User receives mail that they were never intended to receive
0 down vote favorite

I have a very bizarre set of circumstances. One of my staff received an e-mail addressed to me from a consultant, however this consultant would have no idea who this staff is or their e-mail address. I also received the e-mail, however it's quite concerning to me that something like this might happen.

Points worth noting

  • The anti-spam logs do NOT show my colleague getting the mail, but show me getting the mail.
  • The Exchange Tracking Logs show both of us getting it (they are bizarre though - more on that below)
  • This is a lone exchange server that serves CAS, HT and MB roles
  • Server is up-to-date with updates and service packs
  • Spam filtering is done with Exchange Server Toolbox V4
  • There are no delegate permissions or forwarding rules on either of our accounts

Below is the scrubbed message tracking log - the peculiar thing is that I am the correct recipient, however that e-mail arrives one minute after the incorrect. You'll also note that the two Client IP's, Client Hostnames, Server hostnames and return paths are completely different - as if they've come from two different people.

Timestamp   ClientIp    ClientHostname  ServerIp    ServerHostname  SourceContext   EventId InternalMessageId   MessageId   TotalBytes  RecipientCount  MessageSubject  Sender  ReturnPath
07/09/2013 11:40    2.2.2.2 different.sending.server.com    10.0.0.7    postmaster  08D04A67B764B4DB;2013-07-09T15:40:26.336Z;0 RECEIVE 253201  <6FC8422858D3E0419323DB54F887D2CC390F0BF9@mbx023-w1-ca-10.exch023.domain.local> 8882    1   RE: Server Down?    sender@domain.com   wrongemail@differentdomain.com
07/09/2013 11:40        myserver        MYSERVER    08D04A67B764B4E9;2013-07-09T15:40:54.377Z;0 DELIVER 253201  <6FC8422858D3E0419323DB54F887D2CC390F0BF9@mbx023-w1-ca-10.exch023.domain.local> 9212    1   RE: Server Down?    sender@domain.com   wrongemail@differentdomain.com
07/09/2013 11:41    1.1.1.1 correct.sending.server.com  10.0.0.7    postmaster  08D04A67B764B4E2;2013-07-09T15:40:42.088Z;0 RECEIVE 253207  <6FC8422858D3E0419323DB54F887D2CC390F0BF9@mbx023-w1-ca-10.exch023.domain.local> 9437    1   RE: Server Down?    sender@domain.com   sender@domain.com
07/09/2013 11:41        myserver        MYSERVER    08D04A67B764B4EF;2013-07-09T15:41:18.790Z;0 DELIVER 253207  <6FC8422858D3E0419323DB54F887D2CC390F0BF9@mbx023-w1-ca-10.exch023.domain.local> 9767    1   RE: Server Down?    sender@domain.com   sender@domain.com

Does anyone know what might cause this??
July 9th, 2013 1:07pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics