Link to home
Create AccountLog in
Avatar of skoshy123
skoshy123Flag for United Arab Emirates

asked on

DEFER emails in Exchange Tracking Log Analyser

Hi,

when i look in my Firewall Logs i can see a particular hits of 400 + to a particular domain "@lms.com" . When i look in the firewall log analyser for the email in the Event ID for "Defer" i can see from an internal user "hm@alm.com"is sending a Read receipt to the "elot@lms.com" and this is getting delayed and sending every 5 seconds.

I'm attaching the screenshots of log analyser & firewall log.

What's the solution for this to stop this or whats the best practise people will do.

rgrds
Sonu.
firewall-log.jpg
exchange-log.jpg
Avatar of ArneLovius
ArneLovius
Flag of United Kingdom of Great Britain and Northern Ireland image

As it can be a source of information leakage, I generally disable external read receipts

In your case I would would use the Queue Viewer in the EMC to suspend the queue, and then delete the read receipt

As you have the possible destination addresses, i would however use a packet sniffer such as wireshark to examine the SMTP traffic flow to try and discover why this is happening, beforee deleting it.
ASKER CERTIFIED SOLUTION
Avatar of Chris
Chris
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of skoshy123

ASKER

thanks