Link to home
Start Free TrialLog in
Avatar of Dan
DanFlag for United States of America

asked on

Error 554 5.4.6 Hop count exceeded - possible mail loop

I am running exchange 2016 with CU13 I think, perhaps it's different, but it was last patched about 8 months ago or so.
I have only 1 exchange server with all roles on the same physical server.
we have 2 web servers in a data center and we just added a domain controller at that facility. This loop problem just started, not sure if it was coincidence or if they are not related, but it's very close to the same time when these errors started happening.

Any ideas what could be causing this problem.  I have multiple users getting these error messages and some users are getting them every 5 or 10 minutes.

Any help to point me in the right direction would be appreciated.

-----Original Message-----
From: Mail Delivery System [mailto:Mailer-Daemon@mail.mydomain.org]
Sent: Friday, January 27, 2017 7:56 AM
To: prvs=020015f8db=prvs=020039b4e8=prvs=0200f5b590=prophecyencounter@mydomain.org
Subject: mail.mydomain.org Mail delivery failed : returning message to sender

This message was created automatically by the SMTP relay on mail.mydomain.org.
 
A message that you sent could not be delivered to all of its recipients.
The following address(es) failed:

  mailer-daemon@mail.mydomain.org
    SMTP error from remote mail server after end of data:
    host mail.mydomain.org [192.168.100.131]:
    554 5.4.6 Hop count exceeded - possible mail loop

------ This is a copy of the message, including all the headers. ------
------ The body of the message is 128803 characters long; only the first
------ 106000 or so are included here.

Return-path: <prvs=020015f8db=prvs=020039b4e8=prvs=0200f5b590=prophecyencounter@mydomain.org>
Received: from [192.168.100.131] (port=24794 helo=mail.mydomain.org)
        by mail.mydomain.org with esmtps (TLSv1.2:AES256-SHA:256)
        (Exim 4.82_1-5b7a7c0-XX)
        (envelope-from <prvs=020015f8db=prvs=020039b4e8=prvs=0200f5b590=prophecyencounter@mydomain.org>)
        id 1cX8sL-00013z-2H
        for mailer-daemon@mail.mydomain.org; Fri, 27 Jan 2017 07:55:45 -0800
Received: from ELIJAH.mydomain.org (192.168.100.131) by
 elijah.mydomain.org (192.168.100.131) with Microsoft SMTP Server (TLS) id
 15.0.1156.6; Fri, 27 Jan 2017 07:40:40 -0800
Received: from mail.mydomain.org (192.168.100.3) by
 ELIJAH.mydomain.org (192.168.100.131) with Microsoft SMTP Server (TLS) id
 15.0.1156.6 via Frontend Transport; Fri, 27 Jan 2017 07:40:40 -0800
Received: from [192.168.100.131] (port=22833 helo=mail.mydomain.org)
        by mail.mydomain.org with esmtps (TLSv1.2:AES256-SHA:256)
        (Exim 4.82_1-5b7a7c0-XX)
        (envelope-from <prvs=020039b4e8=prvs=0200f5b590=prophecyencounter@mydomain.org>)
        id 1cX8dh-0008LM-1q
        for mailer-daemon@mail.mydomain.org; Fri, 27 Jan 2017 07:40:37 -0800
Received: from ELIJAH.mydomain.org (192.168.100.131) by
ASKER CERTIFIED SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Dan

ASKER

I just didn't include the entire message as it's huge.  Yes, mail.mydomain.org and elijah.mydomain.org are pointing to the same exchange server, 192.168.100.131.  There's only one internal server.

A few questions, ever since exchange 2007, its been much harder to search for the logs.  So how do I search the logs?
Use message trace to identify the rule that redirects/forwards this message.
It seems like a distribution list that generates a notice to its own processing mechanism.
Avatar of Dan

ASKER

I tried to search, but apparently exchange doesn't recognize my command.
User generated image
You invoked powershell but you might not have loaded the exchange command/interface
The error does not like the get.....

https://technet.microsoft.com/en-us/library/mt587043(v=exchg.150).aspx

You should not specify the sender as you might be referencing the From: entry but it is not nessarily the sender of the message.
Return-Path: reflects the sender in the case/email you posted.
Avatar of Dan

ASKER

If I don't add an email address, there will be thousands of emails.  Since I'm missing something, can you give me an example of how the command should look like?
Use the Message-Id in the screening. It is not included in the information you posted so can not reference it.
One more thing, note the sender keeps getting prvs=someuniquereference prepended to the envelope sender.


prvs=020015f8db=prvs=020039b4e8=prvs=0200f5b590=prophecyencounter@mydomain.org>
Received: from [192.168.100.131] (port=24794 helo=mail.mydomain.org)
On the third pass.....
Avatar of Dan

ASKER

yes, I identified the account prophecyencounter@mydomain.org, but how do I actually stop the loop in exchange?
Check the rules on the server when an email cones into the account. The rules might be on the client.

I.e. A user implemented an anti-spam tool that attempts to bounce a message "determined" to be spam.
But because of a misconfiguration leads to the loop by responding/redirecting the "bounce" to the wrong destination.
Avatar of Dan

ASKER

so no rules on the client.  Where in exchange 2013 would I even look for that?
IN the message trace you should see what process/event redirected. You can have server rules.

Do you have a message forwarding rule that deals with your company compliance?
Avatar of Dan

ASKER

I just checked my server and there are no email address policies. Not sure where else to check.
You may have default rules on all incoming.
Is there a delay between the message coming in and going out that could suggest the issue is on the user's computer and an anti-spam mechanism.
The peculiar is that the sender username@yourdomain.com with every cycle gets priv=sone reference.username@.....
Avatar of Dan

ASKER

Thanks guys, I stopped forwarding, and also stopped auto reply in mailflow, a system that sends out emails.
Then I upgraded mailflow to the newest version, and changed the reply to email on our website an so far, it's bee 24 hours and no more NDR emails.