none
User getting bulk emails at 10 PM

    Question

  • There is a user whose mailbox seems to receive 200 or so emails in the night.
    The emails were sent during the day but he received those only at 10 PM. These 200 emails end up in the "deleted Items" folder instead of the inbox.

    We have one frontend CAS server and 2 mailbox servers (1 active mailbox + 1 archive store). 
    I have analysed the message header of one of these messages and it seems the message creation time was 10:36 PM and message received 2 seconds later in the problem mailbox.

    There are no transport rules configured for the mailbox.
    Desktop guys advise me that there are no outlook rules configured on users outlook either.

    Desktop guys sent a test message tot he user and he received the message straight away.

    And the email that i looked at was a internal email. So from one user to another user in the same organisation.
    So it does not hi the front end CAS server.Please advise what else can I check.


    Friday, December 4, 2015 12:59 PM

Answers

  • Hi,

    Also check the rules in OWA - are emails being forwarded to other mailboxes and forwarded back to cause a loop?

    Are there any forwarders configured on the mailbox in the Exchange Admin Center?

    Thanks.


    Please mark as an answer if this answers your question

    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010, MCTS SQL 2012, MCTS SharePoint 2007, VCP4, VCP5, CCNA

    Blog: http://markgossa.blogspot.com   LinkedIn:

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Sunday, December 6, 2015 11:35 PM
  • Hi,

    Check is there any forwarding address configured under other user mailbox with the following command.

    Get-Mailbox | ? {$_.ForwardingAddress -match "User's name"}

    And what's the result of the following command?

    Get-inboxrule -Mailbox "User SMTP address"

    What are kind of those messages? Same sender? Same content? Try to track one of those messages to find some clues. Like EventID and source value, according to the detailed explanation in this document.

    https://technet.microsoft.com/en-us/library/bb124375%28v=exchg.150%29.aspx

    Best Regards.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Lynn-Li
    TechNet Community Support

    Monday, December 7, 2015 7:49 AM
    Moderator

All replies

  • You need to establish whether the message is INTERNAL or EXTERNAL, or both.

    I would also look at Message Tracking to see whether there is anything there.

    Messages going straight to Deleted Items is unusual, and would point the finger a a client. Mobile device, other Windows installation accessing the email etc.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.

    Friday, December 4, 2015 3:02 PM
  • Hi Simon

    I believe the issue is with both internal and external email.

    And message tracking logs tell me the same thing that the message came in to mailbox serevr at 10:36 or so and was delivered to the recipients mailbox 2 seconds later.

    I asked the level 2 guys to recreate user's mail profile in Outlook. Will observe and see what happens.

    Sunday, December 6, 2015 10:56 AM
  • Hi,

    Also check the rules in OWA - are emails being forwarded to other mailboxes and forwarded back to cause a loop?

    Are there any forwarders configured on the mailbox in the Exchange Admin Center?

    Thanks.


    Please mark as an answer if this answers your question

    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010, MCTS SQL 2012, MCTS SharePoint 2007, VCP4, VCP5, CCNA

    Blog: http://markgossa.blogspot.com   LinkedIn:

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Sunday, December 6, 2015 11:35 PM
  • Hi,

    Check is there any forwarding address configured under other user mailbox with the following command.

    Get-Mailbox | ? {$_.ForwardingAddress -match "User's name"}

    And what's the result of the following command?

    Get-inboxrule -Mailbox "User SMTP address"

    What are kind of those messages? Same sender? Same content? Try to track one of those messages to find some clues. Like EventID and source value, according to the detailed explanation in this document.

    https://technet.microsoft.com/en-us/library/bb124375%28v=exchg.150%29.aspx

    Best Regards.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Lynn-Li
    TechNet Community Support

    Monday, December 7, 2015 7:49 AM
    Moderator