This article applies to:
- Trustwave MailMarshal (SEG)
- Microsoft Exchange Server
Symptoms:
- SEG configured with Exchange as the internal email server
- Many copies of identical messages in SEG folders or message history
- Receiver log shows messages to local domains being refused with "554 Too many hops"
- Exchange, SEG, or the SEG database low on disk space.
Causes:
A mail loop between SEG and Exchange can occur when the Exchange server is configured to "forward mail with unresolved recipients" (Exchange 2003). A similar problem can occur when the Exchange organization includes more than one Exchange server and messages are routed between servers.
Directory Harvest Attacks and randomly addressed spam can trigger a larger volume of looping mail and cause more visible symptoms.
Resolution:
- If the Exchange server is a single server, ensure that the SMTP Connector is not configured to forward mail with unresolved recipients to SEG.
- In Exchange 2000 and Exchange 2003, you can check this setting in the Exchange System Manager > Servers > Server name > Protocols > SMTP > Default SMTP Virtual Server > Messages tab.
- In later Exchange versions, check the Accepted Domains setting (authoritative or internal relay domains).
- If the Exchange organization contains multiple servers, and messages for local addresses could be routed between servers, ensure that these messages do not route through SEG.
- Use dedicated SMTP Virtual Servers (Send Connectors) for the Exchange to Exchange connections. Use a separate SMTP Virtual Server (Send Connector) for the connections to SEG for outbound messages to non-local domains.
- Consult the Microsoft Exchange documentation to configure routing for specific local domains and addresses.
- You can reduce issues with incoming email to invalid recipients by using the SEG DHA prevention feature.