Solved

Sporadic Duplicate Internal Emails

Posted on 2007-12-06
8
1,023 Views
Last Modified: 2008-02-01
Using SBS 2003, Exchange 2003 SP2, Trend Micro Client/Server/Messaging Security 3.6.  There is no pattern for when it occurs, but users occassionally receive a duplicate email from another internal recipient.  If it occurs with external recipients, noone has reported it.  Message Tracking is enabled on the Exchange Server.  The last time it occurred, there appears to be two messages with different message id's sent to the same user from another user at the same time (though the message tracking center does not reveal the subject line).  The sender only had one instance of the message in their sent items folder.  Neither user has any rules that would cause a duplicate.

I have not seen this problem with other setups running the same software/versions, and the problem occurs infrequently, so I am hesitant to disable antivirus on Exchange.  I am getting enough of a complaint, though, that I need to try to find a resolution.  Any thoughts are greatly appreciated!
0
Comment
Question by:jwhetstone
  • 3
  • 3
  • 2
8 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 20422343
You can get message tracking to show the subject - you need to change the settings on the Properties of the server in ESM, Servers.

AV software is the usual cause of this. Make sure that any file level AV is not scanning the Exchange directories.

Simon.
0
 
LVL 2

Author Comment

by:jwhetstone
ID: 20430140
Thanks for the tip on enabling the subject display.

Double-checked the AV settings in Trend; all Exchange folders are excluded from the file-level AV, however, there was a scheduled scan on the IS scheduled monthly on Sundays.  Though I don't think it has anything to do with the problem, I have disabled the scheduled scan.  For good measure, I have also added .edb, .stm, .log, and .chk file types to the AV exclusion list.

It seems the problem has been narrowed to emails originating from one user.  This particular user does daily maintenance on Sent Items, so I question whether there was only a single instance of the duplicate email that occurred yesterday in the Sent Items folder.  I have requested that they retain all messages in Sent Items until we an resolve the problem.  They may be using cached exchange, so I am also going to exclude .ost file types from the desktop AV group.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20433703
Are you using the POP3 Connector?  If so, this is a normal behavior.  

What happens is that the POP3 host will create a separate message for each person in the cc field without fully modifying the headers.  Then, Exchange downloads these messages and re-reads the headers to make it's own copies of messages for each cc.  Details are here:
http://support.microsoft.com/kb/264249

There's no real way to avoid this unless you have the sender use a distribution list address such as group@yourcompany.com.  You would then have to create the Distribution Group in your Server Management Console.

Alternatively, why not switch to SMTP mail?  The POP3 connector is really designed to just be a transition tool to allow you time to switch to SMTP email anyhow.  You can read more about how to do that here:  http://sbsurl.com/pop2smtp

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:jwhetstone
ID: 20459295
No, the POP3 connector is not in use.  

An odd thing occurred with this same server yesterday- due to previous Windows updates, the server was restarted.  They are using an external company for spam filtering, so I changed the SMTP server connection settings to only allow connections from that company's IP range.  After restarting the SMTP service, users reported receiving various read receipts and undeliverables as old as two months.  They had never previously received these messages.  Reviewing the message tracking center indicated these messages were processed on this day, but the headers of the messages revealed the date they were actually sent (up to two months prior).  

At this point, I am questioning the integrity of the queues, the SmallBusiness SMTP connector, or possibly the Exchange antivirus component of Trend Micro C/S/M Security 3.6.

I am going to delete and recreate the SMTP connector.  Is there a way to rebuild the queues?
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20461476
Rebuilding the queues?  Are they not empty?

To delete and recreate the SBS SMTP Connector you just delete it and then rerun the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > Internet and Email).

If they are using an external SPAM filtering service, then make sure that TrendMicro's SPAM or Content filter isn't enabled.  But does this service also provide AV?  If so, and if you've restricted receiving from only their servers, you don't need to be running AV on your Exchange server at all.  So you can effectively remove the Trend Micro Messaging Security Agent from your server.

Also check to make sure that the users don't have any special settings in Outlook for specific users that might send email in a different format which may cause the message to be sent via both Exchange (locally) and via SMTP through the external SPAM service and back again.

You can use EXInsight to watch for this.  The trial version is good for 15 days... www.exinsight.com

Jeff
TechSoEasy
0
 
LVL 104

Accepted Solution

by:
Sembee earned 250 total points
ID: 20466605
Old messages generating NDRs is quite common. See this blog posting:

http://theessentialexchange.com/blogs/michael/archive/2007/11/16/exchange-2003-sp2-and-greylisting.aspx

Simon.
0
 
LVL 2

Author Comment

by:jwhetstone
ID: 20468641
Thanks for the link, Simon- I think that is exactly what happened in this instance with the influx of undeliverables.

Thank you for your suggestions, too, Jeff.  I am hesitant to totally remove the Messaging Security agent; the spam filtering service does provide AV for incoming emails, but does nothing for outgoing or other items introduced into the information store from other sources, so I would prefer to maintain the internal layer of protection.

I've got to wonder if the what the two issues are interconnected.  I will apply the hotfix and monitor.  We can consider this one closed for now.

Thanks again for all the input.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20468897
Unless you configure Trend Micro's settings from the defaults, it's not scanning outgoing or other items introduced into the information store.  But the basic OfficeScan IS protecting you from those things by virtue of scanning every file accessed on any machine that has TrendMicro installed.

Jeff
TechSoEasy
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Sometimes Outlook might have problems sending a message. There may be various causes- corrupted PST, AV scanner etc. The message, instead of going to the Sent Items folder, sits in the Outbox indefinitely. To remove it you can use a free tool cal…
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now