none
need help finding inbound SMTP message exchange 2007

    Question

  • I have three messages (from the same sender) that show up in the tracking logs, but can't be found. How do I figure out where they went?

    Running a single 2007 Exchange server. Using GFI Mail Essentials - nothing in the quarantine lists, searches find nothing. Running GFI Archiver - it can't find them. End user running win7 / Outlook (2010?) with Symantec endpoint protection. Searches find nothing, not in deleted items, SPAM items. User has no rules defined. Has no problem receiving other inbound email from the Internet. Can't find it using users OWA account, logged into separate machine with clean Office 2013 Outlook; still didn't find it.

    I attempted to paste in my results from a powershell search of the message ID but had to redact so much to get it to pass through the forum filters as to make it worthless. Sorry.

    ch

    Friday, October 11, 2013 10:05 PM

Answers

  • I see a connector ID of "KLNEXCHG\Internet eMail".  What is that?  If the message was received and not dropped anywhere, is there anything in the queues?


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."


    Tuesday, October 15, 2013 1:56 AM

All replies

  • The message tracking logs should tell you where they went.  Absent that information, I can't tell you anything.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Saturday, October 12, 2013 9:25 PM
  • OK, I verified an email address - I'll take another stab at posting this:

    [PS] C:\Windows\system32>Get-MessageTrackingLog -MessageID f640f900-c738-4d51-bced-40fe96c7d6cf@CESEDGE01.nih.gov | FL *



    Timestamp               : 10/11/2013 8:52:37 AM
    ClientIp                : 128.231.90.98
    ClientHostname          :
    ServerIp                : 172.*.*.42
    ServerHostname          : KLNEXCHG
    SourceContext           : 08D08DE08C047A48;2013-10-11T13:52:36.886Z;0
    ConnectorId             : KLNEXCHG\Internet eMail
    Source                  : SMTP
    EventId                 : RECEIVE
    InternalMessageId       : 1863604
    MessageId               : <f640f900-c738-4d51-bced-40fe96c7d6cf@CESEDGE01.nih.gov>
    Recipients              : {jblo***@barrelofunsnacks.com}
    RecipientStatus         : {}
    TotalBytes              : 1734
    RecipientCount          : 1
    RelatedRecipientAddress :
    Reference               :
    MessageSubject          : Safety Reporting Portal Password notification
    Sender                  : noreply.safetyreporting@hhs.gov
    ReturnPath              : noreply.safetyreporting@hhs.gov
    MessageInfo             : 00A:

    Sunday, October 13, 2013 12:47 AM
  • How many Exchange servers do you have?  Have you run this on all of them?

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Sunday, October 13, 2013 1:44 AM
  • As I mentioned in the first post, it's a single Exchange server system. I'm still curious how I should interpret that message trace record - I certainly can't tell where the message went based on what I'm seeing.

    I was able to find a record of the messages being 'quarantined' in our GFI Mail Essentials spam filter for failing a SPF check, although it wasn't in the actual list of spam - apparently it was auto-deleted. I added the appropriate domain to the GFI whitelist and feel good about that solving the problem, although I'd still like to know how to read the tracking record off the Exchange server. Shouldn't it say, at some point, just WHERE the message went? 

    Thanks for taking the time to assist with my issue.

    ch

    Sunday, October 13, 2013 3:46 AM
  • I see a connector ID of "KLNEXCHG\Internet eMail".  What is that?  If the message was received and not dropped anywhere, is there anything in the queues?


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."


    Tuesday, October 15, 2013 1:56 AM