troubleshooting Question

Using Exchange Online Protection, sender getting 554 5.4.14 Hop count exceeded

Avatar of MikeBroderick
MikeBroderick asked on
ExchangeMicrosoft 365DNS
13 Comments1 Solution837 ViewsLast Modified:
I set up EOP to filter incoming email for my on-premise Exchange 2013 server. After changing my DNS (in GoDaddy, using the EOP wizard) to point to EOP, the on-premise Exch svr does not get mail. Senders get the following NDR:

Reported error: 554 5.4.14 Hop count exceeded - possible mail loop ATTR34 [BN7NAM10FT005.eop-nam10.prod.protection.outlook.com]  
DSN generated by: MN2PR02MB6608.namprd02.prod.outlook.com
Remote server: BN7NAM10FT005.mail.protection.outlook.com

The NDR is nice enough to provide a trace, which shows several Microsoft servers (see below). The servers are all unique (no apparent loop). Some other notes:

I signed up for only MS Exchange Online Protection. I do not have any other MS subscriptions (Office 365, etc.)

I defined our domain and 3 users in admin.microsoft,com. The 3 users exist on our on-premise Exchange Server. I sign onto a remote email service (AOL) and send an email message to one of 3 users. I get the NDR message. I send an email to a user on my on-premise that is not one of the 3 users. I get the NDR message.

The send connector wizard on admin.microsoft.com has a verify function. When I specify one of the 3 defined users, the verify fails. In the log the problem is "user not found". When I specify a user that is not defined to admin.ms.com, the verify function succeeds! I just don't get this...

Here are the hops in the NDR message:


Message Hops
HOP TIME (UTC) FROM TO WITH RELAY TIME
1 3/26/2020
4:11:58 PM sonic.gate.mail.ne1.yahoo.com sonic312.consmr.mail.bf2.yahoo.com HTTP 2 sec
2 3/26/2020
4:11:58 PM sonic312-21.consmr.mail.bf2.yahoo.com DM6NAM10FT064.mail.protection.outlook.com Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) *
3 3/26/2020
4:11:59 PM DM6NAM10FT064.eop-nam10.prod.protection.outlook.com DM5PR21CA0055.outlook.office365.com Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) 1 sec
4 3/26/2020
4:11:59 PM DM5PR21CA0055.namprd21.prod.outlook.com SN6PR02MB4158.namprd02.prod.outlook.com Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) *
5 3/26/2020
4:12:02 PM NAM10-BN7-obe.outbound.protection.outlook.com MW2NAM10FT041.mail.protection.outlook.com Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) 3 sec
6 3/26/2020
4:12:03 PM MW2NAM10FT041.eop-nam10.prod.protection.outlook.com CO2PR04CA0204.outlook.office365.com Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) 1 sec
7 3/26/2020
4:12:03 PM CO2PR04CA0204.namprd04.prod.outlook.com CY4PR0201MB3412.namprd02.prod.outlook.com Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) *
8 3/26/2020
4:12:04 PM NAM02-BL2-obe.outbound.protection.outlook.com DM6NAM10FT025.mail.protection.outlook.com Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) 1 sec
9 3/26/2020
4:12:05 PM DM6NAM10FT025.eop-nam10.prod.protection.outlook.com DM6PR02CA0106.outlook.office365.com Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) 1 sec
10 3/26/2020
4:12:05 PM DM6PR02CA0106.namprd02.prod.outlook.com MN2PR02MB6608.namprd02.prod.outlook.com Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) *
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 13 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 13 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros