messages delivered to admin account and not the intended recipient

Posted on 2011-04-29
Last Modified: 2012-08-14
Periodically - we have some incoming email messages that get delivered to our admin account and not the intended recpient. It was a low priority issue as it usually was an email blast message where the recepient was blind copied or an undisclosed recipient, but lately I have one domain that can not send us direct messages without it being routed to the admin account. I'm also not sure why these messages go to our admin@domain account as I do not have that specified in the Exchange Systems Manager or our Microsoft Antigen
Question by:TPMcGill-Sheraton
    LVL 26

    Expert Comment

    Maybe it has something to do with antispam filtering.
    I would start troubleshooting the problem with viewing SMTP logs and message tracking tool.

    It is the same problem if they try to send to different adresses?
    LVL 24

    Expert Comment

    Looks like the spam emails have been configured to re-route to admin mailbox.

    Author Comment

    No matter what user they send to it goes to the admin mailbox and not the intended recipient. The domains are safe senders and there is no entries in our antigen log.

    Below is the message header of an email that went to the admin mailbox

    Microsoft Mail Internet Headers Version 2.0
    Received: from ([]) by mail.sheratonatl.local with Microsoft SMTPSVC(6.0.3790.4675);
           Fri, 29 Apr 2011 18:47:27 -0400
    Received: from ([])
          by with smtp (Exim 3.36 #4)
          id 1QFwT2-0003Xk-00
          for; Fri, 29 Apr 2011 17:47:20 -0500
    Received: from ([])
          by (EarthLink SMTP Server) with SMTP id 1qfWt058Z3NZFmC0; Fri, 29 Apr 2011 15:47:18 -0700 (PDT)
    Received: from ([])
          by (EarthLink SMTP Server) with ESMTP id 1qfWsZ5uk3NZFmC0
          for <>; Fri, 29 Apr 2011 15:47:17 -0700 (PDT)
    Received: from RichardPC ( [] (may be forged))
          (authenticated bits=0)
          by (8.13.6/8.13.1) with ESMTP id p3TMlEQ0025843;
          Fri, 29 Apr 2011 22:47:16 +0000
    From: "Richard Jones" <>
    To: <>, "'Q9 WIP'" <>, <>,
            <>, "'Keith Hensley'" <>,
            "'Daniel Senden'" <>,
            "'Edd Karlan'" <>, <>
    References: <>
    In-Reply-To: <>
    Subject: RE: New comment posted to Q9 Job #3575_AARM_Atlanta_Alliance_Website
    Date: Fri, 29 Apr 2011 18:47:16 -0400
    Message-ID: <01fd01cc06bf$65654e80$302feb80$@com>
    MIME-Version: 1.0
    Content-Type: text/plain;
    Content-Transfer-Encoding: quoted-printable
    X-Mailer: Microsoft Office Outlook 12.0
    Thread-Index: AcwGlXWcVyrVB3K1TwiLpkFK4iEkfwACjQfQ
    Content-Language: en-us
    X-CSC: 0
    X-CHA: v=1.1 cv=jpd6Eq6hhthdGUyp4g6xuwyN3bq3gxPNGeAh1QQag/A= c=1 sm=1
                a=nu8L7UM6Fy4A:10 a=YsWWI4kEeAgA:10 a=IkcTkHD0fZMA:10
                a=VRqUN+a7pGObuD/3ONGFjQ==:17 a=v68GH2aqAAAA:8 a=MPoOR6PzAAAA:8
                a=Td3EgxEIAAAA:8 a=3Lfl1ZXoAAAA:8 a=_8zBwPMRAAAA:8 a=L1ZBEMwHAAAA:8
                a=pGLkceISAAAA:8 a=BUCncRSxAAAA:8 a=a7H7VjAIAAAA:8 a=r6T-0wBi3Mqx_WcGwaAA:9
                a=OWH6lbf_h2EF_7d7A_gA:7 a=QEXdDO2ut3YA:10 a=2q1izpddlPsA:10
                a=bLw0ySDEODkA:10 a=5oNGTS7aHg4A:10 a=ZeaDiBoMXnYA:10 a=wDPt2UZEewEA:10
                a=PLKCpTzrWYcA:10 a=E7wuWWQPUS4A:10 a=aSlWfPMmDOAA:10 a=Stl4FSoYJqsA:10
                a=TScJXaykILcA:10 a=mAAHecRI7nQA:10 a=V6WloH25magA:10 a=E6s-atTtWgie7Fm4:21
                a=A46-La0KcbTpimn4:21 a=VRqUN+a7pGObuD/3ONGFjQ==:117
    X-ELNK-Received-Info: spv=0;
    X-ELNK-AV: 0
    X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=010;
    X-OriginalArrivalTime: 29 Apr 2011 22:47:27.0362 (UTC) FILETIME=[69FD2620:01CC06BF]

    LVL 26

    Expert Comment

    Please check at your exchange server SMTP logs.
    Check at the log for the "problematic" sender and check who is the recipient for that connection.
    If you have already there listed admin address, then the cause of the problem is before the mail reaches
    your mail server.

    As from the posted message header it looks like already the "EarthLink SMTP Server" replaces
    recipinets address (daniel) with postmasters address.

    Received: from ([])
          by (EarthLink SMTP Server) with ESMTP id 1qfWsZ5uk3NZFmC0
          for <>; Fri, 29 Apr 2011 15:47:17 -0700 (PDT)
    LVL 26

    Expert Comment

    Just one advice, when posting logs it is good to mask real mail adresses (and other addresses) with fake ones - to protect your privacy.
    Using I have found that you should have to change your SMTP banner on your exchange server if you don't want to have problems sending mail to some mail servers.

    Accepted Solution

    The problem was with the ISP provider that hosted our AMX record

    Author Closing Comment

    ISP issue

    Author Comment

    ISP Issue

    Featured Post

    Are end users causing IT problems again?

    You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

    Join & Write a Comment

    Suggested Solutions

    Use email signature images to promote corporate certifications and industry awards.
    Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
    In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
    In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now