I have been working on migrating a customer from Exchange 2003 to Exchange 2010. I had already moved all the mailboxes, public folders, and all the inbound/outbound email routing to the Exchange 2010 servers. I enabled SMTP logging on the Exchange 2003 server so that I could detect any other devices out there on the network that may have been routing email through the old Exchange 2003 server. I reviewed it off and on for a week or so and noticed a small volume of SMTP traffic was being recorded inbound from the Exchange 2010 servers. I didn’t pay much attention to the actual to/from addresses or the payload at the time assuming it was probably public folder replication. [more]
A few days later, after removing all the public folder replicas from the Exchange 2003 server, I was still seeing this traffic so I started to look at it more closely. What I was seeing was inbound SMTP traffic from the Exchange 2010 servers with a from address being one of a handful of distribution lists. Then, the Exchange 2003 server would turn around and send email to the Exchange 2010 servers to each individual email addresses in the distribution list. After a fair amount of digging I discovered the issue. At some time in the past, the customer had manually designated distribution list expansion servers in the AD properties of the distribution list.
Using ADSI and one of the problematic distribution groups, I was able to find a property defined on the distribution group called msExchangeExpansionServerName. For all distribution groups getting routed back and forth between the Exchange 2003 and 2010 servers, this field was populated with the value of the old Exchange 2003 server. Why you would define this property on the distribution group in an environment with one Exchange server, I have no idea. However, a quick powershell script fixed the issue:
Get-DistributionGroup | where {$_.ExpansionServer -ne "$null"} | set-distributiongroup -ExpansionServer $null