Exchange 2010 - Incoming emails issue
Dear All,
Our Organisation haven't received emails for 10 hours and suddenly all the users started receving emails on their outlook with original time stamps. How to find the source of the problem? Is there a log to inspect incoming email queue? Currently there is no emails waiting on the queue to be delivered to user mailbox.
During the 10 hours we can send emails to external parties. We also can send/receive emails internally.
Please help.
Thank you
Harry S
Our Organisation haven't received emails for 10 hours and suddenly all the users started receving emails on their outlook with original time stamps. How to find the source of the problem? Is there a log to inspect incoming email queue? Currently there is no emails waiting on the queue to be delivered to user mailbox.
During the 10 hours we can send emails to external parties. We also can send/receive emails internally.
Please help.
Thank you
Harry S
ASKER
Yes I can confirm that the email in users outlook is from internal during this time.
I can confirm there was no email incoming from external to my orgnanisation during this 10 hours. users can send and receive internal emails and access them through outlook clients throughout this outage window.
Thank you Suriyaehnop for your assistance.
I can confirm there was no email incoming from external to my orgnanisation during this 10 hours. users can send and receive internal emails and access them through outlook clients throughout this outage window.
Thank you Suriyaehnop for your assistance.
do you have a designated smtp spam filter server? iron port? proofpoint? Symantec cloud?
or you use your exchange facing public directly???
sounds like a network issue more than exchange issue.
or you use your exchange facing public directly???
sounds like a network issue more than exchange issue.
ASKER
Yes Justin -
we have designated spam filter - external service provider our mx record is pointed to that. Once the spam emails are filtered our emails hit exchange 2010 server.
They have washed their hands off saying no issues on their end. And they have advised us to check our exchange server. Problem is where to check the historical queue if any as currently the emails are flowing properly.
I need detailed steps in "how & where "to go and check the logs.
Thanks for your suggestion.
we have designated spam filter - external service provider our mx record is pointed to that. Once the spam emails are filtered our emails hit exchange 2010 server.
They have washed their hands off saying no issues on their end. And they have advised us to check our exchange server. Problem is where to check the historical queue if any as currently the emails are flowing properly.
I need detailed steps in "how & where "to go and check the logs.
Thanks for your suggestion.
You need to look at the headers of one of the delayed messages - that will show you where the delay occurred. Once you know where the delay occurred then you can investigate further.
Simon.
Simon.
ASKER
Thank you Simon,
Please see below for an email header actual email hit outlook 10:36 am ( Australia - Melbourne Time)
Where was the delay spam filter to exchange ( or ) exchange to outlook ? How long this email was sitting in spam filter queue waiting for delivery. When the email was delivered at 10:36 am it still had original timestamp on outlook (07:23 am) . Please help.
Received: from smtp-01.micron21.com (119.31.226.100) by EDLYNEXCH.edlyn.com.au
(192.168.0.32) with Microsoft SMTP Server id 14.1.438.0; Tue, 21 Jul 2015
07:23:05 +1000
X-IronPort-Anti-Spam-Filte
X-IronPort-Anti-Spam-Resul
X-IronPort-AV: E=Sophos;i="5.04,848,14065
d="scan'208,217";a="351189
Received: from techtarget.outbound.ed10.c
mx-01.micron21.com with ESMTP; 21 Jul 2015 07:23:04 +1000
Return-Path: <XHY8ZX0-AMK26J-2OLY7A-17I
DKIM-Signature: v=1; a=rsa-sha1; d=ed-email.techtarget.com;
q=dns/txt; i=@ed-email.techtarget.com
h=From;
bh=hM2KcBUeIawoZM736whUlop
b=a296VDX1Wh7VDhZnfGImMAIx
cCfuoARBeJwE3who2nDUUsXjZ4
qIMx6aomGwEXXNIO2fsH/cxAHX
DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws;
s=ED2011-02; d=ed-email.techtarget.com;
h=Received:Date:Content-Ty
b=f70fRnpft0hVQfKakHQ7YOk9
oWnb10zmnZAI7Siw+rw0EOZAsg
Received: from [127.0.0.1] ([127.0.0.1:37709]) by bm1-22.bo3.e-dialog.com
(envelope-from
<XHY8ZX0-AMK26J-2OLY7A-17I
(ecelerity 2.2.2.45 r(34222M)) with ECSTREAM id 3F/3E-27069-6B66DA55; Mon, 20
Jul 2015 17:23:02 -0400
Date: Mon, 20 Jul 2015 17:23:02 -0400
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding:
MIME-Version: 1.0
From: SearchNetworking.com <info@ed-email.techtarget.
