This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Old, but not exist User in Active Directory

old employees appear in the Mail Manager who no longer exist in the AD.
They are still receiving emails from Sophos, although these mail addresses are no longer present in Exchange.
Verified by the following Powershell script: 

get-recipient -results unlimited | where {$_.emailaddresses -match "user@domain.com"} | select name,emailaddresses,recipienttype  

Sophos will then try to deliver the mail to the old employee and Exchange will send a mail to do-not-reply@fw-notify.net

The error Message is  "Remote Server returned '550 5.1.1 RESOLVER.ADR.RecipNotFound; not found'"

Telnet : 

MAIL FROM: existuser@***x.com

250 sender ok

RCPT TO: notexistuser@***.com

550 5.1.1 user unknown

I have also encountered the following link: 

https://community.sophos.com/products/unified-threat-management/f/general-discussion/21138/quarantine-report-to-old-non-existent-email-users 

Unfortunately I cannot find a solution here.
Can anyone help me with that?

 

Mailaddress query in Exchange Management Shell



This thread was automatically locked due to age.
Parents
  • Hi Patrick Ebert,

    welcome to the community.

    this sounds like a cached email address on the server, have you rebooted to the exchange server?

    although it is removed physically from the server, it may well still exist in memory ....

    might be prudent to reboot the UTM as well after the exchange box.

    XG & UTM Architect (Systems: XG v18 & UTM 9.7 - Virtual, HW & SW)
    Curious enough to take it apart, skilled enough to put it back together, Clever enough to hide the extra parts when I'm Done!

  • Do you use Callout as a Recipient Verification? 

     

    Then you need to delete the callout database.

     

    The Callout Database can be found in the following directory:  /var/storage/chroot-smtp/tmp/ram/db_input # ls -la

    -rw-r--r-- 1 chroot chroot 12288 2012-03-19 11:41 callout

    -rw-r--r-- 1 chroot chroot 0 2012-03-19 11:41 callout.lockfile

    • To flush the Cache delete the callout files,
      rm -f /var/storage/chroot-smtp/tmp/ram/db_input/callout*

    __________________________________________________________________________________________________________________

  • Thanks for this LuCar Toni,

     

    I didn't think there was a db for this, as the (email) server should always be running.

    why have a db when the email server or ad should be available to query the address?

    why is there not a button to clear the db (just in case), systems are now fast than ever and can respond very quickly?

    shouldn't it be a db where it would need refreshing every 24hr?

     

    to many questions here... lol

     

    thanks LuCar Toni

    XG & UTM Architect (Systems: XG v18 & UTM 9.7 - Virtual, HW & SW)
    Curious enough to take it apart, skilled enough to put it back together, Clever enough to hide the extra parts when I'm Done!

  • Quite easy to answer.

    You need a DB to stop flooding the Mail server. It would take to long, to "ask" everytime the Exchange, "is this mail address there or not?".

    UTM is build to server X.000 Mails per Hour. If we would ask each time the Exchange, it would delay each mail in his SMTP Transmission a lot. 

    Cleanup process is quite nice idea but nobody made it. This DB is in UTM for ... Long long time. 

    __________________________________________________________________________________________________________________

Reply
  • Quite easy to answer.

    You need a DB to stop flooding the Mail server. It would take to long, to "ask" everytime the Exchange, "is this mail address there or not?".

    UTM is build to server X.000 Mails per Hour. If we would ask each time the Exchange, it would delay each mail in his SMTP Transmission a lot. 

    Cleanup process is quite nice idea but nobody made it. This DB is in UTM for ... Long long time. 

    __________________________________________________________________________________________________________________

Children
  • Hello, both of you,

    and thank you for your answers.

    the user I am testing here has not been working for the company for at least 5 years.
    Sophos was acquired at the end of October 2018, so it might not be in the Callout database.
    Exchange Server has been rebooted several times and Sophos has been rebooted several times.

    Can I look into the Callout database to see if the user even exists in it?

    where can I see that I'm using Callout as a receipt Verification?

    Edit: I have seen it.

    I have set Callout Verification.

     

    many thanks and greetings from Germany

    Patrick