Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 667
  • Last Modified:

Server or receipients sending old emails

Server 2003 Enterprise SP1
Exchange 2003 SP2 running Trend Micro CSM Security for SMB
Clients on Outlook 2003 SP2
- All current on updates


The Trend CSM is a gateway product that manages SPAM, email viruses, attachments, etc.  When something is received or sent that violates a set rule, the CSM quarantines the file and sends a message like so to the recipient...

-----------
From: Administrator [mailto:Administrator]
Sent: Tuesday, June 20, 2006 3:40 AM
To: Mike Jones
Subject: [MailServer Notification]Attachment Blocking Notification

The Listed.zip has been blocked,
and Quarantine entire message has been taken on 6/20/2006 3:39:37.
Message details:
Server: Exchange1
Sender: mjones@foo.com;
Recipient:jlink@foo.com;
Subject:A list of product features
Attachment name:listed.zip
 -----------------


Within one day, there have been incidents where two users received a message similar to the above message from a valid email account in my ogranization.  In checking the quarantine, the messages ARE valid, but THEY ARE OLD.  

One external recipient received an email that was originally sent in 2003, and the other internal receipient received and email that was originally sent out 4 months ago.  THe sender's don't show these messages in their sent items.


At this point I have verified the following:

-The sending account is valid
-The receiving account is valid
-The message is valid but old
-The sender does not show the recent email in Sent Items
-The recipient has the old/original email in archive so they did receive it before.
-Viral scans have not detected anything
-Spyware scans have been run and successfully cleaned anything visible to it.


It appears that either Exchange or the Trend product is screwey and resending old emails.

What I would like your help in is determing the root cause... is it Exchange or Trend?  Any troubleshooting tips would be appreciated.


0
top_rung
Asked:
top_rung
  • 3
  • 2
1 Solution
 
SembeeCommented:
Header information on the message will be the best place to start. See what time it hit your Exchange server. If the time on the message is a year old, then it is the Exchange server at fault. If it is recent, then it is something outside.

Simon.
0
 
top_rungAuthor Commented:
Thanks,

Header info below
--------------
Microsoft Mail Internet Headers Version 2.0
Received: from mail pickup service by mail.mydomain.com with Microsoft SMTPSVC;
             Tue, 20 Jun 2006 03:40:13 -0500
thread-index: AcaURSXUDvGe5NQ7Tg+2r6dziaTXZg==
Thread-Topic: [MailServer Notification]Attachment Blocking Notification
From: <Administrator>
To: <jlink@foo.com>
Subject: [MailServer Notification]Attachment Blocking Notification
Date: Tue, 20 Jun 2006 03:40:13 -0500
Message-ID: <007801c69335$25e34b8b0$1f00000a@domain.local>
MIME-Version: 1.0
Content-Type: text/plain;
            charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft CDO for Exchange 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2663
X-OriginalArrivalTime: 20 Jun 2006 08:40:13.0702 (UTC) FILETIME=[25F3B260:01C69445]
-------

More than likely outside of Exchange ?  Support request sent to Trend.





0
 
SembeeCommented:
The message originated on Exchange, but through its SMTP service. That would tend to indicate that the message originated outside the Exchange service, but on the same server.

Is the Trend product on the same server? If so, then it looks like it is the trend product at fault.

Simon.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
top_rungAuthor Commented:
Yes it is on the same server - A gateway product that acts as the first point of contact for incoming emails.

Thanks Simon, I will see what Trend has to say about it and if pertinent, I will post the results.

Much appreciated.

0
 
Brian_LimerickCommented:
Hi,
We are also experiencing something similar.
Did you have any luck getting information from Trend?
0
 
top_rungAuthor Commented:
Hi Brian,

This was some time ago, but if memory serves me correct the response was to update to the newest version.  I did deploy the most current, and whether coincidence or not, I never saw the issue again.

Since '06, I haven't seen this once.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now