This is an odd one for you guys. I have a user who did not receive a message that was sent to him directly and CC'd to another employee. BUT, the CC'd employee DID receive the message though. How is this possible?
My email flow is as follows - First touch is McAfee MxLogic Spam filter in the cloud, then onto a Cisco IronPort on my local LAN, then onto my internal Exchange 2007 server which then Journals the message for Global Relay to pickup and archive...
For clarity, let's call the TO recipient User_TO, and the CC'd recipient User_CC...
I begin my search for this message at Global Relay, a third party email archiving solution in the cloud. According to them, User_TO & User_CC both recieved the message in question. User_TO insists he did not so i run the same search against the message tracking log in Exchange. Sure enough, the logs report that USER_TO did NOT receive the message. The logs only show the CC recipient receiving the message!
So i jump into the Exchange Management Shell and using export-mailbox, pull the message in question into a .pst from User_CC's account. I open the .pst and the message does show USER_TO's email address in the To field. I run the same cmdlet against USER_TO's account and the message is no where to be found.
This doesn't make any sense so my next next search is against the Ironport. It gets interesting here because i find the message in question in the logs but the envelope recipient listed is USER_CC. USER_TO is NOT listed anywhere...
Since the Ironport hands the messages off to the exchange server, it makes sense that the logs in exchange don't show USER_TO as that user is not in the header according to the Ironport. But, how on earth is the message showing USER_TO in the USER_CC's inbox and in the Global Relay/Journalled copy?!
USER_TO is in panic mode as he may lose his job over this. The message was very critical & they think he's lying. I want to tell management he's not lying but i have conflicting records of what happened to this message AND USER_CC (his manager) has a copy of this message with USER_TO in the header! I also want to dscover if my email flow is flawed somehow. Any guidance here would be greatly appreciated... IronPort-log-for-EE
”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
-Mike Kapnisakis, Warner Bros
With your subscription - you'll gain access to our exclusive IT community of thousands of IT pros. You'll also be able to connect with highly specified Experts to get personalized solutions to your troubleshooting & research questions. It’s like crowd-sourced consulting.
We can't always guarantee that the perfect solution to your specific problem will be waiting for you. If you ask your own question - our Certified Experts will team up with you to help you get the answers you need.
Our certified Experts are CTOs, CISOs, and Technical Architects who answer questions, write articles, and produce videos on Experts Exchange. 99% of them have full time tech jobs - they volunteer their time to help other people in the technology industry learn and succeed.
We can't guarantee quick solutions - Experts Exchange isn't a help desk. We're a community of IT professionals committed to sharing knowledge. Our experts volunteer their time to help other people in the technology industry learn and succeed.