fabiouness
asked on
Strange Email behavior after removing Trend Micro Messaging Security
I recently upgraded my Exchange server OS, running Exchange Server 2003, from Server 2000 to Server 2003. Also on this server is Trend Micro's SMB Messaging Security suite which included Scanmail 7.0 for Exchange. After upgrading the OS, it seems the Trend program made some changes to the way it integrates with Exchange and Outlook as messages to many users started getting dumped in the Spam Folder under their mailboxes. These messages were all legitimate. Since it was confusing the users and I needed a quick fix, I removed the Scanmail program to prevent items from getting placed in the Spam Folder. I don't know that I even need that program as we filter our incoming email through ExchangeDefender to weed out spam before it even hits our Exchange server. That is not the weird issue, however. Beginning today, one user is now unable to receive emails in her Outlook client sent from an internal scanner, yet the message gets delivered to her Blackberry. We also have a BES onsite. Before removing the Scanmail program, she would get these messages in both places. I sent a scan from that machine to myself and compared the header to one of the scans she had received prior to this occurrence. The only difference is the following two lines, which seem to reference the scanmail program:
X-TM-AS-Product-Ver: SMEX-7.2.0.1122-3.6.1039-1
X-TM-AS-Result: No--7.892700-5.000000-31
What is going on here? The Exchange System Manager says that all scans are being delivered to her Mailbox store, they're going to her Blackberry, yet she doesn't get them in her Outlook client anywhere. Is there some hidden folder in the Trend directory or Exchange that I'm not seeing?
X-TM-AS-Product-Ver: SMEX-7.2.0.1122-3.6.1039-1
X-TM-AS-Result: No--7.892700-5.000000-31
What is going on here? The Exchange System Manager says that all scans are being delivered to her Mailbox store, they're going to her Blackberry, yet she doesn't get them in her Outlook client anywhere. Is there some hidden folder in the Trend directory or Exchange that I'm not seeing?
peakpeak
What about OWA, are the messages there?
ASKER
Not there either.
SMEX is the scanmail program. You said you had removed that but obviously there seem to be some residue of SMEX left behind.
Also do a search for the message that are missing. Might end up in another folder. Check all rules too.
ASKER
That line referring to SMEX was not present in the latest message that isn't showing up in the user's mailbox...that was just to show that those lines are the only difference in the header information between the last message that showed up in the mailbox and the one that doesn't show. We've searched her entire mailbox from within Outlook and found nothing, but is there a way to get the Exchange server to detail which folder it dumped the message into? System Manager only shows that the message was delivered to the mailbox store. Could this instead be a case of something with the Blackberry server filtering messages from this scanner? The filters set on the server refer only to CC and TO rules.
Swich on Message Tracking (should always be on)
Message tracking
http://www.msexchange.org/tutorials/The_Exchange_Message_Tracking_Center_or_How_to_Save_Your_A_in_a_Pinch.html
Message tracking
http://www.msexchange.org/tutorials/The_Exchange_Message_Tracking_Center_or_How_to_Save_Your_A_in_a_Pinch.html
ASKER
Message tracking was already on and I can see the "missing" message in the tracking center. The thing I need is for the system to tell me exactly which folder in the user's mailbox store it got delivered to. Is that possible?
What you see is what you get. Can you send a message and paste the output here?
ASKER
This is a scan sent from the machine that the user can no longer get in her mailbox. I sent it to my own account at the same time.
Microsoft Mail Internet Headers Version 2.0
Received: from RNPC8143C ([192.168.101.57]) by fltexch.xxyyzz.com with Microsoft SMTPSVC(6.0.3790.3959);
Tue, 5 Jan 2010 14:52:05 -0500
From: LD016-Warranty@xxyyzz.com
Subject:
To: "XX" <xx@xxyyzz.com>, "YY"
<YY@xxyyzz.com>
Date: Wed, 6 Jan 2010 03:56:00 -0500
Message-Id: <20100106035600HQ.DCSML-S0
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="DC_BOUND_PRE_<12
Return-Path: LD016-Warranty@xxyyzz.com
X-OriginalArrivalTime: 05 Jan 2010 19:52:05.0259 (UTC) FILETIME=[8E7565B0:01CA8E4
--DC_BOUND_PRE_<1262768160
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding:
--DC_BOUND_PRE_<1262768160
Content-Type: application/pdf; name="20100106035600487.pd
Content-Transfer-Encoding:
Content-Disposition: attachment;
filename="2010010603560048
--DC_BOUND_PRE_<1262768160
Microsoft Mail Internet Headers Version 2.0
Received: from RNPC8143C ([192.168.101.57]) by fltexch.xxyyzz.com with Microsoft SMTPSVC(6.0.3790.3959);
Tue, 5 Jan 2010 14:52:05 -0500
From: LD016-Warranty@xxyyzz.com
Subject:
To: "XX" <xx@xxyyzz.com>, "YY"
<YY@xxyyzz.com>
Date: Wed, 6 Jan 2010 03:56:00 -0500
Message-Id: <20100106035600HQ.DCSML-S0
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="DC_BOUND_PRE_<12
Return-Path: LD016-Warranty@xxyyzz.com
X-OriginalArrivalTime: 05 Jan 2010 19:52:05.0259 (UTC) FILETIME=[8E7565B0:01CA8E4
--DC_BOUND_PRE_<1262768160
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding:
--DC_BOUND_PRE_<1262768160
Content-Type: application/pdf; name="20100106035600487.pd
Content-Transfer-Encoding:
Content-Disposition: attachment;
filename="2010010603560048
--DC_BOUND_PRE_<1262768160
Sorry, I meant from the Message Tracking for the particular message
ASKER
Attached is a screen shot.
Tracking.doc
Tracking.doc
Ok, good. A successfully delivered message on your system, does that differ from this trace?
ASKER
Shows the same. That was a successfully delivered message, only it came to Outlook for the one user and only to the Blackberry of the other. I am going to turn off her Blackberry account and see what happens.
Good idea. Is there any tracing options on the BES?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There's something positive with going through your system in all aspects: You learn a lot you didn't know before and become better prepared for next problem (there will be one :). Glad it's solved !