Recipients receive multiple copies of same message

Recipients receive multiple copies of same message

Post by Jim Picern » Mon, 09 Nov 1998 04:00:00



I'm getting an intermittent problem of recipients getting multiple copies of
the same message. The recipients are on different domains, and these
messages are being sent directly to the recipient. (not a DL issue).  My
configuration consists of Exchange Svr 5.0 Sp.2 connecting through a Unix
firewall to the internet  Our unix guy has told me that the Unix box
forwards to an relay host situated on our ISP when it can't connect to the
recipient's mail host. I'm new to Exchange but here's my plan to determine
whether the culprit is <Exchange> or <Unix firewall>, or the <relay host>.
1. Enable message tracking on MTA, IS, and IMC.
2. Set diagnostic logging to maximum for SMTP.

These two ought to show both the internal and external path of any given
message. A few questions. Should I enable any other diagnostic logging? If I
only find one instance of a message in SMTP logging, is it reasonable to
assume that the multiple copies are coming from another source (say the
relay host)? Are there any shareware or other parsing utilities out there to
quickly go through these log files? Any and all suggestions would be
appreciated.

-Jim Picerno

 
 
 

Recipients receive multiple copies of same message

Post by Jim Picern » Mon, 09 Nov 1998 04:00:00


First, thanks for responding. A few questions about your response:



>>I'm getting an intermittent problem of recipients getting multiple copies
of
>>the same message. The recipients are on different domains, and these
>>messages are being sent directly to the recipient. (not a DL issue).  My
>>configuration consists of Exchange Svr 5.0 Sp.2 connecting through a Unix
>>firewall to the internet  Our unix guy has told me that the Unix box
>>forwards to an relay host situated on our ISP when it can't connect to the
>>recipient's mail host. I'm new to Exchange but here's my plan to determine
>>whether the culprit is <Exchange> or <Unix firewall>, or the <relay host>.
>>1. Enable message tracking on MTA, IS, and IMC.

>This will show you the message movement within Exchange, but it won't
>show you if it's a problem at the client.

Recipients external to our domain are receiving multiple copies of one


messages?

Quote:

>>2. Set diagnostic logging to maximum for SMTP.

>The SMTP Protocol log will show you whether the message arrives at the
>Exchange server and the commands sent by the other SMTP host.

As I mentioned above the problem is multple copies of the same outbound
message (from my Exchange server) being received by  external recipients.
Therefore if the problem is originating at my users client workstation
wouldn't I have multiple copies of the connection in the protocol log?
Perhaps showing the connection at approximately the same time? And if I can


copies on that same date, can I not rule out the client/Exchange?

Quote:>>These two ought to show both the internal and external path of any given
>>message. A few questions. Should I enable any other diagnostic logging?

>No. Well, maybe the Message Archival category if you're interested in
>capturing the messages in individual files.

>>If I
>>only find one instance of a message in SMTP logging, is it reasonable to
>>assume that the multiple copies are coming from another source (say the
>>relay host)?

>No, the SMTP relay will send the message through the Exchange IMS,
>too. So the message will be there as many times as whatever SMTP
>client sends it to Exchange. The message would just arrive from two
>different hosts.

Perhaps I'm not clear on how our environment works but here based on info
from our unix guru is how I think it works. Exchange opens a connection
which is "received" or proxied by our unix firewall. Unix then attempts to
make the external connection but if it can't it forwards mail to our ISP's
relay host for later delivery. Therefore Exchange "believes" it connected
with the external host and mail has been delivered whether it has or not. In
this scenario the relay host and Exchange never directly communicate.
Therefore, if this is correct and my SMTP protocol log shows only 1 message
it would seem to be the smoking gun that it's the relay host or the Unix
firewall box forwarding (or generating) multiple copies. This may be
completely wrong but I'm going to follow up with our ISP this week to
verify.

Quote:

>>Are there any shareware or other parsing utilities out there to
>>quickly go through these log files? Any and all suggestions would be
>>appreciated.

>Not that I know of, although it wouldn't be all that hard to cobble
>something together with Perl (or Python) to make sense of the logs.

>But before you do all of this, examine the profile of one of the
>clients complaining of the problem. See if they have the Microsoft
>Exchange Server and the Internet Mail MAPI services in thier profile.
>If they do, and they both point to the same Information Store, you'll
>see problems like this.

