messages delivered to admin account and not the intended recipient

Periodically - we have some incoming email messages that get delivered to our admin account and not the intended recpient. It was a low priority issue as it usually was an email blast message where the recepient was blind copied or an undisclosed recipient, but lately I have one domain that can not send us direct messages without it being routed to the admin account. I'm also not sure why these messages go to our admin@domain account as I do not have that specified in the Exchange Systems Manager or our Microsoft Antigen
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Maybe it has something to do with antispam filtering.
I would start troubleshooting the problem with viewing SMTP logs and message tracking tool.

It is the same problem if they try to send to different adresses?
Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
Looks like the spam emails have been configured to re-route to admin mailbox.
TPMcGill-SheratonAuthor Commented:
No matter what user they send to it goes to the admin mailbox and not the intended recipient. The domains are safe senders and there is no entries in our antigen log.

Below is the message header of an email that went to the admin mailbox

Microsoft Mail Internet Headers Version 2.0
Received: from ([]) by mail.sheratonatl.local with Microsoft SMTPSVC(6.0.3790.4675);
       Fri, 29 Apr 2011 18:47:27 -0400
Received: from ([])
      by with smtp (Exim 3.36 #4)
      id 1QFwT2-0003Xk-00
      for; Fri, 29 Apr 2011 17:47:20 -0500
Received: from ([])
      by (EarthLink SMTP Server) with SMTP id 1qfWt058Z3NZFmC0; Fri, 29 Apr 2011 15:47:18 -0700 (PDT)
Received: from ([])
      by (EarthLink SMTP Server) with ESMTP id 1qfWsZ5uk3NZFmC0
      for <>; Fri, 29 Apr 2011 15:47:17 -0700 (PDT)
Received: from RichardPC ( [] (may be forged))
      (authenticated bits=0)
      by (8.13.6/8.13.1) with ESMTP id p3TMlEQ0025843;
      Fri, 29 Apr 2011 22:47:16 +0000
From: "Richard Jones" <>
To: <>, "'Q9 WIP'" <>, <>,
        <>, "'Keith Hensley'" <>,
        "'Daniel Senden'" <>,
        "'Edd Karlan'" <>, <>
References: <>
In-Reply-To: <>
Subject: RE: New comment posted to Q9 Job #3575_AARM_Atlanta_Alliance_Website
Date: Fri, 29 Apr 2011 18:47:16 -0400
Message-ID: <01fd01cc06bf$65654e80$302feb80$@com>
MIME-Version: 1.0
Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcwGlXWcVyrVB3K1TwiLpkFK4iEkfwACjQfQ
Content-Language: en-us
X-CSC: 0
X-CHA: v=1.1 cv=jpd6Eq6hhthdGUyp4g6xuwyN3bq3gxPNGeAh1QQag/A= c=1 sm=1
            a=nu8L7UM6Fy4A:10 a=YsWWI4kEeAgA:10 a=IkcTkHD0fZMA:10
            a=VRqUN+a7pGObuD/3ONGFjQ==:17 a=v68GH2aqAAAA:8 a=MPoOR6PzAAAA:8
            a=Td3EgxEIAAAA:8 a=3Lfl1ZXoAAAA:8 a=_8zBwPMRAAAA:8 a=L1ZBEMwHAAAA:8
            a=pGLkceISAAAA:8 a=BUCncRSxAAAA:8 a=a7H7VjAIAAAA:8 a=r6T-0wBi3Mqx_WcGwaAA:9
            a=OWH6lbf_h2EF_7d7A_gA:7 a=QEXdDO2ut3YA:10 a=2q1izpddlPsA:10
            a=bLw0ySDEODkA:10 a=5oNGTS7aHg4A:10 a=ZeaDiBoMXnYA:10 a=wDPt2UZEewEA:10
            a=PLKCpTzrWYcA:10 a=E7wuWWQPUS4A:10 a=aSlWfPMmDOAA:10 a=Stl4FSoYJqsA:10
            a=TScJXaykILcA:10 a=mAAHecRI7nQA:10 a=V6WloH25magA:10 a=E6s-atTtWgie7Fm4:21
            a=A46-La0KcbTpimn4:21 a=VRqUN+a7pGObuD/3ONGFjQ==:117
X-ELNK-Received-Info: spv=0;
X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=010;
X-OriginalArrivalTime: 29 Apr 2011 22:47:27.0362 (UTC) FILETIME=[69FD2620:01CC06BF]

JavaScript Best Practices

Save hours in development time and avoid common mistakes by learning the best practices to use for JavaScript.

Please check at your exchange server SMTP logs.
Check at the log for the "problematic" sender and check who is the recipient for that connection.
If you have already there listed admin address, then the cause of the problem is before the mail reaches
your mail server.

As from the posted message header it looks like already the "EarthLink SMTP Server" replaces
recipinets address (daniel) with postmasters address.

Received: from ([])
      by (EarthLink SMTP Server) with ESMTP id 1qfWsZ5uk3NZFmC0
      for <>; Fri, 29 Apr 2011 15:47:17 -0700 (PDT)
Just one advice, when posting logs it is good to mask real mail adresses (and other addresses) with fake ones - to protect your privacy.
Using I have found that you should have to change your SMTP banner on your exchange server if you don't want to have problems sending mail to some mail servers.
TPMcGill-SheratonAuthor Commented:
The problem was with the ISP provider that hosted our AMX record

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TPMcGill-SheratonAuthor Commented:
ISP issue
TPMcGill-SheratonAuthor Commented:
ISP Issue
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.