Mysterious mail loop on Edge Transport server: Check your size limits!


I’m a support enginer in CSS. I was working with a customer who reported a mail loop error for a specific domain like contoso.com. This error was only observed in large emails.  Yeah that’s really mysterious until you figure out that the mail loop is due to size restriction on the Send connector.  I thought this was curious enough to share.

Understanding the configuration and root cause of the issue:

I initially thought that this might have been the outcome of the Edge server being configured to use an external DNS server (a DNS server that resolves external hosts). Usually, when the Edge Tranport server is configured to use an external DNS, it resolves the domain name to the public IP addresses (generally pointing to itself, the exernal firewall, or the service provider) instead of a Hub Transport server in the Active Diectory site, causing a mail loop.

On reproducing the issue, I found out that the Edge Transport server was not configured to use an external DNS server. The environment I set up to reproduce the issue looked like the diagra below:

clip_image002

 

Here’s what happens in this scenario: When the Edge Transport server receives a 20 MB email from an Internet sender, it accepts it. The Edge Transport server has two connectors that match the address space – one for the address space contoso.com to the Active Directory site and one for the address space *. When making the routing decision based on all available connectors, the one from the Edge to Hub is not considered because of the size restriction (it has 10 MB size limit). The best match is the * connector from Edge to the Internet (Please go over the connector selection algorithm documented in Understanding Message Routing) which has a message size limit of 30 MB.

End result: The message is routed back to the Internet causing the message loop between the Internet and the Edge Server.

Based on whether the Send connector to the Internet is configured to use DNS or a Smart Host to deliver oubound mail, we will get one of the following NDRs:

If using DNS:

#554 5.4.4 SMTPSEND.DNS.MxLoopback; DNS records for this domain are configured in a loop ##

If using a Smart Host:

5.4.6 smtp;554 5.4.6 Hop count exceeded – possible mail loop> #SMTP#

The Solution

This behavior is by design and can be easily rectified by modifying the message size limit on the connector. Based on your requirement, you can choose either of the following options:

  • Set the MaxMessageSize parameter on the Receive Connector (which receives inbound mail from the Internet) to 10MB, so messages from the Interent are restricted to 10 MB.
  • Set the MaxMessageSize on the Send connector from Edge to HUB to 30MB, which will allow you to receive 30 MB messages from external senders.

Mystery solved! Thanks to Arindam Thokder and Scott Landry, who helped me with getting this ready for the blog!

Suresh Kumar (XCON)

Comments (14)
  1. Josh says:

    Makes sense.

    Seems like with all things, best practice is to have your most restrictive policies at the edge, and weird issues like this will not be problems

  2. Charles Derber says:

    Its wasn't that mysterious rather can be seen clearly misconfigured(if exchange admin expects email to be received above 10MB to AD site.) and the results as always unexpected behavior.

    I was wandering who did this configuration and the objective behind :)

  3. Dinesh Singh says:

    Sound good stuff, detail elucidation in genus way, keep it up

  4. Surajpa says:

    Good stuff. keep it up !

  5. Siddhesh Dalvi says:

    Nice Stuff!!

  6. tom says:

    Great Article for Exchange On-Premises customers.

    Thanks

  7. Sunder says:

    Good One :)

  8. John says:

    Nice :-) Exchange Team has decided to write us Exchange On-Premises Articles.

    Thanks

  9. Jason says:

    Why wouldn't it be a practice to just set all the message size limit attributes to the same exact size?

  10. Andy says:

    Nothing mysterious or new about it. This guy need to refresh his technical skills. This has been there time since exchange 2007 was launched :)

  11. Builder the Bob says:

    This is great an all, but why doesn't Exchange just report this condition as part of the BPA? Wouldn't that be easier? By the time it took you to write this article, you could have coded the 3-4 line PS script in BPA to check for this condition and then we'd never have to worry about it again.

  12. Josh says:

    @Jason: not necessarily. You may want to allow say 10 mb from the Internet, but 30 mb internally. Though I'll admit I can't understand the logic behind configuring 30 mb from outside, and 10 internally… That one reeks of an exadmin who wasn't thinking clearly

  13. viman007@hotmail.com says:

    good…

  14. Brian Day [MSFT] says:

    If you were using Edge Transport to perform an External Relay you may need to accept 30 MB messages at Edge so you can relay them to the other mail system even though your internal Exchange org only allows 10 MB messages.

Comments are closed.