI Mail Essentials for SPAM filtering. We also use Watchguard Firewall X700 Core. I read one question where a Hardware Firewall was identified as a possible cause of a similar problem. But after reading the referenced document, I was unable to resolve this problem.

Most of the people who have asked this question have ended up not getting a satisfactory resolution, and usually the question ends up being abandoned. I am asking again because my users are getting quite frustrated and are asking me to fix the problem. If you have any useful information or know of anyone who has had this problem and resolved it, I would be very grateful to know the answer.

Thank you in Advance

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2007-04-24 at 14:03:10ID22531728
Tags

exchange

,

repeating

,

2003

,

emails

Topics

Watchguard Firewall

,

Exchange Email Server

,

SBS Small Business Server

Participating Experts
3
Points
500
Comments
24

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Watchguard Firebox 700 and Proxied SMTP
    After configuring Proxied-SMTP on our Watchguard Firebox, telnet mail.domainname.com 25 returns "220 SMTP service ready" instead of the typical "220 mail.domainname.com Microsoft ESMTP MAIL Service, Version 6.0.3790.211 ready at Wed, 11 Oct 2006 18:35:16 ...
  2. Watchguard Firebox X700 and Proxied SMTP
    Watchguard Firebox 700 and Proxied SMTP Question: After configuring Proxied-SMTP on our Watchguard Firebox, telnet mail.domainname.com 25 returns "220 SMTP service ready" instead of the typical "220 mail.domainname.com Microsoft ESMTP MAIL Service, Vers...
  3. SBS Premium will not send messages
    There are allot of questions that I'm sure will be asked and I don't know the answers to, never-the-less I'll do my best to fill in the blanks. I've taken on a new client whom was at wits end with their past IT guy. They have a server running SBS Premium. Up until Tuesday ...
  4. External Telnet to SMTP Port 25 on SBS2003R2 Premium
    Hello Folks, I am wanting to Telnet to SMTP port 25 from an external location, meaning an internet location outside of the LAN to test some configurations of my Exchange Server. My setup is an SBS2003R2 Premium Server (with ISA2004) with all updates current. There are 2 NIC...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: TechSoEasyPosted on 2007-04-24 at 15:26:43ID: 18970088

Ensure that the following has nothing configured:
Exchange System Manager-> right-click Virtual SMTP server-> Properties-> Messages tab-> “Forward all mail with unresolved recipients to host".

If there is anything there, you could be causing an email loop.

Jeff
TechSoEasy

 

by: realitybytesPosted on 2007-04-24 at 16:02:48ID: 18970265

Thank you for your suggestion, TechSoEasy. That is not something that I have checked before. Unfortunately, the field was blank, so I guess that wasn't it.

 

by: realitybytesPosted on 2007-04-26 at 09:17:23ID: 18982802

Stay Active? I read and respond to every comment made in any of my questions. Thank you for your response.

 

by: TechSoEasyPosted on 2007-04-27 at 01:31:34ID: 18987339

I hadn't had a chance to respond yet... it's been a busy week.

If this is happening to just a single user, then I'd suspect that user has a rule or two configured in their Outlook which is causing the problem.  Please review their rules, and see that there aren't multiple rules which may apply to the emails in question.  If there are, you can have just the first rule apply by checking the "stop processing more rules" box.

Jeff
TechSoEasy

 

by: realitybytesPosted on 2007-04-27 at 09:03:52ID: 18990138

This has happened to everyone who receives email from outside the domain (including me) at least once. 99% of our users have not set up any rules in Outlook.

 

by: TechSoEasyPosted on 2007-04-27 at 19:40:30ID: 18993290

You will then have to provide more specific information about the email received.  Where did it come from?  (ie, what was the domain name).  Who was it addressed to?  Specifically... was the recipient in the To: field?  Or was it addressed in the CC or BCC field?

Can you replicate the error by having the same sender resend the email message?

If you can replicate it, then if you disable GFI Mail Archiver 4 does the problem go away?

Jeff
TechSoEasy

 

by: realitybytesPosted on 2007-04-30 at 10:38:58ID: 19003109

There have been over a hundred of these emails so far. Do you want copies of all of them?

Where did it come from?  
Each of the emails came from a different address in a different domain.

Who was it addressed to?  
As I said above, almost everyone in our domain has received at least one of these.

