search cancel

SMTP error "421 4.3.0 Loop Detected. Check reflect mode configuration" with Symantec Data Loss Prevention

book

Article ID: 201084

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Service for Email Data Loss Prevention Data Loss Prevention Cloud Package

Issue/Introduction

Symantec Data Loss Prevention (DLP) Cloud Service for Email

Mail from a remote office is not delivered to the intended recipient.
The remote office uses O365 and passes its mail to the main office which uses Gmail.

Mail flow:

Remote user >> O365 >> DLP (Cloud Server for Email in forwarding mode) >> ESS >> Gmail >> (redirect back to the same DLP) >> ESS (same) >> External MTA.

When the Gmail redirects the message back to the same DLP Cloud Service for Email, DLP detects this as a loop and drops the message.
DLP then sends a Loop Detected message back to Gmail.

Error message (some parts have been obfuscated):

Reporting-MTA: dns; googlemail.com
Received-From-MTA: dns; [email protected]
Arrival-Date: Thu, 17 Sep 2020 16:34:58 -0700 (PDT)
X-Original-Message-ID: <[email protected]>

Final-Recipient: rfc822; [email protected]
Action: delayed
Status: 4.3.0
Remote-MTA: dns; 96df5d50-xxxx-xxxx-xxxx-0242ac110002.ds.dlp.protect.symantec.com
 (54.xxx.xxx.60, the relay for the domain.)
Diagnostic-Code: smtp; 421 4.3.0 Loop Detected. Check reflect mode configuration: 

Environment

Release : 15.x+

Component : Cloud Service for Email

Cause

Incorrectly designed mail flow caused a loop.

Resolution

Redesign the mail flow so that the same message does not return to the same DLP Cloud Service for Email detector.

Additional Information

The architecture as described here is somewhat uncommon.

However, as per this latest update: You are seeing emails with a "554 5.4.6" error code returned to your exchange environment by the DLP Cloud Service (broadcom.com), the Cloud Service has modifed the SMTP code returned.

This should prevent looping messages from being sent through the service.