search cancel

SMTP error "421 4.3.0 Loop Detected. Check reflect mode configuration" with Symantec Data Loss Prevention

book

Article ID: 201084

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Service for Email Data Loss Prevention Data Loss Prevention Cloud Package

Issue/Introduction

Symantec Data Loss Prevention (DLP) Cloud Service for Email

Mail from a remote office is not delivered to the intended recipient.
The remote office uses O365 and passes its mail to the main office which uses Gmail.

Mail flow:

Remote user >> O365 >> DLP (Cloud Server for Email in forwarding mode) >> ESS >> Gmail >> (redirect back to the same DLP) >> ESS (same) >> External MTA.

When the Gmail redirects the message back to the same DLP Cloud Service for Email, DLP detects this as a loop and drops the message.
DLP then sends a Loop Detected message back to Gmail.

Error message (some parts have been obfuscated):

Reporting-MTA: dns; googlemail.com
Received-From-MTA: dns; [email protected]
Arrival-Date: Thu, 17 Sep 2020 16:34:58 -0700 (PDT)
X-Original-Message-ID: <[email protected]>

Final-Recipient: rfc822; [email protected]
Action: delayed
Status: 4.3.0
Remote-MTA: dns; 96df5d50-xxxx-xxxx-xxxx-0242ac110002.ds.dlp.protect.symantec.com
 (54.xxx.xxx.60, the relay for the domain.)
Diagnostic-Code: smtp; 421 4.3.0 Loop Detected. Check reflect mode configuration: 

Cause

Incorrectly designed mail flow caused a loop.

Environment

Release : 15.0

Component : Cloud Service for Email

Resolution

Redesign the mail flow so that the same message does not return to the same DLP Cloud Service for Email detector.