Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange Server 2003 mail delivery problem - Some users report receiving mail that is addressed to other users.

Posted on 2006-06-28
7
Medium Priority
?
684 Views
Last Modified: 2013-11-15
Hi all,

Short desc: Some users report receiving mail that is addressed to other users. These users -sometimes have LONG been deleted from AD and mailboxes purged. Other times, it's a current user. These mails do not appear to be addressed to the receiving user in the CC field.

Environment is Exchange 2003 (native) running on Standard Server 2003 SP1. 2003 Active directory 2000/2003 mixed mode. Incoming mail flow is Internet -> Watchguard firewall - > Barracuda Spam Device -> Exchange Server.

Here are two headers... The first message header is one that was addressed to a valid user "Georgia" but ended up in my mailbox. The second header is one that was addressed to a user that is no longer with the company and has long since been deleted/mailbox purged, but was accepted and delivered also to my mailbox.

I have heard reports of users getting similar mail. What would cause this problem?

########################################################
Microsoft Mail Internet Headers Version 2.0
Received: from barracuda.yaddayadda.com ([192.168.1.33]) by dunsvr06.yaddayadda.com with Microsoft SMTPSVC(6.0.3790.1830);
       Thu, 22 Jun 2006 20:47:46 -0400
X-ASG-Debug-ID: 1151023653-14393-1-2
X-Barracuda-URL: http://192.168.1.33:8000/cgi-bin/mark.cgi
Received: from CHOMIAK-S5YW5GZ (unknown [83.20.3.53])
      by barracuda.yaddayadda.com (Spam Firewall) with ESMTP
      id 22F3BD8DB; Thu, 22 Jun 2006 20:47:44 -0400 (EDT)
Message-ID: <95615586354603.5DDAC7FF8F@I0V1>
From: "Nixon" <Nixoncheeky@earthlink.net>
To: <georgia@yaddayadda.com>
X-ASG-Orig-Subj: Recent stuff You always dreamt to rock hard erections…
Subject: Recent stuff You always dreamt to rock hard erections…
Date: Fri, 23 Jun 2006 02:47:29 +0200
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Thread-Index: 1OLsSha3AIja22EzeQ3vCFZKAnxc8d5Uz3L3
Content-Type: text/plain;
        charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by Barracuda Spam Firewall at yaddayadda.com
X-Barracuda-Header-Alert: BAD HEADER Non-encoded 8-bit data (char 85 hex) in message header 'X-ASG-Orig-Subj'
       X-ASG-Orig-Subj: ...ff You always dreamt to rock hard erections\205 \n
                                                                      ^
X-Barracuda-Spam-Score: 1.77
X-Barracuda-Spam-Status: No, SCORE=1.77 using global scores of TAG_LEVEL=2.5 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=3.0 tests=SARE_ADULT2, SUBJ_ILLEGAL_CHARS
X-Barracuda-Spam-Report: Code version 3.02, rules version 3.0.15342
      Rule breakdown below pts rule name              description
      ---- ---------------------- --------------------------------------------------
      0.10 SUBJ_ILLEGAL_CHARS     Subject contains too many raw illegal characters
      1.67 SARE_ADULT2            BODY: Contains adult material
Return-Path: Nixonconvalescent@earthlink.net
X-OriginalArrivalTime: 23 Jun 2006 00:47:46.0298 (UTC) FILETIME=[A4D25DA0:01C6965E]
####################################################################

Addressed to a user that is no longer with the company and has long since been deleted/mailbox purged, but was accepted and delivered to a my mailbox.

####################################################################

Microsoft Mail Internet Headers Version 2.0
Received: from barracuda.yaddayadda.com ([192.168.1.33]) by dunsvr06.yaddayadda.com with Microsoft SMTPSVC(6.0.3790.1830);
       Thu, 22 Jun 2006 10:35:13 -0400
X-ASG-Debug-ID: 1150986903-15395-2-0
X-Barracuda-URL: http://192.168.1.33:8000/cgi-bin/mark.cgi
Received: from JACOB-2YHHJQYFC (cpe-70-117-21-239.satx.res.rr.com [70.117.21.239])
      by barracuda.yaddayadda.com (Spam Firewall) with ESMTP
      id DA1D623F3C; Thu, 22 Jun 2006 10:35:03 -0400 (EDT)
Message-ID: <13061306174127.08147DB408@OLFFN>
From: "Efren" <LucilleBurtj7@tokyo.com>
To: <geniece@yaddayadda.com>
X-ASG-Orig-Subj: Never-seen Get a better job
Subject: Never-seen Get a better job
Date: Thu, 22 Jun 2006 09:34:39 -0500
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Thread-Index: ZQJ1KWu6v72wo032X3AJC9c927pKbZRmvtDM
Content-Type: text/plain;
        charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by Barracuda Spam Firewall at yaddayadda.com
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=2.5 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=3.0 tests=
X-Barracuda-Spam-Report: Code version 3.02, rules version 3.0.15311
      Rule breakdown below pts rule name              description
      ---- ---------------------- --------------------------------------------------
Return-Path: TabithaSkinnerx0@europe.com
X-OriginalArrivalTime: 22 Jun 2006 14:35:13.0612 (UTC) FILETIME=[128388C0:01C69609]




0
Comment
Question by:hotcam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 700 total points
ID: 17000723
more than likely it is just SPAMMERS... the reason it the person who recieved the email isn't on any of the headers is that spammers will send an email to 1000s of people in the BCC field.

the reason old and new email addresses are being sent to is b/c of a Directory Harvest Attack on your system:

http://www.pcmag.com/article2/0,1759,1543581,00.asp
0
 
LVL 1

Author Comment

by:hotcam
ID: 17000930
Thanks for the link.

If they use the BCC field, wouldn't the message still end up in the mailbox of the user with the TO: field being correct for that user? From my experience with the BCC field is that each recipient gets the message where the TO: field is addressed -to that user- as if they were the only one that got it...

1) Ben sends message BCC to: Mary, Greg

2a) Greg gets message
To: Greg
From: Ben

2b) Mary gets Message
To: Mary
From: Ben

In this case,

1) Ben sends message (assuming BCC) to: Georgia

2) Brian gets message
To: Georgia
From: Ben

Seems like some kind of "message routing problem" Am I missing something?
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 17001159
dont trust the header of ANY email,,, especiall if it comes from a SPAMMER, its called a malformed header.  Read up on it.
0
Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

 
LVL 1

Author Comment

by:hotcam
ID: 17001372
I will certainly do that... Leaving this open for now, hopefully...I can get some more people to chime in.
0
 
LVL 9

Expert Comment

by:PC_Rob
ID: 17002217
This is totally SPAM related.  The email headers and address used or shown are VERY often incorrect.

Do you have a SPAM filter that can at least keep these from going to their inbox?  There is nothing you can do (from what I have experienced) to stop these emails, or to show who they were really addressed to.  The whole point of the SPAMMER is to confuse the mail server and SPAM blockers so it will get delievered to as many people as possible.  This is why the headers are all jacked up, etc.

Good luck,

Rob
0
 
LVL 1

Author Comment

by:hotcam
ID: 17002448
Thanks, and yes, the barracuda is the device that's supposed to handle it the spam. You can see what the cuda thought about it in the headers. For the most part, it does a great job if it. For whatever reason, these aren't scoring high enough :-(

0

Featured Post

The top UI technologies you need to be aware of

An important part of the job as a front-end developer is to stay up to date and in contact with new tools, trends and workflows. That’s why you cannot miss this upcoming webinar to explore the latest trends in UI technologies!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question