Symantec Data Loss Prevention (DLP) Cloud Service for Email
Mail from a remote office is not delivered to the intended recipient.
The remote office uses O365 and passes its mail to the main office which uses Gmail.
Mail flow:
Remote user >> O365 >> DLP (Cloud Server for Email in forwarding mode) >> ESS >> Gmail >> (redirect back to the same DLP) >> ESS (same) >> External MTA.
When the Gmail redirects the message back to the same DLP Cloud Service for Email, DLP detects this as a loop and drops the message.
DLP then sends a Loop Detected message back to Gmail.
Error message (some parts have been obfuscated):
Reporting-MTA: dns; googlemail.com
Received-From-MTA: dns; [email protected]
Arrival-Date: Thu, 17 Sep 2020 16:34:58 -0700 (PDT)
X-Original-Message-ID: <[email protected]>
Final-Recipient: rfc822; [email protected]
Action: delayed
Status: 4.3.0
Remote-MTA: dns; xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.ds.dlp.protect.symantec.com
(54.xxx.xxx.60, the relay for the domain.)
Diagnostic-Code: smtp; 421 4.3.0 Loop Detected. Check reflect mode configuration:
Release : 15.x+
Component : Cloud Service for Email
Incorrectly designed mail flow caused a loop.
Redesign the mail flow so that the same message does not return to the same DLP Cloud Service for Email detector.
The architecture as described here is somewhat uncommon.
However, as per this latest update: You are seeing emails with a "554 5.4.6" error code returned to your exchange environment by the DLP Cloud Service (broadcom.com), the Cloud Service has modifed the SMTP code returned.
This should prevent looping messages from being sent through the service.