A Microsoft Small Business Server 2008 system had stopped receiving external email. Internally Exchange 2007 was working fine, and it was also sending email out quite normally too. Incoming emails were bounced with a message of:
550 unknown user
I checked recipient filtering, which was enabled, but disabling it made no difference. Nothing was showing in the message tracking logs for the bounced emails either (which may be normal).
So I did a back to basics email diagnostic.
C:\Users\rcmtech>nslookup Default Server: sbserver.company.local Address: 192.168.2.4 > set type=mx > company.co.uk Server: sbserver.company.local Address: 192.168.2.4 Non-authoritative answer: company.co.uk MX preference = 10, mail exchanger = mail.company.co.uk mail.company.co.uk internet address = 184.108.40.206 > set type=a > 220.127.116.11 Server: sbserver.company.local Address: 192.168.2.4 Name: mail18.extendcp.co.uk Address: 18.104.22.168 > quit
Because SBS 2008 runs Exchange 2007, it should be the mail exchanger for the domain, so I wasn’t sure what this server was, perhaps it was something clever that the ISP had done to filter mail for spam? Time to find out:
C:\Users\rcmtech>telnet mail18.extendcp.co.uk 25 220 mail18.extendcp.co.uk ESMTP Exim Tue, 28 Feb 2012 15:32:56 +0000 helo company.co.uk 250 mail18.extendcp.co.uk Hello company.co.uk [111.222.333.444] mail from: email@example.com 250 OK rcpt to: firstname.lastname@example.org 550 unknown user 421 mail18.extendcp.co.uk: SMTP command timeout - closing connection Connection to host lost.
So that is where the 550 unknown user was coming from, the email wasn’t being directed to the SBS, and this rogue mail server was rejecting it all. Just to verify that the SBS, should it be correctly referenced in DNS, would indeed accept SMTP mail:
C:\Users\Robin>telnet secure.company.co.uk 25 220 secure.company.co.uk Microsoft ESMTP MAIL Service ready at Tue, 28 Feb 2012 10:06:19 +0000 helo company.co.uk 250 secure.company.co.uk Hello [22.214.171.124] mail from: email@example.com 250 2.1.0 Sender OK rcpt to: firstname.lastname@example.org 250 2.1.5 Recipient OK data 354 Start mail input; end with <CRLF>.<CRLF> Test body text . 250 2.6.0 <ee181cb9-dd70-4772-92a2-66031ea2d3db@SBSERVER.company.local > Queued mail for delivery quit 221 2.0.0 Service closing transmission channel Connection to host lost.
So that was fine.
Called the ISP, and after a bit of a wait (one of those “we’ll call you back”, which never happened) they finally changed the MX records in DNS to the following:
company.co.uk MX preference = 20, mail exchanger = mail.company.co.uk company.co.uk MX preference = 10, mail exchanger = secure.company.co.uk secure.company.co.uk internet address = 111.222.333.444
Really they should have removed the mail.company.co.uk entry too, such that if the SBS is offline mail is held at the sending server until the SBS is back up again. With that entry in place sending mail server will try the lower preference server if the SBS is offline, and mail will be bounced with the 550 code. Might get onto them about that. And the missing PTR and SPF records.