Hi All,

Customer reports that some emails are not appearing in users inbox from external senders.  This is intermittent and only happens to a handful out of 100's of emails.  There seems to be no pattern to this issue. It's not the same sender or the same recipient each time.  We have spoken to Mimecast and they have given us the logs proving the message was accepted by the Exchange 2016 server.  There is nothing in the queues and Get-MessageTrackingLog is not showing the missing message(s).

Below is the SMTP log from the time and I can see the email coming in. Can anyone spot an error in this SMTP communication. 

Any clues where to look after the SMTP logs please? These have been sanitised.

There is no transport errors in the Application event logs either.

2021-11-22T09:35:36.759Z,EX2016\Default Frontend,0000000000,1,Y.Y.Y.Y:25,X.X.X.X:51166,>,"220 EX2016.domain.local Microsoft ESMTP MAIL Service ready at Mon, 22 Nov 2021 09:35:36 +0000",
2021-11-22T09:35:36.769Z,EX2016\Default Frontend,0000000000,2,Y.Y.Y.Y:25,X.X.X.X:51166,<,EHLO eu-smtp-1.mimecast.com,
2021-11-22T09:35:36.770Z,EX2016\Default Frontend,0000000000,3,Y.Y.Y.Y:25,X.X.X.X:51166,>,250 EX2016.domain.local Hello [X.X.X.X] SIZE 37748736 PIPELINING DSN ENHANCEDSTATUSCODES STARTTLS X-ANONYMOUSTLS AUTH NTLM X-EXPS GSSAPI NTLM 8BITMIME BINARYMIME CHUNKING XRDST,
2021-11-22T09:35:36.780Z,EX2016\Default Frontend,0000000000,4,Y.Y.Y.Y:25,X.X.X.X:51166,<,STARTTLS,
2021-11-22T09:35:36.781Z,EX2016\Default Frontend,0000000000,5,Y.Y.Y.Y:25,X.X.X.X:51166,>,220 2.0.0 SMTP server ready,
2021-11-22T09:35:36.781Z,EX2016\Default Frontend,0000000000,6,Y.Y.Y.Y:25,X.X.X.X:51166,*, CN=EX2016 CN=EX2016 299Dxxxxxxxxxxxxxxxxxxx19AE 9947xxxxxxxxxxxxxxxxxxxxxx2F25E 2020-05-11T16:17:35.000Z 2025-05-11T16:17:35.000Z EX2016;EX2016.domain.local,Sending certificate Subject Issuer name Serial number Thumbprint Not before Not after Subject alternate names
2021-11-22T09:35:36.808Z,EX2016\Default Frontend,0000000000,7,Y.Y.Y.Y:25,X.X.X.X:51166,*,,"TLS protocol SP_PROT_TLS1_2_SERVER negotiation succeeded using bulk encryption algorithm CALG_AES_128 with strength 128 bits, MAC hash algorithm CALG_SHA_256 with strength 0 bits and key exchange algorithm CALG_ECDH_EPHEM with strength 256 bits"
2021-11-22T09:35:36.823Z,EX2016\Default Frontend,0000000000,8,Y.Y.Y.Y:25,X.X.X.X:51166,-,,Local
2021-11-22T09:35:36.840Z,EX2016\Default Frontend,0000000000,0,Y.Y.Y.Y:25,X.X.X.X:51168,+,,
2021-11-22T09:35:36.844Z,EX2016\Default Frontend,0000000000,1,Y.Y.Y.Y:25,X.X.X.X:51168,>,"220 EX2016.domain.local Microsoft ESMTP MAIL Service ready at Mon, 22 Nov 2021 09:35:36 +0000",
