Solved

Server or receipients sending old emails

Posted on 2006-06-20
6
625 Views
Last Modified: 2009-07-14
Server 2003 Enterprise SP1
Exchange 2003 SP2 running Trend Micro CSM Security for SMB
Clients on Outlook 2003 SP2
- All current on updates


The Trend CSM is a gateway product that manages SPAM, email viruses, attachments, etc.  When something is received or sent that violates a set rule, the CSM quarantines the file and sends a message like so to the recipient...

-----------
From: Administrator [mailto:Administrator]
Sent: Tuesday, June 20, 2006 3:40 AM
To: Mike Jones
Subject: [MailServer Notification]Attachment Blocking Notification

The Listed.zip has been blocked,
and Quarantine entire message has been taken on 6/20/2006 3:39:37.
Message details:
Server: Exchange1
Sender: mjones@foo.com;
Recipient:jlink@foo.com;
Subject:A list of product features
Attachment name:listed.zip
 -----------------


Within one day, there have been incidents where two users received a message similar to the above message from a valid email account in my ogranization.  In checking the quarantine, the messages ARE valid, but THEY ARE OLD.  

One external recipient received an email that was originally sent in 2003, and the other internal receipient received and email that was originally sent out 4 months ago.  THe sender's don't show these messages in their sent items.


At this point I have verified the following:

-The sending account is valid
-The receiving account is valid
-The message is valid but old
-The sender does not show the recent email in Sent Items
-The recipient has the old/original email in archive so they did receive it before.
-Viral scans have not detected anything
-Spyware scans have been run and successfully cleaned anything visible to it.


It appears that either Exchange or the Trend product is screwey and resending old emails.

What I would like your help in is determing the root cause... is it Exchange or Trend?  Any troubleshooting tips would be appreciated.


0
Comment
Question by:top_rung
  • 3
  • 2
6 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 16946396
Header information on the message will be the best place to start. See what time it hit your Exchange server. If the time on the message is a year old, then it is the Exchange server at fault. If it is recent, then it is something outside.

Simon.
0
 
LVL 14

Author Comment

by:top_rung
ID: 16946753
Thanks,

Header info below
--------------
Microsoft Mail Internet Headers Version 2.0
Received: from mail pickup service by mail.mydomain.com with Microsoft SMTPSVC;
             Tue, 20 Jun 2006 03:40:13 -0500
thread-index: AcaURSXUDvGe5NQ7Tg+2r6dziaTXZg==
Thread-Topic: [MailServer Notification]Attachment Blocking Notification
From: <Administrator>
To: <jlink@foo.com>
Subject: [MailServer Notification]Attachment Blocking Notification
Date: Tue, 20 Jun 2006 03:40:13 -0500
Message-ID: <007801c69335$25e34b8b0$1f00000a@domain.local>
MIME-Version: 1.0
Content-Type: text/plain;
            charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft CDO for Exchange 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2663
X-OriginalArrivalTime: 20 Jun 2006 08:40:13.0702 (UTC) FILETIME=[25F3B260:01C69445]
-------

More than likely outside of Exchange ?  Support request sent to Trend.





0
 
LVL 104

Expert Comment

by:Sembee
ID: 16946867
The message originated on Exchange, but through its SMTP service. That would tend to indicate that the message originated outside the Exchange service, but on the same server.

Is the Trend product on the same server? If so, then it looks like it is the trend product at fault.

Simon.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 14

Author Comment

by:top_rung
ID: 16946893
Yes it is on the same server - A gateway product that acts as the first point of contact for incoming emails.

Thanks Simon, I will see what Trend has to say about it and if pertinent, I will post the results.

Much appreciated.

0
 

Expert Comment

by:Brian_Limerick
ID: 24851063
Hi,
We are also experiencing something similar.
Did you have any luck getting information from Trend?
0
 
LVL 14

Author Comment

by:top_rung
ID: 24851202
Hi Brian,

This was some time ago, but if memory serves me correct the response was to update to the newest version.  I did deploy the most current, and whether coincidence or not, I never saw the issue again.

Since '06, I haven't seen this once.
0

Featured Post

Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
how to add IIS SMTP to handle application/Scanner relays into office 365.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now