SMTP delivery failure – 550 unknown user

A Microsoft Small Business Server 2008 system had stopped receiving external email. Internally Exchange 2007 was working fine, and it was also sending email out quite normally too. Incoming emails were bounced with a message of:

550 unknown user

I checked recipient filtering, which was enabled, but disabling it made no difference. Nothing was showing in the message tracking logs for the bounced emails either (which may be normal).

So I did a back to basics email diagnostic.

C:\Users\rcmtech>nslookup
Default Server:  sbserver.company.local
Address:  192.168.2.4
> set type=mx
> company.co.uk
Server:  sbserver.company.local
Address:  192.168.2.4
Non-authoritative answer:
company.co.uk        MX preference = 10, mail exchanger = mail.company.co.uk
mail.company.co.uk   internet address = 79.170.40.18
> set type=a
> 79.170.40.18
Server:  sbserver.company.local
Address:  192.168.2.4
Name:    mail18.extendcp.co.uk
Address:  79.170.40.18
> quit

Because SBS 2008 runs Exchange 2007, it should be the mail exchanger for the domain, so I wasn’t sure what this server was, perhaps it was something clever that the ISP had done to filter mail for spam? Time to find out:

C:\Users\rcmtech>telnet mail18.extendcp.co.uk 25
220 mail18.extendcp.co.uk ESMTP Exim Tue, 28 Feb 2012 15:32:56 +0000
helo company.co.uk
250 mail18.extendcp.co.uk Hello company.co.uk [111.222.333.444]
mail from: test@site.com
250 OK
rcpt to: knownuser@company.co.uk
550 unknown user
421 mail18.extendcp.co.uk: SMTP command timeout - closing connection
Connection to host lost.

So that is where the 550 unknown user was coming from, the email wasn’t being directed to the SBS, and this rogue mail server was rejecting it all. Just to verify that the SBS, should it be correctly referenced in DNS, would indeed accept SMTP mail:

C:\Users\Robin>telnet secure.company.co.uk 25
220 secure.company.co.uk Microsoft ESMTP MAIL Service ready at Tue, 28 Feb 2012 10:06:19 +0000
helo company.co.uk
250 secure.company.co.uk Hello [82.32.47.213]
mail from: test@site.com
250 2.1.0 Sender OK
rcpt to: knownuser@company.co.uk
250 2.1.5 Recipient OK
data
354 Start mail input; end with <CRLF>.<CRLF>
Test body text
.
250 2.6.0 <ee181cb9-dd70-4772-92a2-66031ea2d3db@SBSERVER.company.local
> Queued mail for delivery
quit
221 2.0.0 Service closing transmission channel
Connection to host lost.

So that was fine.

Called the ISP, and after a bit of a wait (one of those “we’ll call you back”, which never happened) they finally changed the MX records in DNS to the following:

company.co.uk        MX preference = 20, mail exchanger = mail.company.co.uk
company.co.uk        MX preference = 10, mail exchanger = secure.company.co.uk
secure.company.co.uk internet address = 111.222.333.444

Really they should have removed the mail.company.co.uk entry too, such that if the SBS is offline mail is held at the sending server until the SBS is back up again. With that entry in place sending mail server will try the lower preference server if the SBS is offline, and mail will be bounced with the 550 code. Might get onto them about that. And the missing PTR and SPF records.

This entry was posted in Exchange and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s