troubleshooting Question

CC recipient receives email but TO recipient does not

Avatar of logicworkz
logicworkzFlag for United States of America asked on
ExchangeOutlook
3 Comments1 Solution3064 ViewsLast Modified:
Hello Experts,

This is an odd one for you guys. I have a user who did not receive a message that was sent to him directly and CC'd to another employee. BUT, the CC'd employee DID receive the message though. How is this possible?

My email flow is as follows - First touch is McAfee MxLogic Spam filter in the cloud, then onto a Cisco IronPort on my local LAN, then onto my internal Exchange 2007 server which then Journals the message for Global Relay to pickup and archive...

For clarity, let's call the TO recipient User_TO, and the CC'd recipient User_CC...

I begin my search for this message at Global Relay, a third party email archiving solution in the cloud. According to them, User_TO & User_CC both recieved the message in question. User_TO insists he did not so i run the same search against the message tracking log in Exchange. Sure enough, the logs report that USER_TO did NOT receive the message. The logs only show the CC recipient receiving the message!

So i jump into the Exchange Management Shell and using export-mailbox, pull the message in question into a .pst from User_CC's account. I open the .pst and the message does show USER_TO's email address in the To field. I run the same cmdlet against USER_TO's account and the message is no where to be found.

This doesn't make any sense so my next next search is against the Ironport. It gets interesting here because i find the message in question in the  logs but the envelope recipient listed is USER_CC. USER_TO is NOT listed anywhere...

Since the Ironport hands the messages off to the exchange server, it makes sense that the logs in exchange don't show USER_TO as that user is not in the header according to the Ironport. But, how on earth is the message showing USER_TO in the USER_CC's inbox and in the Global Relay/Journalled copy?!

USER_TO is in panic mode as he may lose his job over this. The message was very critical & they think he's lying. I want to tell management he's not lying but i have conflicting records of what happened to this message AND USER_CC (his manager) has a copy of this message with USER_TO in the header! I also want to dscover if my email flow is flawed somehow. Any guidance here would be greatly appreciated...
IronPort-log-for-EE
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 3 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros