Solved

Some email being dropped

Posted on 2010-11-12
4
477 Views
Last Modified: 2012-08-14
I am working with SBS 2003 Exchange. Emails to one user appear to just be disappearing. The other four accounts on the server appear to be functioning normally.

At least two emails sent last week on 11/4 (determined by Sent date, and verbally confirmed with the sender) were delivered to the user's inbox yesterday 11/11 - a week after they were sent.

Also, emails being sent to the user from others, and me from a corporate Exchange 2007 account and a Yahoo account, are not arriving at all. The sender never even gets an email saying it was not delivered, rejected or delayed.

The server's message tracking was not turned on until today, so I'm only able to track my recent test messages. The message tracking corresponds to what arrives in the user's inbox. I am checking the user's email using webmail, then POP after I see it appear in the webmail. There has been no inconsistency between the two.

This is a chart of the test emails I have sent and their results:

Test 1 - exchange sender - single recipient - received
Test 2 - exchange sender - multiple recipients - received
Test 3 - yahoo sender - multiple recipients - not received
Test 4 - yahoo sender - single recipient - not received
Test 5 - exchange sender - multiple recipients - received
Test 6 - exchange sender - multiple recipients - received
Test 7 - exchange sender - single recipient - received
Test 8 - yahoo sender - single recipient - not received
Test 9 - yahoo sender - multiple recipients - received
Test 10 - exchange sender - single recipient - received
Test 11 - exchange sender - single recipient - received
Test 12 - yahoo sender - single recipient - received
Test 13 - yahoo sender - single recipient - received
Test 14 - yahoo sender - single recipient - not received
Test 15 - exchange sender - single recipient - received
Test 16 - yahoo sender - single recipient - received after delay

Another factor to add is that they are using St. Bernard iPrism for email filtering. The "Inbound Mail Real-Time Message Queue" correctly shows the received messages, and does not show the messages that have not been received. I checked the quarantines as well and none of the emails are being caught in there.

My current theory is that the St. Bernard filtering is catching and holding the emails for filtering and never passes them on, or only passes them on after a long period of time. Beyond this I am totally lost as to why this is happening.
0
Comment
Question by:mmmfg
  • 2
  • 2
4 Comments
 
LVL 13

Expert Comment

by:markusdamenous
ID: 34128296
Looking at the message headers on a message that was received late would be a good start.

Within Outlook, drill down to the message properties and message header.  The headers show how it traversed the internet from its sender to the person receiving it.  It will say things along the lines of

Recevied from mailserver1.domain.com by mailserver2.alternatedomain.com at 12:34 on 22/09/2010.  There will be lots of these lines, 1 for each server that has handled the mail.  From these, you should see where the gap of a week originates and be able to start narrowing down where the problem lies.
0
 
LVL 1

Author Comment

by:mmmfg
ID: 34136040
Thank! I'll give that a try. Some of my other test emails also came in a couple days after I sent them. I'll check the headers on those emails too.
0
 
LVL 1

Author Comment

by:mmmfg
ID: 34157134
One of the tests was delayed over a day so I used the header from that email. It appears to have taken a long time to be received by the St. Bernard system. They received the email at Sun, 14 Nov 2010 12:47:15 +0000 (GMT) when the email was sent at 13 Nov 2010 00:36:56 -0000 GMT. See below for details.

How should I interpret this information?


Received: from oc-out3.mxpath.net ([208.74.58.39]) by mail.***MYDOMAIN***.org with Microsoft SMTPSVC(6.0.3790.4675);
                 Sun, 14 Nov 2010 06:35:12 -0600
Received: from enterprise.filter (oc-ef4.mxpath.net [172.16.14.69])
                by oc-out3.mxpath.net (MXPath Final Delivery) with SMTP id 804E71C14A
                for <***TO ADDRESS***>; Sun, 14 Nov 2010 12:47:16 +0000 (GMT)
Received: from oc-fr5.mxpath.net (oc-fr5.mxpath.net [172.16.15.38])
                by oc-ef4.mxpath.net (MXPath Enterprise Filter) with ESMTP id 509112857D
                for <***TO ADDRESS***>; Sun, 14 Nov 2010 12:47:16 +0000 (GMT)
Received: from nm25-vm0.bullet.mail.ac4.yahoo.com (nm25-vm0.bullet.mail.ac4.yahoo.com [98.139.52.240])
                by oc-fr5.mxpath.net (MXPath Enterprise2) with SMTP id 7941335D37
                for <***TO ADDRESS***>; Sun, 14 Nov 2010 12:47:15 +0000 (GMT)
Received: from [98.139.52.193] by nm25.bullet.mail.ac4.yahoo.com with NNFMP; 13 Nov 2010 00:36:56 -0000
Received: from [98.139.52.174] by tm6.bullet.mail.ac4.yahoo.com with NNFMP; 13 Nov 2010 00:36:56 -0000
Received: from [127.0.0.1] by omp1057.mail.ac4.yahoo.com with NNFMP; 13 Nov 2010 00:36:56 -0000
0
 
LVL 13

Accepted Solution

by:
markusdamenous earned 250 total points
ID: 34159489
What I would do is liaise with the filtering provider.  Show them this message header, and ask them to explain why the delay exists.  I think you could spend a lot of time wondering, but the same question will still need to be asked of them.

If you're happy to do that, let me know the result of the conversation.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now