Do you mean if Exchange and Internet mail services are both installed and
pointing to the same physical Exchange server there could be problems? I
don't our standard profile which most everyone uses has Internet mail
services installed given that we have IMC installed but I'll check it out.

Thanks again for your assistance.

- Show quoted text -

>----------------------------------------------------------------
>Richard Matheisen                           Wang Laboratories
>Microsoft Certified System Engineer         Tewksbury, MA USA



 
 
 

Recipients receive multiple copies of same message

Post by Rich Matheis » Tue, 10 Nov 1998 04:00:00



>I'm getting an intermittent problem of recipients getting multiple copies of
>the same message. The recipients are on different domains, and these
>messages are being sent directly to the recipient. (not a DL issue).  My
>configuration consists of Exchange Svr 5.0 Sp.2 connecting through a Unix
>firewall to the internet  Our unix guy has told me that the Unix box
>forwards to an relay host situated on our ISP when it can't connect to the
>recipient's mail host. I'm new to Exchange but here's my plan to determine
>whether the culprit is <Exchange> or <Unix firewall>, or the <relay host>.
>1. Enable message tracking on MTA, IS, and IMC.

This will show you the message movement within Exchange, but it won't
show you if it's a problem at the client.

Quote:>2. Set diagnostic logging to maximum for SMTP.

The SMTP Protocol log will show you whether the message arrives at the
Exchange server and the commands sent by the other SMTP host.

Quote:>These two ought to show both the internal and external path of any given
>message. A few questions. Should I enable any other diagnostic logging?

No. Well, maybe the Message Archival category if you're interested in
capturing the messages in individual files.

Quote:>If I
>only find one instance of a message in SMTP logging, is it reasonable to
>assume that the multiple copies are coming from another source (say the
>relay host)?

No, the SMTP relay will send the message through the Exchange IMS,
too. So the message will be there as many times as whatever SMTP
client sends it to Exchange. The message would just arrive from two
different hosts.

Quote:>Are there any shareware or other parsing utilities out there to
>quickly go through these log files? Any and all suggestions would be
>appreciated.

Not that I know of, although it wouldn't be all that hard to cobble
something together with Perl (or Python) to make sense of the logs.

But before you do all of this, examine the profile of one of the
clients complaining of the problem. See if they have the Microsoft
Exchange Server and the Internet Mail MAPI services in thier profile.
If they do, and they both point to the same Information Store, you'll
see problems like this.

----------------------------------------------------------------
Richard Matheisen                           Wang Laboratories
Microsoft Certified System Engineer         Tewksbury, MA USA

 
 
 

Recipients receive multiple copies of same message

Post by Rich Matheis » Wed, 11 Nov 1998 04:00:00


                                [ snip ]

Quote:>Recipients external to our domain are receiving multiple copies of one
>message.  

That certainly wasn't clear in your original posting.



>messages?

The Message Tracking won't show this if it's the IMS. It will show the
messge being delivered to the connector, but not the delivery out of
the connector.

Quote:>>>2. Set diagnostic logging to maximum for SMTP.

>>The SMTP Protocol log will show you whether the message arrives at the
>>Exchange server and the commands sent by the other SMTP host.
>As I mentioned above the problem is multple copies of the same outbound
>message (from my Exchange server) being received by  external recipients.

Well, it should show you the messages being delivered BY the IMS, too.

Quote:>Therefore if the problem is originating at my users client workstation
>wouldn't I have multiple copies of the connection in the protocol log?

In this case you'd see multiple messages deliverd to the Information
Store. You'd also see multple "RCPT TO:" SMTP commands delivering the
same message.

>Perhaps showing the connection at approximately the same time? And if I can


>copies on that same date, can I not rule out the client/Exchange?

Yup.

                                        [ snip ]

Quote:>Do you mean if Exchange and Internet mail services are both installed and
>pointing to the same physical Exchange server there could be problems?

Yes, with receiving messages. Sending messages is not affected. The
problem arises because there are two MAPI service providers retreiving
messages from the same store. Two MAPI providers means two messages
are retreived.

Quote:>I
>don't our standard profile which most everyone uses has Internet mail
>services installed given that we have IMC installed but I'll check it out.

There's really no need to have the Internet Mail MAPI service
installed if Exchange has the IMS installed. There may be exceptions
(not likely in a "corporate" environment) to that statement.

----------------------------------------------------------------
Richard Matheisen                           Wang Laboratories
Microsoft Certified System Engineer         Tewksbury, MA USA