Summary:

There are two kinds of email message looping that can occur:

1) A Routing Loop -- EMF automatically detects such loops.

2) A Message Loop -- the EMF admin must identify properties of the messages being looped, and create policies to stop the loops.

Detailed Information:

There are two kinds of mail looping:

1) A Routing Loop, where the same message gets sent back and forth between two mail servers over and over. This can result from incorrect routing rules on one of the email servers. EMF auto detects such a loop by counting the Received headers. Looping is detected by the presence of 100 Received headers in the message. The offending mail is placed in the Dead Letter queue, and EMF logs the following warning event in the EMF event log:

Event Type: Warning
Level: Normal
Event ID: 1051
Event Description: Routing loop detected in message
Event Details: Placing the message in the Dead Letter queue

Note that the presence of any 100 Received headers will be cause the Dead Letter'ing, not just between the same two servers. The 100-Received-header limit is hard-coded in EMF and is not configurable.

If a routing loop is identified, the EMF admin can examine the Received headers of a sample message to determine the path the message is taking.

2) A Message Loop, in which new messages are continuously generated and sent back and forth between two mail servers.

Example of a message loop generation:

- External user1 sends an email to Internal user2, behind an EMF server.

- User2 is on vacation, and has auto forwarding of mail to his Yahoo account turned on.

- The email is forwarded to Yahoo, but user2's Yahoo account mailbox is full, causing a "mailbox full" (new message) to be returned to user2's Internal account.

- User2's account forwards the Yahoo reply to Yahoo as a new message, and there you go...

For message loops, the EMF admin must identify properties of the looping messages being generated, and create policies to block the message loops based on those properties. This property will usually be a word, phrase, or header that appears in a looping message:

- an identifying word or phrase can be established, e.g., "mailbox full"

- an identifying header can be established, e.g., Exchange servers add the header "Auto forwarded by a Rule"

Most messages in a message loop included the previous message as an attachment or inline. The word, phrase, or header identified can be put into a word list, and referenced by a blocking policy.

To assist in identifying message properties, EMF provides the message archiving feature, in which a policy can archive a message as it comes into EMF, archiving it to a folder as a text message for analysis. For more information on EMF archiving, please see the related article Using Archive function to troubleshoot problems.

NOTE: RFC 2821 specifies that all auto generated mail should have a NULL SMTP Sender address in the message envelope (in the network packet). The above message loop may only occur if the mail server to which the message is being auto forwarded, is replying using the From header rather than the SMTP Sender, an action which is non-standard.

To reduce the occurrences of such message loops, be sure that your email server is set to auto forward mail using a NULL SMTP Sender address.