Apexadmin
asked on
Exchange 2007 same email over and over
I have a user that is getting this one email over and over every 5-10 minutes. It is Exchange 2007 on a 2008 SBS server. No other user is having this issue. We have a spam filter device in the cloud that filters the mail, the mail is duplicating through it. I look at the Exchange Message tracking. It shows the email over and over to the user and the messageID is the same. Thoughts?
Cris Hanna
I'm guessing that you are using the POP3 connector and someone was BCC'd in this email?
When you track the message, what are the events that you see?
Do you see a Receive SMTP over and over again? if yes, what is the client IP? what is it pointing to?
Have you disabled Store duplicate detection? Check the keys mentioned in
http://technet.microsoft.com/en-us/library/dd577073(EXCHG.80).aspx
Is this happening to only one user? what is the message type that he is getting? IPM.NOTE?
Do you see a Receive SMTP over and over again? if yes, what is the client IP? what is it pointing to?
Have you disabled Store duplicate detection? Check the keys mentioned in
http://technet.microsoft.com/en-us/library/dd577073(EXCHG.80).aspx
Is this happening to only one user? what is the message type that he is getting? IPM.NOTE?
ASKER
The EventID is RECEIVE, Source is SMTP. It is over and over again. The Client IP is the cloud spam filter, where it was sent from, days prior.
I have not disabled Store duplicate detection.
Yes, only one user. I am not sure of the message type.
Weird thing is, I think it has stopped. The logs don't show anymore. Waiting for the user to get in to confirm.
I have not disabled Store duplicate detection.
Yes, only one user. I am not sure of the message type.
Weird thing is, I think it has stopped. The logs don't show anymore. Waiting for the user to get in to confirm.
If you are seeing multiple SMTP receive events that means that the mails are coming in from the cloud spam filter over and over again. Recommended to check with the Cloud spam filter team on why they are submitting it so many times
ASKER
We manage and monitor the spam filter device. There are no logs of this email sending multiple emails and it logs everything. Also wouldn't each email have a different Mail ID on the Exchange server if it was being sent from an outside source over and over?
That is correct. The reason why I was talking about Multiple emails coming in was because when the Message tracking shows that multiple SMTP receives, then it usually means that the message is received on the server multiple times.
Ideally message Id should have been different for different emails received by the Exchange from internet provided the Message Id is not stamped on the message previously before reaching the Exchange server. what is the message ID field in the message tracking show? does it show the same message ID every time?
Ideally message Id should have been different for different emails received by the Exchange from internet provided the Message Id is not stamped on the message previously before reaching the Exchange server. what is the message ID field in the message tracking show? does it show the same message ID every time?
ASKER
It is the same message ID every time.
If the message is being stamped by the sending server, the Exchange will not take the pains to stamp the message ID again.
What is the Message ID? does it have your server name in it? if the Exchange is stamping with a message ID, then the message ID will have something like this
eg:
Message-ID: <B6E704C90D73D449BFB7F58C5
See the server FQDN part. Is it your server's FQDN?
Above is just a sample message ID.
The part before @ can be any random string but after that will be your server's FQDN if it is stamped by the Exchange server.
What is the Message ID? does it have your server name in it? if the Exchange is stamping with a message ID, then the message ID will have something like this
eg:
Message-ID: <B6E704C90D73D449BFB7F58C5
See the server FQDN part. Is it your server's FQDN?
Above is just a sample message ID.
The part before @ can be any random string but after that will be your server's FQDN if it is stamped by the Exchange server.
ASKER
This is the message ID for all of them. The same exact.
<73889c8c-e1a5-4346-95ce-0
I have no idea what that domain but that is not customers domain nor is it the senders.
<73889c8c-e1a5-4346-95ce-0
I have no idea what that domain but that is not customers domain nor is it the senders.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The issue stopped before I could further isolate it. All your troubleshooting steps were very helpful. Thanks.