Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1522
  • Last Modified:

Exchange SMTP Loop Detected

We are using an Astaro/Sophos spam detection appliance and are experiencing a problem sending mail to our Exchange server. Everytime a message comes through to a non-existent email account, the Exchange server gets stuck in a loop with the Sophos device. The Exchange server has an error message which says "Local loop detected" but the Sophos device does not detect any errors. It just keeps trying to send the message until the queue gets so full (more than 60,000 messages this past weekend) that it can't function anymore. We had been using this same Sophos device with a more generic SMTP server in the past but the recent change to Exchange has been causing this problem. The old mail server just caused the Sophos device to bounce the messages, Exchange can't seem to do that. What is causing this loop and how do we stop this from happening?
0
stu215
Asked:
stu215
1 Solution
 
Simon Butler (Sembee)ConsultantCommented:
Is the appliance not able to do recipient validation? Perhaps via LDAP? If not then I would consider that a major downside to the product, because recipient validation should be the first thing any anti-spam appliance does.

Out of the box, Exchange will accept the email for any address at the domain/s listed in its Accepted Domain list. If the user doesn't exist it will then bounce it.
To change that behaviour, you need to install the anti-spam agents then disable the ones you don't need:
http://semb.ee/filterunknown

However in your scenario, unless the filtering appliance can drop those messages, you will be causing back scatter.

I would speak to Sophos and see if their product can do recipient filtering - that will resolve your problems and also ensure that you aren't processing email for users who don't exist, therefore wasting bandwidth.

Simon.
0
 
SommerblinkCommented:
You didn't mention what version of Sophos UTM you're using, but with version 9, if you go to Definitions & Users > Authentication Servers > Servers, you can setup UTM to validate addresses against AD.

In the most current version of the manual for version 9 (9.106), it is described a little more in-depth on printed page 299.
0
 
Dirk KotteSECommented:
Sophos UTM/ASTARO is able to check the recipient before accepting the message.
there are different options like smpt-callout or ldap-receipment check.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now