This article applies to:

• Trustwave MailMarshal (SEG)
• Microsoft Exchange Server

Symptoms:

• SEG configured with Exchange as the internal email server
• Many copies of identical messages in SEG folders or message history
• Receiver log shows messages to local domains being refused with "554 Too many hops"
• Exchange, SEG, or the SEG database low on disk space.

Causes:

A mail loop between SEG and Exchange can occur when the Exchange server is configured to "forward mail with unresolved recipients" (Exchange 2003). A similar problem can occur when the Exchange organization includes more than one Exchange server and messages are routed between servers.

Directory Harvest Attacks and randomly addressed spam can trigger a larger volume of looping mail and cause more visible symptoms.

Resolution:

• If the Exchange server is a single server, ensure that the SMTP Connector is not configured to forward mail with unresolved recipients to SEG.
  • In Exchange 2000 and Exchange 2003, you can check this setting in the Exchange System Manager > Servers > Server name > Protocols > SMTP > Default SMTP Virtual Server > Messages tab.
  • In later Exchange versions, check the Accepted Domains setting (authoritative or internal relay domains).
• If the Exchange organization contains multiple servers, and messages for local addresses could be routed between servers, ensure that these messages do not route through SEG.
  • Use dedicated SMTP Virtual Servers (Send Connectors) for the Exchange to Exchange connections. Use a separate SMTP Virtual Server (Send Connector) for the connections to SEG for outbound messages to non-local domains.
  • Consult the Microsoft Exchange documentation to configure routing for specific local domains and addresses.
• You can reduce issues with incoming email to invalid recipients by using the SEG DHA prevention feature.