Lost E-mail mystery

I have a user who has just reported than an expected e-mail has not arrived.
Normally that's caused by the sender getting the e-mail address wrong but in this case, a check of Exchange System Manager shows that the mail did indeed arrive with our Exchange box.

From there however it appears to have got lost, never arriving in the user's inbox.

I have checked the logs on our Trend Worry-Free installation and nothing show up there (that said, I don't know Trend that well, so I may have missed something)

Any experts have a suggestion as to how I can trace where this e-mail has gone?
dangermouse1977Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
frankhelkConnect With a Mentor Commented:
Hmmm - I'm not an expert with Exchange nor with Trend Worry Free, so I couldn't declare that I've seen it on that combination before. Besides of that, it's very speculative to tell something about without having seen the related logs.

On the other side I've seen such behaviour before with other solutions.

Some causes may be:
Some virus scanner and/or spam filter (Trend) inspected the message with a (false) positive result. Some scanners are set up to disintegrate those message without informing anybody (very nasty behaviour).
Exchange itself appied such built in logic and dropped the message into a black hole - similar to the previous cause, but located inside Exchange
There's a user/admin defined rule within Exchange that (erronous) catched the message and killed it silently.
There was a malfunction within some part of Exchange, Trend or some other plugin while the message was processed, causing the part of the system to abort without a chance to recover the message.

Most of these things (if not all of 'em) should leave some kind of trace in some log. I would recommend that you
Find out the time at which the message entered your systems from outside.
Inspect a time window of about 5 minutes (or a bit more, but 5min should do) from that time on in any log of the mail system (Exchange, Trend, and any other involved piece of software) as well as all available Windows event logs.
Try to filter out ANY trace of the message as well as any unexpected event within that time window. Follow these traces ...
I understand that posting the logs would possibly expose sensible information ... hope my speculations help ...
0
 
Paul 1Commented:
have you got exchanges Anit-spam setup?

Have you checked users junk mail / deleted or done a search to see if its been accidentally moved?
0
 
dangermouse1977Author Commented:
Not sure on the exchange anti-spam, how would I tell?

Done all the obvious things like checking deleted, searching mailbox, checking filters etc etc with no results.
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
dangermouse1977Author Commented:
You've basically got as far as me to be honest, the message shows in the Exchange Management logs as arriving into our organisation but then I can't find it anywhere after that. It's not in any of the Trend logs that I can find, we don't have windows firewall turned on etc... so I'm stuck, hence my post here.
0
 
Paul 1Commented:
what version of exchange?

for 2013 see here for setting SCL and checking
http://technet.microsoft.com/en-us/library/aa995744%28v=exchg.150%29.aspx
0
 
dangermouse1977Author Commented:
Exchange server 2010 running under Windows server 2008 R2
Workstations are Win 7 running Office 2010
0
 
Paul 1Commented:
0
 
frankhelkCommented:
OK - maybe I'm a bit repetitive ... anything in the event log (application/system/security/etc.) ?

I see a small chance that something crashed in the basement and left it's message only there.
0
 
dangermouse1977Author Commented:
Ok, we don't have the intelligent message filter installed on our exchange box, all our spam filtering is done by Trend Server Protect.
Nothing is shown in any of the windows event logs either
0
 
frankhelkCommented:
OK - that's weird. Does the problem appear regulary, or is it a singular event ?

If something crashed underways, you might find traces of the message itself in some temp folder (cryptic named file with the message and possibly an envelope file related to it), but I suppose that wouldn't take you any further ... on the other side ... maybe an analysis of the inserted header info might at least shed more light on the the point where the problem occured.
0
 
Paul 1Connect With a Mentor Commented:
yeah, strange one. I have run out of ideas other than a good old Switch it off and back on again.

good idea about the temp folder, Its a while since I used trend but I think it may have its own temp folder
0
 
dangermouse1977Author Commented:
I had a browse around the net earlier and on a hunch I manually added the domain of the sender whose mail was not getting through to the whitelist in Exchange System Manager....

I have no idea how, where or why it was being blocked but it seems that what I have done has fixed the problem.

Very odd!!

Thanks for all the advice and assistance.
0
 
dangermouse1977Author Commented:
Splitting the points as both posters helped me along the road to success!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.