Jeff (and any other interested parties),
Below is a sample of a message header with the "stripped" message:
Received: from pc42683s (pc42683s.corporate.gannettfleming.com
[10.10.1.48]) by seesar1.corporate.gannettfleming.com with SMTP
(Microsoft Exchange Internet Mail Service Version 5.5.2656.59)
id P0P98PV0; Thu, 31 Jul 2003 10:27:55 -0400
Received: from Unknown [10.10.1.7] by pc42683s - SurfControl E-mail
Filter (4.6); Thursday, 31 July 2003, 10:27:53
Received: from mail1.virtualconnect.net ([66.45.16.35]) by VARAN; Thu,
31 Jul 2003 10:28:03 -0400 (Eastern Daylight Time)
Received: from MX1.VirtualConnect.net [192.168.200.60] by
mail1.virtualconnect.net with ESMTP
(SMTPD32-7.13) id A6BC4C5E006A; Thu, 31 Jul 2003 10:25:00 -0400
Received: from ahmler4.mail.eds.com (ahmler4.mail.eds.com
[192.85.154.77])
by MX1.VirtualConnect.net (Postfix) with ESMTP id 23F0D67684
for <
[email protected]>; Thu, 31 Jul 2003 10:28:02 -0400 (EDT)
Received: from ahmlir3.mail.eds.com (ahmlir3-2.mail.eds.com
[192.85.154.133])
by ahmler4.mail.eds.com (8.11.6p2/8.11.6) with ESMTP id
h6VERlB15955;
Thu, 31 Jul 2003 10:27:47 -0400
Received: from ahmlir3.mail.eds.com (localhost [127.0.0.1])
by ahmlir3.mail.eds.com (8.11.6p2/8.11.6) with ESMTP id
h6VERjA14860;
Thu, 31 Jul 2003 10:27:45 -0400 (EDT)
Received: from usahm001.examhub.exch.eds.com
(usahm001.examhub.exch.eds.com [207.37.138.140])
by ahmlir3.mail.eds.com (8.11.6p2/8.11.6) with ESMTP id
h6VERi614844;
Thu, 31 Jul 2003 10:27:45 -0400 (EDT)
Received: by usahm001.examhub.exch.eds.com with Internet Mail Service
(5.5.2656.59)
id <PFZC5KQJ>; Thu, 31 Jul 2003 10:27:40 -0400
Message-ID: <A47BFE1F2139D411A44700508BCF3CC415282FD2@USCHM201>
From: "Means, Jack W" <
[email protected]>
Date: Thu, 31 Jul 2003 10:27:28 -0400
Subject:
MIME-Version: 1.0
Content-Type: text/plain
X-Mailer: Internet Mail Service (5.5.2656.59)
X-Note: This E-mail was scanned for spam and viruses by
MailProtector(sm).
Comments: Original 'to' not compliant with RFC 822, stripped
----------------------
Now, some explanation:
- PC42683s is my in-house email filter machine, running SurfControl
Email Filter v4.6 SP1. I've talked to SurfControl about the issue,
they're baffled and say it's not them doing the TO stripping.
- VARAN/Unknown [10.10.1.7] is our CheckPoint Firewall. All he does is
grab all SMTP traffic and send it to the in-house email filter. I
checked with our firewall admin; Checkpoint doesn't do anything with
the headers.
- mail1.virtualconnect.net is the mail server at MailProtector, an
anti-spam service that has been a godsend as far as keeping junk from
coming in to us. I've talked with them and they tell me "All we ever
to do headers is add the "X-Notes" and truncate the end of the header
if the entire header is over 1024 characters."
My last place to look is our Exchange servers. We have 3, with all the
incoming mail coming into one (the bridgehead server) who then divies
out the messages to the appropriate mailbox servers (himself or the
other 2 servers). All 3 are running Exchange 5.5 SP4 on NT 4.0 SP6a,
with McAfee GroupShield 5.0 for virus-scanning. (I posted this to an
Exchange newsgroup also, but I haven't seen any replies yet.)
Help!
===============================
"Jeff Stephenson [MSFT]" <
[email protected]> wrote in
message news: said:
Can you post the headers? It sounds as if some server along the path is
doing this - maybe further inspection can show which.
