This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 61%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDN%3C/text%3E%3C/svg%3E)
In our Exchange 2016 Cu23 + November SU environment consisting of several internal servers and edge we got a strange problem with mail routing: an inattentive HD employee created contact with an internal but non-existent address and included it in the distribution group.
After several messages were sent to this group, for some reason they were forwarded to the edge server, which again forwarded them to the internal servers, which again tried to send them outside. It is difficult to count the number of such cycles, but a 2-kilobyte message has grown to 14 megabytes due to service headers. As a result, this led to the queue file took up all available space and the delivery of external mail obviously stopped.
There are no extraneous transport agents on the internal servers, DKIM signer and antivirus/antispam are installed on edge.
It is completely unclear for what reason the message was sent to the edge server (despite the fact that our domain is set as authoritative), there are no integrations with clouds/Office 365.
And it is also completely unclear why the emails were not deleted due to exceeding the number of hops.
Unfortunately, I can't remember if we had similar problems earlier, but this week 2 similar mistakes have already been made by helpdesk employees, so I expect this to happen again in the future. The only thing that makes the situation a little easier is the relatively moderate growth rate of the queue - about 10gb per hour.
Please suggest this expected behavior or we have encountered a bug in the product
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 31%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJX%3C/text%3E%3C/svg%3E)
Hi @dave na ,
You could check out the Message tracking log. The message tracking log is a detailed record of all activity as mail flows through the transport pipeline on Mailbox servers and Edge Transport servers. You could use message tracking for message forensics, mail flow analysis, reporting, and troubleshooting.
You could use the cmdlet: Get-MessageTrackingLog
For example:
Get-MessageTrackingLog -Server Mailbox01 -Start "03/13/2018 09:00:00" -End "03/15/2018 17:00:00" -Sender "******@contoso.com"
Hi,
yes, of course I see these emails in the log, but I can't find the reasons for what happened.
There are so many events that it is extremely difficult to isolate something valuable from them
Hi @dave na ,
What is the contact? Mail contact created directly in the EAC? How many accepted domains do you have? What are the accepting domains configured on the edge server? If you send a similar error address directly, what does it look like when you view it from the mail flow?