search cancel

You are seeing emails with a "554 5.4.6" error code returned to your exchange environment by the DLP Cloud Service

book

Article ID: 253255

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Service for Email Data Loss Prevention

Issue/Introduction

Email queues are being returned by the DLP Cloud Service to your exchange environment with a "554 5.4.6" error code.

Environment

Release : 15.8+

This issue is most commonly seen when the DLP Cloud Service for Email is integrated with a customer's on-premises Exchange.

That is, it doesn't usually occur when emails originate from other hosted services, e.g., O365 or Gmail MTAs.

Cause

In general, the queue buildup appears related to "Looping messages" being sent through DLP.

Previously, the SMTP code returned by the DLP Cloud Service was "421 4.3.0 Loop Detected", which was sent by the DLP Cloud Service when the message had already been handled by the service. By design, this code instructs the MTA to retry sending the message at a later time. In some cases, if a large number of messages were resent it would cause performance issues on Exchange.

As of Nov 1, 2022,  the error in response has changed from "421 4.3.0" to "554 5.4.6":

"554 5.4.6 Loop Detected. Check reflect mode configuration"

With the code change from a 421 to a 554 code, DLP Cloud Service will no longer tell upstream MTAs to retry the message.

This change may require customers to correct their mail flow.

Resolution

Preventing messages from being sent more than once to the DLP Cloud Service is recommended.

Other changes which might improve the condition:

  • Exchange teams should work to prevent messages that originate from invalid addresses in their environment
  • Increase memory available to Exchange servers
  • Increase CPUs available to Exchange servers

Additional Information

Despite the error response, this issue can happen to customers in Forwarding mode.

The messages have also been documented for other, less common reasons, as per SMTP error "421 4.3.0 Loop Detected. Check reflect mode configuration" with Symantec Data Loss Prevention).