Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1698
  • Last Modified:

Exchange SMTP Loop Detected

We are using an Astaro/Sophos spam detection appliance and are experiencing a problem sending mail to our Exchange server. Everytime a message comes through to a non-existent email account, the Exchange server gets stuck in a loop with the Sophos device. The Exchange server has an error message which says "Local loop detected" but the Sophos device does not detect any errors. It just keeps trying to send the message until the queue gets so full (more than 60,000 messages this past weekend) that it can't function anymore. We had been using this same Sophos device with a more generic SMTP server in the past but the recent change to Exchange has been causing this problem. The old mail server just caused the Sophos device to bounce the messages, Exchange can't seem to do that. What is causing this loop and how do we stop this from happening?
0
stu215
Asked:
stu215
1 Solution
 
Simon Butler (Sembee)ConsultantCommented:
Is the appliance not able to do recipient validation? Perhaps via LDAP? If not then I would consider that a major downside to the product, because recipient validation should be the first thing any anti-spam appliance does.

Out of the box, Exchange will accept the email for any address at the domain/s listed in its Accepted Domain list. If the user doesn't exist it will then bounce it.
To change that behaviour, you need to install the anti-spam agents then disable the ones you don't need:
http://semb.ee/filterunknown

However in your scenario, unless the filtering appliance can drop those messages, you will be causing back scatter.

I would speak to Sophos and see if their product can do recipient filtering - that will resolve your problems and also ensure that you aren't processing email for users who don't exist, therefore wasting bandwidth.

Simon.
0
 
SommerblinkCommented:
You didn't mention what version of Sophos UTM you're using, but with version 9, if you go to Definitions & Users > Authentication Servers > Servers, you can setup UTM to validate addresses against AD.

In the most current version of the manual for version 9 (9.106), it is described a little more in-depth on printed page 299.
0
 
Dirk KotteSECommented:
Sophos UTM/ASTARO is able to check the recipient before accepting the message.
there are different options like smpt-callout or ldap-receipment check.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now