When Messaging Gateway (SMG) is configured to perform recipient validation for inbound messages but the LDAP data source is unavailable due to either a network outage or the LDAP / Active Directory host being offline, SMG will respond with a 550 level response code for all recipients once attempts to validate a recipient which is not already cached and fails to connect to the LDAP server. This behavior conflicts with the product documentation which states on page 575:
If the directory data service cannot properly communicate with the LDAP directory server (for example, if the network link to the LDAP server is down) when it attempts to determine the validity of a message recipient, the MTA returns an error indicating that the delivery attempt should be retried later.
220 smgmx.2k8domain.test ESMTP Symantec Messaging Gateway
250 2.0.0 smgmx.2k8domain.test says HELO to 192.168.2.103:51323
MAIL FROM: <[email protected]>
250 2.0.0 MAIL FROM accepted
RCPT TO: <[email protected]>
550 5.1.1 Recipient address rejected: User unknown
This issue has been addressed with the SMG 10.6.2 release. Message delivery is now deferred with a 4xx level response code for recipient addresses in domains with recipient validation enabled when the directory data source is unavailable.
Please see the Messaging Gateway Administration Guide for detailed instructions on how to update the SMG software.