Specifically... was the recipient in the To: field?  
In almost all of the cases, the recipient was specifically addressed in the To: field. A couple of them had the recipient listed in the CC: field. I don't think any of them were in the BCC: field.

Can you replicate the error by having the same sender resend the email message?
No. In every single case, subsequent emails from the same sender to the same recipient have not resulted in repeating emails.

I know these answers are not much help. I've been going nuts trying to find an answer that makes sense.

 

by: TechSoEasyPosted on 2007-05-03 at 04:26:23ID: 19022263

Thanks for your response... that does help a bit... not that I have any idea what's causing this yet... but at least you've eliminated a few possibilities.

Have you tried disabling the SMTP proxy within the Watchguard Firewall?

Jeff
TechSoEasy

 

by: JimboEfxPosted on 2007-05-03 at 04:31:00ID: 19022282

Can you check the message headers of these SPAM... and post them here along with the message header of a legitamate email from the same person. Obscure any personal detail where necessary

 

by: realitybytesPosted on 2007-05-06 at 10:59:25ID: 19039562

These are not SPAM, Jimbo. These are legitimate emails sent from clients to valid email addresses in our domain. I'm not sure whether the header is going to be much help. But anyway, here's the header of one recent example:

Microsoft Mail Internet Headers Version 2.0
Received: from outside-domain.com ([70.102.xxx.xx]) by mail.mydomain.com with Microsoft SMTPSVC(6.0.3790.1830);
       Fri, 4 May 2007 19:27:17 -0700
MIME-Version: 1.0
Subject: RE: Diablo Logo
Date: Thu, 3 May 2007 15:46:21 -0700
Message-ID: <ab3a9779cab07ff6652cbb7e682600aa8afb6fac@localhost>
From: "Outside Client" <client@outside-domain.com>
To: "Our Employee" <employeee@mydomain.com>
X-WatchGuard-Spam-ID: str=0001.0A09020B.463BEBC3.009A,ss=1,fgs=0
X-WatchGuard-Mail-From: client@outside-domain.com
X-WatchGuard-Mail-Recipients: employeee@mydomain.com
Content-Type: multipart/mixed;
      boundary="----_=_NextPart_001_01C78DD4.E19CB438"
Return-Path: client@outside-domain.com
X-OriginalArrivalTime: 05 May 2007 02:27:17.0713 (UTC) FILETIME=[E698FC10:01C78EBC]

------_=_NextPart_001_01C78DD4.E19CB438
Content-Type: multipart/alternative;
      boundary="----_=_NextPart_002_01C78DD4.E19CB438"

------_=_NextPart_002_01C78DD4.E19CB438
Content-Type: text/plain;
      charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

------_=_NextPart_002_01C78DD4.E19CB438
Content-Type: text/html;
      charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


------_=_NextPart_002_01C78DD4.E19CB438--
------_=_NextPart_001_01C78DD4.E19CB438
Content-Type: image/bmp;
      name="Diablo Logo.BMP"
Content-Transfer-Encoding: base64
Content-Description: Diablo Logo.BMP
Content-Disposition: attachment;
      filename="Diablo Logo.BMP"

------_=_NextPart_001_01C78DD4.E19CB438
Content-Type: application/msword;
      name="Diablo Logo.DOC"
Content-Transfer-Encoding: base64
Content-Description: Diablo Logo.DOC
Content-Disposition: attachment;
      filename="Diablo Logo.DOC"

 

by: realitybytesPosted on 2007-05-06 at 11:02:38ID: 19039575

Jeff, if I disable the SMTP Proxy, it is my understanding that no email will pass through the firewall. I have thought about trying to disable various parts of the proxy to see if there is an invalid setting somewhere, but the problem is that I would have no way to test whether the change had worked because I never know when we're going to get one of these repeating emails and I have no way of forcing one.

 

by: JimboEfxPosted on 2007-05-06 at 11:12:11ID: 19039591

Just to clarify:

These emails, recieved as corrupted but sent by the expected sender? The point is important... either something is randomly corrupting your emails or somone is spamming you - spoofing the email address of the sender (easily done).

Received: from outside-domain.com ([70.102.xxx.xx]) by mail.mydomain.com with Microsoft SMTPSVC(6.0.3790.1830);

Can you verify that this IP is a legitamte source for the domain/sender that the email appears to be comming from?

What anti virus is installed on your server locally?

