Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Lost E-mail mystery

Posted on 2014-01-29
13
Medium Priority
?
284 Views
Last Modified: 2014-03-01
I have a user who has just reported than an expected e-mail has not arrived.
Normally that's caused by the sender getting the e-mail address wrong but in this case, a check of Exchange System Manager shows that the mail did indeed arrive with our Exchange box.

From there however it appears to have got lost, never arriving in the user's inbox.

I have checked the logs on our Trend Worry-Free installation and nothing show up there (that said, I don't know Trend that well, so I may have missed something)

Any experts have a suggestion as to how I can trace where this e-mail has gone?
0
Comment
Question by:dangermouse1977
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 3
13 Comments
 
LVL 3

Expert Comment

by:Paul 1
ID: 39817382
have you got exchanges Anit-spam setup?

Have you checked users junk mail / deleted or done a search to see if its been accidentally moved?
0
 

Author Comment

by:dangermouse1977
ID: 39817394
Not sure on the exchange anti-spam, how would I tell?

Done all the obvious things like checking deleted, searching mailbox, checking filters etc etc with no results.
0
 
LVL 14

Accepted Solution

by:
frankhelk earned 1000 total points
ID: 39817398
Hmmm - I'm not an expert with Exchange nor with Trend Worry Free, so I couldn't declare that I've seen it on that combination before. Besides of that, it's very speculative to tell something about without having seen the related logs.

On the other side I've seen such behaviour before with other solutions.

Some causes may be:
Some virus scanner and/or spam filter (Trend) inspected the message with a (false) positive result. Some scanners are set up to disintegrate those message without informing anybody (very nasty behaviour).
Exchange itself appied such built in logic and dropped the message into a black hole - similar to the previous cause, but located inside Exchange
There's a user/admin defined rule within Exchange that (erronous) catched the message and killed it silently.
There was a malfunction within some part of Exchange, Trend or some other plugin while the message was processed, causing the part of the system to abort without a chance to recover the message.

Most of these things (if not all of 'em) should leave some kind of trace in some log. I would recommend that you
Find out the time at which the message entered your systems from outside.
Inspect a time window of about 5 minutes (or a bit more, but 5min should do) from that time on in any log of the mail system (Exchange, Trend, and any other involved piece of software) as well as all available Windows event logs.
Try to filter out ANY trace of the message as well as any unexpected event within that time window. Follow these traces ...
I understand that posting the logs would possibly expose sensible information ... hope my speculations help ...
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:dangermouse1977
ID: 39817411
You've basically got as far as me to be honest, the message shows in the Exchange Management logs as arriving into our organisation but then I can't find it anywhere after that. It's not in any of the Trend logs that I can find, we don't have windows firewall turned on etc... so I'm stuck, hence my post here.
0
 
LVL 3

Expert Comment

by:Paul 1
ID: 39817419
what version of exchange?

for 2013 see here for setting SCL and checking
http://technet.microsoft.com/en-us/library/aa995744%28v=exchg.150%29.aspx
0
 

Author Comment

by:dangermouse1977
ID: 39817444
Exchange server 2010 running under Windows server 2008 R2
Workstations are Win 7 running Office 2010
0
 
LVL 3

Expert Comment

by:Paul 1
ID: 39817462
0
 
LVL 14

Expert Comment

by:frankhelk
ID: 39818122
OK - maybe I'm a bit repetitive ... anything in the event log (application/system/security/etc.) ?

I see a small chance that something crashed in the basement and left it's message only there.
0
 

Author Comment

by:dangermouse1977
ID: 39819962
Ok, we don't have the intelligent message filter installed on our exchange box, all our spam filtering is done by Trend Server Protect.
Nothing is shown in any of the windows event logs either
0
 
LVL 14

Expert Comment

by:frankhelk
ID: 39820352
OK - that's weird. Does the problem appear regulary, or is it a singular event ?

If something crashed underways, you might find traces of the message itself in some temp folder (cryptic named file with the message and possibly an envelope file related to it), but I suppose that wouldn't take you any further ... on the other side ... maybe an analysis of the inserted header info might at least shed more light on the the point where the problem occured.
0
 
LVL 3

Assisted Solution

by:Paul 1
Paul 1 earned 1000 total points
ID: 39820399
yeah, strange one. I have run out of ideas other than a good old Switch it off and back on again.

good idea about the temp folder, Its a while since I used trend but I think it may have its own temp folder
0
 

Author Comment

by:dangermouse1977
ID: 39820435
I had a browse around the net earlier and on a hunch I manually added the domain of the sender whose mail was not getting through to the whitelist in Exchange System Manager....

I have no idea how, where or why it was being blocked but it seems that what I have done has fixed the problem.

Very odd!!

Thanks for all the advice and assistance.
0
 

Author Closing Comment

by:dangermouse1977
ID: 39898163
Splitting the points as both posters helped me along the road to success!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question