skoshy123
asked on
DEFER emails in Exchange Tracking Log Analyser
Hi,
when i look in my Firewall Logs i can see a particular hits of 400 + to a particular domain "@lms.com" . When i look in the firewall log analyser for the email in the Event ID for "Defer" i can see from an internal user "hm@alm.com"is sending a Read receipt to the "elot@lms.com" and this is getting delayed and sending every 5 seconds.
I'm attaching the screenshots of log analyser & firewall log.
What's the solution for this to stop this or whats the best practise people will do.
rgrds
Sonu.
firewall-log.jpg
exchange-log.jpg
when i look in my Firewall Logs i can see a particular hits of 400 + to a particular domain "@lms.com" . When i look in the firewall log analyser for the email in the Event ID for "Defer" i can see from an internal user "hm@alm.com"is sending a Read receipt to the "elot@lms.com" and this is getting delayed and sending every 5 seconds.
I'm attaching the screenshots of log analyser & firewall log.
What's the solution for this to stop this or whats the best practise people will do.
rgrds
Sonu.
firewall-log.jpg
exchange-log.jpg
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
thanks
In your case I would would use the Queue Viewer in the EMC to suspend the queue, and then delete the read receipt
As you have the possible destination addresses, i would however use a packet sniffer such as wireshark to examine the SMTP traffic flow to try and discover why this is happening, beforee deleting it.