Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Message looping
  •  
zebby

Messages: 241
Karma: 2
Send a private message to this user
We use Kerio 6.7.1 build 7695 and in this instance Outlook 2007...

Looking through the mail logs today I noticed that the same address was coming up repeatedly.

I found the user who sent the message and they say they sent it once, however the logs tell another story...

The first mail goes out...
[01/Oct/2009 10:19:48] Recv: Queue-ID: 4ac47434-0007d94f, Service: SMTP, From: <user<_a.t_>ourdomain.co.uk>, To: <somebody<_a.t_>theirdomain.com>, Size: 10802, Sender-Host: 192.168.x.x, SSL: yes

Then it goes again...
[01/Oct/2009 10:19:49] Recv: Queue-ID: 4ac47435-0007d952, Service: SMTP, From: <user<_a.t_>ourdomain.co.uk>, To: <somebody<_a.t_>theirdomain.com>, Size: 13338, Sender-Host: 127.0.0.1, SSL: yes

This then repeats every 2 seconds until it has fired out 100 messages.
I notice that the first send has the 'sender host' IP address of the genuine user and the other 99 use loopback.

The final log entry is:
[01/Oct/2009 10:23:09] Sent: Queue-ID: 4ac474fb-0007da49, Recipient: <somebody<_a.t_>theirdomain.com>, Result: failed, Status: 5.3.2 554 5.0.0 Too many hops (101, max 100), message looping


What has gone on here?



  •  
freakinvibe

Messages: 1553
Karma: 62
Send a private message to this user
You e-mail configuration is creating an e-mail loop. This can happen:

  • when the MX record of the recipient domain points to your server
  • a user have setup a rule that automatically forwards or replies to mails and the recipient has also such a rule

On the KMS server, use nslookup to find the MX record of theirdomain.com. Does it point to your server?

Check if user<_a.t_>ourdomain.co.uk or somebody<_a.t_>theirdomain.com have any rules setup.

Also check if theirdomain.com is configured as domain in your KMS (shouldn't be).

[Updated on: Thu, 01 October 2009 14:31]


Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
zebby

Messages: 241
Karma: 2
Send a private message to this user
Thanks for the response.

nslookup on our mail server gives me an IP, and it isn't our server.

I tried a mail server test with this IP on MXToolbox.com and got a 'no response' result. A quick port scan shows only port 80 as open on their server.

Putting their domain into MXToolbox retruns their MX record as being 127.0.0.1 - nice.

Going directly to their domain on the web goes to one of those crappy holding pages with lots of search suggestions on it.

So to sum up, Kerio working fine and some server administrator somewhere is a complete an utter arse! Laughing
  •  
MxToolBox

Messages: 1
Karma: 0
Send a private message to this user
I'm glad our tools were able to help. I've seen a lot of MX Records in my day, but I've never seen anybody set theirs to 127.0.0.1 before.

We're planning on adding some tool tips to the results to help explain what they mean and how to interpret them. Based on this example, I think I'll put a check on the MX record results to show a big warning flag for any results returning private IP addresses, especially the loopback address.

MxToolBox
Online Diagnostic Tools
Free Server Monitoring
feedback<_a.t_>mxtoolbox.com
http://mxtoolbox.com
Previous Topic: Still too much spam getting through...
Next Topic: DEFECT: KMS with GlusterFS
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Nov 23 08:20:34 CET 2017

Total time taken to generate the page: 0.00384 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.