 

by: realitybytesPosted on 2007-05-06 at 11:23:12ID: 19039617

Hi Jimbo -

For the example that I posted, there were two attachments. One of them was received uncorrupted. The other was corrupted. And when I say corrupted, I mean that it was an empty file, only 64 bytes in size, which is basically just the header. Itwas definitely NOT spam. It was a response from a client to a request for copies of their logo in various formats. The email was expected by the recipient.

Yes, the IP does resolve to the proper MX record.

We are using the Enterprise version of Eset's NOD32 (current version 2.70.32).

 

by: JimboEfxPosted on 2007-05-06 at 11:41:08ID: 19039659

Have you configure the server anti virus to exclude the folders specified in this article:

http://support.microsoft.com/kb/328841

#2

Can the client resend the same email, afterwards with your user receiving it uncorrupted?

 

by: realitybytesPosted on 2007-05-06 at 12:17:25ID: 19039740

well, actually, since we use Exchange 2003, I have configured it to exclude the folders specified in this article:
http://support.microsoft.com/kb/823166/en-us

I have also verified which folders to exclude with Eset. In addition, we have excluded the folders that are specified GFI.

#2
with the specific example that I gave, the client did re-send the attachments, and the results were the same. however, other emails from that same sender have not had similar problems. In this specific example, the attachment that got corrupted was a Word Document with a copy of the client's logo in two different image formats in it.

i guess that would give a strong indication that this is related to the attachments. But I have to tell you that we send and receive literally hundreds of similar attachments every day and it is only the occassional, random email that ends up with this problem of repeating.

 

by: JimboEfxPosted on 2007-05-06 at 12:43:15ID: 19039800

The problem quite definately appears to be attachment related. Since the data your end user views inevitably changes hands many times there can be a few places where this corruption is happening:

1) The senders infrastructure. Get them to send it to say a hotmail address to verify.
2) Filtering mechanisms on your firewall (if present).
3) Anti-SPAM box
4) Exchange Information store level AV
5) Client side AV. (Use Outlook Web Access do you get the same thing?). Disable the service to see what happens - before receiving the email.

Since the problem is reproducable with a particular email - the best method is to resend this email paying particular attention to the above, disabling and enabling services as required.

 

by: realitybytesPosted on 2007-05-06 at 14:14:04ID: 19040005

I hear you. It might take a while for me to find the appropriate sender to ask to spend time on this. I'm hesitant to ask clients to help us resolve an internal email issue that doesn't really affect them.

Anyway, thanks for spending time with me on a Sunday. I'm done for the day. I'll try to find time to work on it again tomorrow.

 

by: JimboEfxPosted on 2007-05-06 at 14:49:27ID: 19040071

If it is indeed an attachment issue - you should only need to obtain a copy of the attachment prior to it reaching your network(like if they send it to a hotmail address). You could then test from there onwards.

If however the same corruption is found in the email sent to the hotmail account it is probably their infrastructure.

 

by: TechSoEasyPosted on 2007-05-07 at 00:15:39ID: 19041404

I'm fairly sure it's a problem with the WatchGuard SMTP Proxy.  Disabling it will not stop email from passing through the firewall if you have port 25 open and pointing to your SBS's IP.

This Microsoft KB article (http://support.microsoft.com/kb/895857) specifically states this issue:
" Duplicate e-mail messages are sent to a recipient. The recipient may receive the same e-mail message five or six times."

Jeff
TechSoEasy

 

by: realitybytesPosted on 2007-05-07 at 09:34:47ID: 19043866

Thanks, Jeff. Man, why couldn't I find that MS KB article?

OK, so now I have two things to try. This is a very busy week for me, but I'll try to find time to test both of these.

 

by: JimboEfxPosted on 2007-05-07 at 09:36:50ID: 19043885

That SMTP proxy article looks very promising. Make it your priority.

*bookmarks that one for later*

 

by: aplonaPosted on 2007-11-02 at 07:54:03ID: 20201385

I had this same issue with a firebox 500 but after pulling my hair out I came to realize that the issue was because there wasn't enough bandwidth on my internet connection and we had voip phones

 

by: realitybytesPosted on 2007-11-02 at 13:42:23ID: 20204388

In my case bandwidth was clearly not the issue. We have a 45MB DS3 connection. Watchguard recently released a version upgrade to Watchguard System Manager and Fireware. When I installed those updates, the problem disappeared.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...