First, thanks for responding. A few questions about your response:
>>I'm getting an intermittent problem of recipients getting multiple copies
>>the same message. The recipients are on different domains, and these
>>messages are being sent directly to the recipient. (not a DL issue). My
>>configuration consists of Exchange Svr 5.0 Sp.2 connecting through a Unix
>>firewall to the internet Our unix guy has told me that the Unix box
>>forwards to an relay host situated on our ISP when it can't connect to the
>>recipient's mail host. I'm new to Exchange but here's my plan to determine
>>whether the culprit is <Exchange> or <Unix firewall>, or the <relay host>.
>>1. Enable message tracking on MTA, IS, and IMC.
>This will show you the message movement within Exchange, but it won't
>show you if it's a problem at the client.
Recipients external to our domain are receiving multiple copies of one
>>2. Set diagnostic logging to maximum for SMTP.
>The SMTP Protocol log will show you whether the message arrives at the
>Exchange server and the commands sent by the other SMTP host.
As I mentioned above the problem is multple copies of the same outbound
message (from my Exchange server) being received by external recipients.
Therefore if the problem is originating at my users client workstation
wouldn't I have multiple copies of the connection in the protocol log?
Perhaps showing the connection at approximately the same time? And if I can
copies on that same date, can I not rule out the client/Exchange?
>>These two ought to show both the internal and external path of any given
>>message. A few questions. Should I enable any other diagnostic logging?
>No. Well, maybe the Message Archival category if you're interested in
>capturing the messages in individual files.
>>only find one instance of a message in SMTP logging, is it reasonable to
>>assume that the multiple copies are coming from another source (say the
>No, the SMTP relay will send the message through the Exchange IMS,
>too. So the message will be there as many times as whatever SMTP
>client sends it to Exchange. The message would just arrive from two
Perhaps I'm not clear on how our environment works but here based on info
from our unix guru is how I think it works. Exchange opens a connection
which is "received" or proxied by our unix firewall. Unix then attempts to
make the external connection but if it can't it forwards mail to our ISP's
relay host for later delivery. Therefore Exchange "believes" it connected
with the external host and mail has been delivered whether it has or not. In
this scenario the relay host and Exchange never directly communicate.
Therefore, if this is correct and my SMTP protocol log shows only 1 message
it would seem to be the smoking gun that it's the relay host or the Unix
firewall box forwarding (or generating) multiple copies. This may be
completely wrong but I'm going to follow up with our ISP this week to
>>Are there any shareware or other parsing utilities out there to
>>quickly go through these log files? Any and all suggestions would be
>Not that I know of, although it wouldn't be all that hard to cobble
>something together with Perl (or Python) to make sense of the logs.
>But before you do all of this, examine the profile of one of the
>clients complaining of the problem. See if they have the Microsoft
>Exchange Server and the Internet Mail MAPI services in thier profile.
>If they do, and they both point to the same Information Store, you'll
>see problems like this.
Do you mean if Exchange and Internet mail services are both installed and
pointing to the same physical Exchange server there could be problems? I
don't our standard profile which most everyone uses has Internet mail
services installed given that we have IMC installed but I'll check it out.
Thanks again for your assistance.
>Richard Matheisen Wang Laboratories
>Microsoft Certified System Engineer Tewksbury, MA USA