Trying to troubleshoot a perplexing problem with an email that arrived despite having Symantec Mail Security for Microsoft Exchange and a SonicWall NSA3500 with Gateway Anti-virus and Anti-Spam capabilities licensed. I received an email from booking.com that had an attachment that was a .zip file. Obviously, something I didn't want to open.
Looking at the message header, The message recipient was to an email address that does not have a SMTP address on our server.
Received: from memta-06.booking.com ([62.190.24.183]) by SMTP.hvb1.com with
Microsoft SMTPSVC(6.0.3790.4900);Fri, 18 Apr 2014 08:12:38 -0600
Received: from pc02me-09.prod.lhr1.booking.com ([10.141.11.183]:45746
helo=localhost.localdomain) by memta-03.prod.lhr1.booking.com with esmtp
(Exim 4.80.1) (envelope-from ) id
1V6KfW-E8XO7R-EJ For lisa.keeneyn@hvb1.com;Fri, 18 Apr 2014 08:12:38 -0600
MIME-Version: 1.0
Content-Transfer-Encoding: binary
Content-Type: multipart/alternative;
boundary="------------06030700904020407050204"
Date: Fri, 18 Apr 2014 08:12:38 -0600
Subject: Your reservation is now confirmed!
Sender: Booking.com
Reply-To: Booking.com
To:
From: Booking.com
X-Mailer: MIME::Lite::HTML 1.24
X-Bme-Id: 0344578552
Message-ID: <0UR7OHH-H7LKUJ-EJ@memta-03.prod.lhr1.booking.com>
Return-Path: noreply@mailer.booking.com
The user lisa.keeneyn@hvb1.com is not a valid SMTP address on out Exchange 2010 Server. It is close to a former SMTP address of a user (the letter "n" added before the @ symbol). How did this message end up being delivered to me?
I used the tracking log explorer from the exchange 2010 management console and found the message that was sent to me with the wrong address and discovered that the recipient count was 9 for this message.
So i guess the question I have is: How could the exchange tracking explorer show 9 recipients and the header on the email I received only show one, and the wrong one.
Any help with this mystery is greatly appreciated.