Hope I explain this properly....here goes:

We have a 2007 Exchange system that receives mail from outside our organization via our Cisco Ironport Email Gateway. The Ironport first scans the message for viruses and spam. Once that takes place it sends the mail to the Exchange hub transport server in LA. There is a receive connector on that server that has a message size limit of 10mb configured. If you send a message to a user in our environment with say an 11mb attachment then Exchange bounces the message back to the Ironport.

The Ironport then sends the user a NDR that says:

(DCID 1591584) Message 4209516 to

USER@DOMAIN.com

bounced by destination server. Reason: 5.1.0 - Unknown address error ('552', ['5.3.4 Message size exceeds fixed maximum message size'])

All of that works as it should and via message tracking on the ironport as well as the bounce logs in the CLI I can see where Ironport sends the message to Exchange, then receives it back with a bounced by destination server message (shown above) and then generates the NDR to the sender.  However, there is no (and I mean absolutely no) record/log of the message ever hitting the exchange server. We have looked in the message tracking log and it doesn't appear. However, if you change the Receive Connector's size limit to say 20MB and resend the message it will be delivered and the message tracking log will reflect that as does the Ironport logs. It's as if only successful message deliveries are being logged.

I realize this may not exactly be an ironport problem per se, but I was hoping that someone using exchange 2007 would have some insight as to why the message tracking log is not showing the bounce that Ironport does show

Thanks,

Jones