The LDAP query filter used to determine whether an email address is valid or not does not distinguish between Microsoft Active Directory / Windows accounts which are active and those which have been disabled. This means that even though an account has been disabled in Active Directory, Messaging Gateway (SMG) still considers the email address associated with the account to be valid which may result in SMG accepting messages for that email address and attempting to deliver them to the downstream mail server. Disabled accounts can be excluded from Recipient Validation by modifying the LDAP Recipient Validation Query Filter as follows:

1. In Administration -> Directory Integration select the desired data source and click 'Edit'
2. Select the Recipient Validation tab and view the LDAP query by clicking the Customize Query button.
3. The default recipient validation query filter is
   
   (proxyAddresses=smtp:%s)
   
   replace this with the following query filter which will exclude email addresses associated with disabled accounts from the LDAP query results
   
   (&(proxyAddresses=smtp:%s)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
    
4. Enter a disabled account's email address in the Test Email Address field and click the Test Query button
5. Enter an active account's email address in the Test Email Address field and click the Test Query button
6. Click Save