The following issue applies to an Exchange 2010 SP3 environment running RU 8-v2.
Some users have recently started reporting an issue where they are receiving an NDR for another user who no longer exists in our organization (mailbox and account have been deleted). Here is an example scenario:
Email from: firstname.lastname@example.org
Email to: Various user mailboxes (email@example.com, firstname.lastname@example.org...)
The first point I'd like to make is none of the recipients are distribution lists
, they are all individual mailboxes (I point this out because of a similar issue I read regarding distribution list SPF compliance - http://exchangeserverpro.com/exchange-server-ndr-loop-distribution-list/
). In my examples to come, email@example.com no longer exists in our organization.
The email is processed by Exchange and broken up into several different MessageIDs - this is my second point because when the problem occurs, if one MessageID contains only firstname.lastname@example.org & email@example.com (who no longer exists) the NDR will definitely go to firstname.lastname@example.org... If there are others it appears to be random selection from the active users in that same MessageID.
In Exchange Message Tracking, we'll then see for email@example.com:
FAIL - ROUTING
550 5.1.1 RESOLVER.ADR.RecipNotFound
; not found
firstname.lastname@example.org then receives the NDR for email@example.com complete with message headers, and of particular note:
#< #5.1.1 smtp;550 5.1.1 RESOLVER.ADR.RecipNotFound
; not found> #SMTP#
Afterwards, firstname.lastname@example.org had all of their inbox rules, delegates etc completely cleared but this did not solve the problem. I have described the problem above, now here is some additional information that I feel might be useful...
The users who have so far
reported this issue have one commonality - they were part of an email migration to another Exchange organization within our company, and we actually forward all email for email@example.com to their new home using the ForwardingSMTPAddress attribute.
So, if we go back to that same MessageID and look in Exchange Message Tracking we'll also see:
DEFER - AGENT - Redirection Agent
250 2.0.0 Recipient address expanded by Redirection Agent
It's normal behaviour because we're forwarding mail, but I am wondering if this "rewriting" the ReturnPath for the non-existent user as well. Help!