• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 299
  • Last Modified:

Lost E-mail mystery

I have a user who has just reported than an expected e-mail has not arrived.
Normally that's caused by the sender getting the e-mail address wrong but in this case, a check of Exchange System Manager shows that the mail did indeed arrive with our Exchange box.

From there however it appears to have got lost, never arriving in the user's inbox.

I have checked the logs on our Trend Worry-Free installation and nothing show up there (that said, I don't know Trend that well, so I may have missed something)

Any experts have a suggestion as to how I can trace where this e-mail has gone?
0
dangermouse1977
Asked:
dangermouse1977
  • 6
  • 4
  • 3
2 Solutions
 
Paul 1Commented:
have you got exchanges Anit-spam setup?

Have you checked users junk mail / deleted or done a search to see if its been accidentally moved?
0
 
dangermouse1977Author Commented:
Not sure on the exchange anti-spam, how would I tell?

Done all the obvious things like checking deleted, searching mailbox, checking filters etc etc with no results.
0
 
frankhelkCommented:
Hmmm - I'm not an expert with Exchange nor with Trend Worry Free, so I couldn't declare that I've seen it on that combination before. Besides of that, it's very speculative to tell something about without having seen the related logs.

On the other side I've seen such behaviour before with other solutions.

Some causes may be:
Some virus scanner and/or spam filter (Trend) inspected the message with a (false) positive result. Some scanners are set up to disintegrate those message without informing anybody (very nasty behaviour).
Exchange itself appied such built in logic and dropped the message into a black hole - similar to the previous cause, but located inside Exchange
There's a user/admin defined rule within Exchange that (erronous) catched the message and killed it silently.
There was a malfunction within some part of Exchange, Trend or some other plugin while the message was processed, causing the part of the system to abort without a chance to recover the message.

Most of these things (if not all of 'em) should leave some kind of trace in some log. I would recommend that you
Find out the time at which the message entered your systems from outside.
Inspect a time window of about 5 minutes (or a bit more, but 5min should do) from that time on in any log of the mail system (Exchange, Trend, and any other involved piece of software) as well as all available Windows event logs.
Try to filter out ANY trace of the message as well as any unexpected event within that time window. Follow these traces ...
I understand that posting the logs would possibly expose sensible information ... hope my speculations help ...
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
dangermouse1977Author Commented:
You've basically got as far as me to be honest, the message shows in the Exchange Management logs as arriving into our organisation but then I can't find it anywhere after that. It's not in any of the Trend logs that I can find, we don't have windows firewall turned on etc... so I'm stuck, hence my post here.
0
 
Paul 1Commented:
what version of exchange?

for 2013 see here for setting SCL and checking
http://technet.microsoft.com/en-us/library/aa995744%28v=exchg.150%29.aspx
0
 
dangermouse1977Author Commented:
Exchange server 2010 running under Windows server 2008 R2
Workstations are Win 7 running Office 2010
0
 
Paul 1Commented:
0
 
frankhelkCommented:
OK - maybe I'm a bit repetitive ... anything in the event log (application/system/security/etc.) ?

I see a small chance that something crashed in the basement and left it's message only there.
0
 
dangermouse1977Author Commented:
Ok, we don't have the intelligent message filter installed on our exchange box, all our spam filtering is done by Trend Server Protect.
Nothing is shown in any of the windows event logs either
0
 
frankhelkCommented:
OK - that's weird. Does the problem appear regulary, or is it a singular event ?

If something crashed underways, you might find traces of the message itself in some temp folder (cryptic named file with the message and possibly an envelope file related to it), but I suppose that wouldn't take you any further ... on the other side ... maybe an analysis of the inserted header info might at least shed more light on the the point where the problem occured.
0
 
Paul 1Commented:
yeah, strange one. I have run out of ideas other than a good old Switch it off and back on again.

good idea about the temp folder, Its a while since I used trend but I think it may have its own temp folder
0
 
dangermouse1977Author Commented:
I had a browse around the net earlier and on a hunch I manually added the domain of the sender whose mail was not getting through to the whitelist in Exchange System Manager....

I have no idea how, where or why it was being blocked but it seems that what I have done has fixed the problem.

Very odd!!

Thanks for all the advice and assistance.
0
 
dangermouse1977Author Commented:
Splitting the points as both posters helped me along the road to success!
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

  • 6
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now