Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 728
  • Last Modified:

messages delivered to admin account and not the intended recipient

Periodically - we have some incoming email messages that get delivered to our admin account and not the intended recpient. It was a low priority issue as it usually was an email blast message where the recepient was blind copied or an undisclosed recipient, but lately I have one domain that can not send us direct messages without it being routed to the admin account. I'm also not sure why these messages go to our admin@domain account as I do not have that specified in the Exchange Systems Manager or our Microsoft Antigen
  • 4
  • 3
1 Solution
Maybe it has something to do with antispam filtering.
I would start troubleshooting the problem with viewing SMTP logs and message tracking tool.

It is the same problem if they try to send to different adresses?
Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
Looks like the spam emails have been configured to re-route to admin mailbox.
TPMcGill-SheratonAuthor Commented:
No matter what user they send to it goes to the admin mailbox and not the intended recipient. The domains are safe senders and there is no entries in our antigen log.

Below is the message header of an email that went to the admin mailbox

Microsoft Mail Internet Headers Version 2.0
Received: from wsmarth-infect.pas.sa.earthlink.net ([]) by mail.sheratonatl.local with Microsoft SMTPSVC(6.0.3790.4675);
       Fri, 29 Apr 2011 18:47:27 -0400
Received: from whmx-nag.pas.sa.earthlink.net ([])
      by wsmarth-infect.pas.sa.earthlink.net with smtp (Exim 3.36 #4)
      id 1QFwT2-0003Xk-00
      for admin@sheratonatl.com; Fri, 29 Apr 2011 17:47:20 -0500
X-ELNK-Loop: postmaster@sheratonatl.com
Received: from whmx-nag.pas.sa.earthlink.net ([])
      by whmx-nag.pas.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1qfWt058Z3NZFmC0; Fri, 29 Apr 2011 15:47:18 -0700 (PDT)
Received: from mail155c38.carrierzone.com ([])
      by whmx-nag.pas.sa.earthlink.net (EarthLink SMTP Server) with ESMTP id 1qfWsZ5uk3NZFmC0
      for <postmaster@sheratonatl.com>; Fri, 29 Apr 2011 15:47:17 -0700 (PDT)
X-Authenticated-User: richard.presentingatlanta.com
Received: from RichardPC (74-202-25-250.static.twtelecom.net [] (may be forged))
      (authenticated bits=0)
      by mail155c38.carrierzone.com (8.13.6/8.13.1) with ESMTP id p3TMlEQ0025843;
      Fri, 29 Apr 2011 22:47:16 +0000
From: "Richard Jones" <richard@presentingatlanta.com>
To: <pat.trammell@hyatt.com>, "'Q9 WIP'" <WIP@q9ads.com>, <michael@q9ads.com>,
        <veine@q9ads.com>, "'Keith Hensley'" <Keith.Hensley@marriott.com>,
        "'Daniel Senden'" <dsenden@sheratonatl.com>,
        "'Edd Karlan'" <Edd.Karlan@hilton.com>, <Rukiya.Bey@hilton.com>
References: <OFC6D31079.86ED9D21-ON85257881.005FC533@hyatt.com>
In-Reply-To: <OFC6D31079.86ED9D21-ON85257881.005FC533@hyatt.com>
Subject: RE: New comment posted to Q9 Job #3575_AARM_Atlanta_Alliance_Website
Date: Fri, 29 Apr 2011 18:47:16 -0400
Message-ID: <01fd01cc06bf$65654e80$302feb80$@com>
MIME-Version: 1.0
Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcwGlXWcVyrVB3K1TwiLpkFK4iEkfwACjQfQ
Content-Language: en-us
X-CSC: 0
X-CHA: v=1.1 cv=jpd6Eq6hhthdGUyp4g6xuwyN3bq3gxPNGeAh1QQag/A= c=1 sm=1
            a=nu8L7UM6Fy4A:10 a=YsWWI4kEeAgA:10 a=IkcTkHD0fZMA:10
            a=VRqUN+a7pGObuD/3ONGFjQ==:17 a=v68GH2aqAAAA:8 a=MPoOR6PzAAAA:8
            a=Td3EgxEIAAAA:8 a=3Lfl1ZXoAAAA:8 a=_8zBwPMRAAAA:8 a=L1ZBEMwHAAAA:8
            a=pGLkceISAAAA:8 a=BUCncRSxAAAA:8 a=a7H7VjAIAAAA:8 a=r6T-0wBi3Mqx_WcGwaAA:9
            a=OWH6lbf_h2EF_7d7A_gA:7 a=QEXdDO2ut3YA:10 a=2q1izpddlPsA:10
            a=bLw0ySDEODkA:10 a=5oNGTS7aHg4A:10 a=ZeaDiBoMXnYA:10 a=wDPt2UZEewEA:10
            a=PLKCpTzrWYcA:10 a=E7wuWWQPUS4A:10 a=aSlWfPMmDOAA:10 a=Stl4FSoYJqsA:10
            a=TScJXaykILcA:10 a=mAAHecRI7nQA:10 a=V6WloH25magA:10 a=E6s-atTtWgie7Fm4:21
            a=A46-La0KcbTpimn4:21 a=VRqUN+a7pGObuD/3ONGFjQ==:117
X-ELNK-Received-Info: spv=0;
X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=010;
Return-Path: richard@presentingatlanta.com
X-OriginalArrivalTime: 29 Apr 2011 22:47:27.0362 (UTC) FILETIME=[69FD2620:01CC06BF]

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Please check at your exchange server SMTP logs.
Check at the log for the "problematic" sender and check who is the recipient for that connection.
If you have already there listed admin address, then the cause of the problem is before the mail reaches
your mail server.

As from the posted message header it looks like already the "EarthLink SMTP Server" replaces
recipinets address (daniel) with postmasters address.

Received: from mail155c38.carrierzone.com ([])
      by whmx-nag.pas.sa.earthlink.net (EarthLink SMTP Server) with ESMTP id 1qfWsZ5uk3NZFmC0
      for <postmaster@sheratonatl.com>; Fri, 29 Apr 2011 15:47:17 -0700 (PDT)
Just one advice, when posting logs it is good to mask real mail adresses (and other addresses) with fake ones - to protect your privacy.
Using www.mxtoolbox.com I have found that you should have to change your SMTP banner on your exchange server if you don't want to have problems sending mail to some mail servers.
TPMcGill-SheratonAuthor Commented:
The problem was with the ISP provider that hosted our AMX record
TPMcGill-SheratonAuthor Commented:
ISP issue
TPMcGill-SheratonAuthor Commented:
ISP Issue

Featured Post

Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now