This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMTP Proxy and Exchange - 554 5.4.6 Hop count exceeded - possible mail loop

I'm having this issue with Exchange and the UTM.

My quarantine reports are not getting delivered either as they are getting bounced.

Any ideas?



This thread was automatically locked due to age.
Parents Reply Children
  • Looking at it further, it only appears to happen with the quarantine report.

    The UTM sends the spam quarantine report out to the user. The user has an automatic reply set (as they are away) which is then forwarded back to the UTM.

    It then appears the UTM sends the quarantine report again (and then the auto reply) and so on until it bounces due to a mail loop.

    Normal email to the user (from internal (doesn't hit UTM) & external) doesn't have this behavior and responds as it should.

    Even with the above happening, the user only gets one quarantine report in their inbox so it's not flooding it.
    It's almost like the UTM gets an auto reply and doesn't know what to do with it and then tries to forward it back to the user who then auto replies and so on until exchange cuts the loop.

    Log below:

    2016:05:03-07:00:24 UTM01-1 exim-out[9258]: 2016-05-03 07:00:24 1axTNJ-0002Jv-0l => joe.bloggs@mydomain.uk P=<UTM01@mydomain.uk> R=static_route_hostlist T=static_smtp H=10.1.2.100 [10.1.2.100]:25 X=TLSv1:ECDHE-RSA-AES256-SHA:256 C="250 2.6.0 <E1axTNJ-0002Jv-0l@UTM01.mydomain.uk> [InternalId=227116] Queued mail for delivery"
    2016:05:03-07:00:30 UTM01-1 smtpd[9306]: SCANNER[9306]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.1.2.3" from="" to="UTM01@mydomain.uk" subject="Automatic reply: Quarantine Report for joe.bloggs@mydomain.uk" queueid="1axTNm-0002Q6-G5" size="2727"
    2016:05:03-07:00:33 UTM01-1 smtpd[9306]: SCANNER[9306]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.1.2.3" from="" to="UTM01@mydomain.uk" subject="Automatic reply: Quarantine Report for joe.bloggs@mydomain.uk" queueid="1axTNp-0002Q6-7L" size="2727"
    2016:05:03-07:00:36 UTM01-1 smtpd[9306]: SCANNER[9306]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.1.2.3" from="" to="UTM01@mydomain.uk" subject="Automatic reply: Quarantine Report for joe.bloggs@mydomain.uk" queueid="1axTNs-0002Q6-0j" size="2727"
    2016:05:03-07:00:38 UTM01-1 smtpd[9306]: SCANNER[9306]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.1.2.3" from="" to="UTM01@mydomain.uk" subject="Automatic reply: Quarantine Report for joe.bloggs@mydomain.uk" queueid="1axTNu-0002Q6-TZ" size="2727"
    2016:05:03-07:01:20 UTM01-1 smtpd[9759]: SCANNER[9759]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.1.2.3" from="" to="UTM01@mydomain.uk" subject="Automatic reply: Quarantine Report for joe.bloggs@mydomain.uk" queueid="1axTOa-0002XP-Ak" size="2727"
    2016:05:03-07:02:00 UTM01-1 smtpd[9958]: SCANNER[9958]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.1.2.3" from="" to="UTM01@mydomain.uk" subject="Automatic reply: Quarantine Report for joe.bloggs@mydomain.uk" queueid="1axTPE-0002ac-8b" size="2727"
    2016:05:03-07:17:10 UTM01-1 smtpd[14886]: SCANNER[14886]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.1.2.3" from="" to="UTM01@mydomain.uk" subject="Automatic reply: Quarantine Report for joe.bloggs@mydomain.uk" queueid="1axTdu-0003s6-Fd" size="2727"
    2016:05:03-07:32:20 UTM01-1 smtpd[19101]: SCANNER[19101]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.1.2.3" from="" to="UTM01@mydomain.uk" subject="Automatic reply: Quarantine Report for joe.bloggs@mydomain.uk" queueid="1axTsa-0004y5-Fb" size="2727"
    2016:05:03-07:47:26 UTM01-1 smtpd[21568]: SCANNER[21568]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.1.2.3" from="" to="UTM01@mydomain.uk" subject="Automatic reply: Quarantine Report for joe.bloggs@mydomain.uk" queueid="1axU7C-0005bs-1k" size="2727"
    2016:05:03-08:02:40 UTM01-1 smtpd[24605]: SCANNER[24605]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.1.2.3" from="" to="UTM01@mydomain.uk" subject="Automatic reply: Quarantine Report for joe.bloggs@mydomain.uk" queueid="1axULw-0006Or-9b" size="2727"
    2016:05:03-08:17:46 UTM01-1 smtpd[27509]: SCANNER[27509]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.1.2.3" from="" to="UTM01@mydomain.uk" subject="Automatic reply: Quarantine Report for joe.bloggs@mydomain.uk" queueid="1axUaY-00079h-Jc" size="2727"
    2016:05:03-08:32:53 UTM01-1 smtpd[30313]: SCANNER[30313]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.1.2.3" from="" to="UTM01@mydomain.uk" subject="Automatic reply: Quarantine Report for joe.bloggs@mydomain.uk" queueid="1axUpB-0007sv-AZ" size="2727"
    2016:05:03-08:48:00 UTM01-1 smtpd[1224]: SCANNER[1224]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.1.2.3" from="" to="UTM01@mydomain.uk" subject="Automatic reply: Quarantine Report for joe.bloggs@mydomain.uk" queueid="1axV3o-0000Jk-0b" size="2727"

  • Those are the only lines in your SMTP log?

    Is Exchange configured to send out-of-office replies as SMTP bounces?  If so, I would have expected to see a problem with BATV.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thats the only entries with regards to that particular email. Not sure what you mean with regards as SMTP bounces for out of office replies?

  • hi Louis I have the same problem.

    How did you solve it?

    To me it happens when I send an email  to:   name@subdomain.mydomain.it   from:  name@mydomain.it .

    subdomain.mydomain.it has an external exchange 

    mydomain.it has an internal exchange with sophos email appliance

    I read the guides sophos but the exchange configuration seems ok, with the old anti-spam and the same echange configuration there wasn't this problem.

    thank for the support

  • Hi Luca,

    Sorry I can't remember what happened with it. We don't have the issue anymore so not sure what caused it. Sorry.

    Louis