Reply-To: SearchNetworking.com <info@ed-email.techtarget.
To: <hsiva@edlyn.com.au>
Subject: Expert e-guide: Migrate from Windows Server 2003
Message-ID: <16475-846-XHY8ZX0-AMK26J-
X-Mail-From: XHY8ZX0-AMK26J-2OLY7A-17IV
X-Match: techtarget.bounce.ed10.net
X-RCPT-To: hsiva@edlyn.com.au
X-Mailer: EDMAIL R6.00.02
X-MS-Exchange-Organization
X-MS-Exchange-Organization
Please see below for an email header actual email hit outlook 10:36 am ( Australia - Melbourne Time)
Where was the delay spam filter to exchange ( or ) exchange to outlook ? How long this email was sitting in spam filter queue waiting for delivery. When the email was delivered at 10:36 am it still had original timestamp on outlook (07:23 am) . Please help.
Received: from smtp-01.micron21.com (119.31.226.100) by EDLYNEXCH.edlyn.com.au
(192.168.0.32) with Microsoft SMTP Server id 14.1.438.0; Tue, 21 Jul 2015
07:23:05 +1000
X-IronPort-Anti-Spam-Filte
X-IronPort-Anti-Spam-Resul
X-IronPort-AV: E=Sophos;i="5.04,848,14065
d="scan'208,217";a="351189
Received: from techtarget.outbound.ed10.c
mx-01.micron21.com with ESMTP; 21 Jul 2015 07:23:04 +1000
Return-Path: <XHY8ZX0-AMK26J-2OLY7A-17I
DKIM-Signature: v=1; a=rsa-sha1; d=ed-email.techtarget.com;
q=dns/txt; i=@ed-email.techtarget.com
h=From;
bh=hM2KcBUeIawoZM736whUlop
b=a296VDX1Wh7VDhZnfGImMAIx
cCfuoARBeJwE3who2nDUUsXjZ4
qIMx6aomGwEXXNIO2fsH/cxAHX
DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws;
s=ED2011-02; d=ed-email.techtarget.com;
h=Received:Date:Content-Ty
b=f70fRnpft0hVQfKakHQ7YOk9
oWnb10zmnZAI7Siw+rw0EOZAsg
Received: from [127.0.0.1] ([127.0.0.1:37709]) by bm1-22.bo3.e-dialog.com
(envelope-from
<XHY8ZX0-AMK26J-2OLY7A-17I
(ecelerity 2.2.2.45 r(34222M)) with ECSTREAM id 3F/3E-27069-6B66DA55; Mon, 20
Jul 2015 17:23:02 -0400
Date: Mon, 20 Jul 2015 17:23:02 -0400
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding:
MIME-Version: 1.0
From: SearchNetworking.com <info@ed-email.techtarget.
Reply-To: SearchNetworking.com <info@ed-email.techtarget.
To: <hsiva@edlyn.com.au>
Subject: Expert e-guide: Migrate from Windows Server 2003
Message-ID: <16475-846-XHY8ZX0-AMK26J-
X-Mail-From: XHY8ZX0-AMK26J-2OLY7A-17IV
X-Match: techtarget.bounce.ed10.net
X-RCPT-To: hsiva@edlyn.com.au
X-Mailer: EDMAIL R6.00.02
X-MS-Exchange-Organization
X-MS-Exchange-Organization
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you Simon & Murali.
We have not altered the message posted above. We have just copied and pasted information from outlook as it is.
During this time the messages were not available in OWA as well. There was a flush of email from 10:36 am to our outlook emails. We called the Spam filtration company ( external ) tech support at 10:35 am. immediately emails were released. It cannot be a coincidence.
Please see attached file for logs from spam filter company. I have changed Ip addresses and email addresses as they are sensitive in nature. all other remains unchanged.
outage time 12:05 am to 10:36 am.
Thank you
Harry S
spam-filter-log.txt
We have not altered the message posted above. We have just copied and pasted information from outlook as it is.
During this time the messages were not available in OWA as well. There was a flush of email from 10:36 am to our outlook emails. We called the Spam filtration company ( external ) tech support at 10:35 am. immediately emails were released. It cannot be a coincidence.
Please see attached file for logs from spam filter company. I have changed Ip addresses and email addresses as they are sensitive in nature. all other remains unchanged.
outage time 12:05 am to 10:36 am.
Thank you
Harry S
spam-filter-log.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We spoke to the spam filter company and the issue seems to be on their end.
Thank you for your suggestions and help.
Regards
Harry S
Thank you for your suggestions and help.
Regards
Harry S
Could you confirm that the email in user's outlook, it is from external, internal?
You can check the email internet header to verify the incoming source.