Message rejected by MTA due to Address Masquerade transformation

book

Article ID: 177942

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

You notice that some email senders are getting their messages rejected by the MTA in the Symantec Messaging Gateway (SMG) Message Audit Logs.

Symptoms

Message Audit Logs show the message action 'Rejected by MTA.'
Examination of the MTA logs show error stating 'Error while performing masquerade expansion.'
 

maillog:
Error while performing masquerade expansion

Cause

The address resulting from an address masquerade is also tested to determine whether it should be masqueraded which can result in a masquerade loop. For example, one masquerade rule transforming an address which is then itself masqueraded and transformed back to the original address by the operation of other masquerade rules. A simple example follows but there are a number of ways to create a masquerade loop:

[email protected] => [email protected]
domain2.com => domain1.com

This has the following effect:

[email protected] => [email protected] => [email protected] (masquerade expansion error)
 

Resolution

SMG does not have a facility by which addresses may be tested for masquerade loops but the masquerade loop will be logged in the maillog at INFO level as follows

sms_masquerade_headers: [email protected] expanded to already present address [email protected]

If messages are rejected with a masquerade expansion error, the masquerade rules configured in Protocols->Address Masquerade should be reviewed to determine whether either the sender address or one of the recipient addresses will result in a loop. If a masquerade loop is present, one of the masquerade rules participating in that loop will need to be modified or removed.