2021-11-22T09:35:36.855Z,EX2016\Default Frontend,0000000000,2,Y.Y.Y.Y:25,X.X.X.X:51168,<,EHLO eu-smtp-1.mimecast.com,
2021-11-22T09:35:36.856Z,EX2016\Default Frontend,0000000000,3,Y.Y.Y.Y:25,X.X.X.X:51168,>,250 EX2016.domain.local Hello [X.X.X.X] SIZE 37748736 PIPELINING DSN ENHANCEDSTATUSCODES STARTTLS X-ANONYMOUSTLS AUTH NTLM X-EXPS GSSAPI NTLM 8BITMIME BINARYMIME CHUNKING XRDST,
2021-11-22T09:35:36.867Z,EX2016\Default Frontend,0000000000,4,Y.Y.Y.Y:25,X.X.X.X:51168,<,MAIL FROM:<sender@gmail.com>,
2021-11-22T09:35:36.867Z,EX2016\Default Frontend,0000000000,5,Y.Y.Y.Y:25,X.X.X.X:51168,*,0000000000;2021-11-22T09:35:36.840Z;1,receiving message
2021-11-22T09:35:36.867Z,EX2016\Default Frontend,0000000000,6,Y.Y.Y.Y:25,X.X.X.X:51168,>,250 2.1.0 Sender OK,
2021-11-22T09:35:36.880Z,EX2016\Default Frontend,0000000000,7,Y.Y.Y.Y:25,X.X.X.X:51168,<,RCPT TO:<recipient@domain.co.uk>,
2021-11-22T09:35:36.880Z,EX2016\Default Frontend,0000000000,8,Y.Y.Y.Y:25,X.X.X.X:51168,>,250 2.1.5 Recipient OK,
2021-11-22T09:35:36.901Z,EX2016\Default Frontend,0000000000,9,Y.Y.Y.Y:25,X.X.X.X:51168,<,RSET,
2021-11-22T09:35:36.901Z,EX2016\Default Frontend,0000000000,10,Y.Y.Y.Y:25,X.X.X.X:51168,*,Tarpit for '0.00:00:05' due to '250 2.0.0 Resetting',
2021-11-22T09:35:41.911Z,EX2016\Default Frontend,0000000000,11,Y.Y.Y.Y:25,X.X.X.X:51168,>,250 2.0.0 Resetting,
2021-11-22T09:35:41.912Z,EX2016\Default Frontend,0000000000,12,Y.Y.Y.Y:25,X.X.X.X:51168,<,MAIL FROM: <sender@gmail.com>,
2021-11-22T09:35:41.912Z,EX2016\Default Frontend,0000000000,13,Y.Y.Y.Y:25,X.X.X.X:51168,*,0000000000;2021-11-22T09:35:36.840Z;2,receiving message
2021-11-22T09:35:41.912Z,EX2016\Default Frontend,0000000000,14,Y.Y.Y.Y:25,X.X.X.X:51168,>,250 2.1.0 Sender OK,
2021-11-22T09:35:41.913Z,EX2016\Default Frontend,0000000000,15,Y.Y.Y.Y:25,X.X.X.X:51168,<,RCPT TO: <recipient@domain.co.uk>,
2021-11-22T09:35:41.913Z,EX2016\Default Frontend,0000000000,16,Y.Y.Y.Y:25,X.X.X.X:51168,>,250 2.1.5 Recipient OK,
2021-11-22T09:35:41.913Z,EX2016\Default Frontend,0000000000,17,Y.Y.Y.Y:25,X.X.X.X:51168,<,DATA,
2021-11-22T09:35:41.914Z,EX2016\Default Frontend,0000000000,18,Y.Y.Y.Y:25,X.X.X.X:51168,>,354 Start mail input; end with <CRLF>.<CRLF>,
2021-11-22T09:36:00.815Z,EX2016\Default Frontend,0000000000,19,Y.Y.Y.Y:25,X.X.X.X:51168,-,,Local
2021-11-22T09:36:16.768Z,EX2016\Outbound Proxy Frontend EX2016,08D9AB8610088E36,0,Y.Y.Y.Y:717,Y.Y.Y.Y:27522,+,,
2021-11-22T09:36:16.769Z,EX2016\Default Frontend,08D9AB8610088E37,0,127.0.0.1:25,127.0.0.1:27523,+,,