April 03, 2007, 7:14 PM — Many systems administrators have run into errors in their syslog files that complain that mail is looping back, suggesting a possible MX problem. The common cause of this problem is that a server is receiving email for a domain that it doesn't recognize as its own. Then, when the server looks up the MX address for the intended target (in order to send the mail on its way), it notices that the MX record is one that identifies the mail exchanger as the system itself.
Here's an example of this type of message from the syslog file:
553 5.3.5 mail1.elsewhere.com. config error: mail loops back to me (MX problem?) |
The cure for this type of problem is to configure the server to understand that it should accept mail for the particular domain. This can be done for sendmail by adding the domain to the /etc/mail/local-host-names file and restarting the sendmail service.
Recently, however, I ran into a situation in which this familiar scenario did not describe what was happening. Instead of running into "loops back to me" errors for domains for which the server should legitimately have been receiving mail, the server in question was collecting the errors for numerous unfamiliar domains. For most modern Unix servers, this issue rarely occurs because all recent versions of sendmail do not relay mail by default (i.e., they do not accept mail from outside the domain that is also destined for outside the domain). In this case, however, the server was configured to relay mail for authenticated users, so it was required to attempt delivery.
To understand why "loops back to me" errors occur, it is useful to think about the way that mail servers go about sending mail. Most email is addressed to user@domain. For example, sstocker@itworld.com. The server then needs to figure out what mail server is responsible for accepting mail for the particular domain. To do this, it requests the MX (mail exchanger) records for the domain in question. You can look up MX records yourself with nslookup or a similar tool as shown below.
> nslookup Default Server: ns1.local.com Address: 10.1.1.11 > set querytype=mx > elsewhere.com Server: ns1.local.com Address: 10.1.1.11 elsewhere.com MX preference = 20, mail exchanger = mail2.elsewhere.com elsewhere.com MX preference = 10, mail exchanger = mail1.elsewhere.com mail1.elsewhere.com internet address = 123.4.5.6 mail2.elsewhere.com internet address = 123.4.5.7 > exit |
In this example, the system "mail1.elsewhere.com" is the primary mail exchanger identified for the domain elsewhere.com. The system "mail2.elsewhere.com" is a lower priority mail exchanger (with a preference of 20) and will receive mail when the higher priority server is unavailable.
Once our mail server has looked up this information on mail exchangers, it can initiate a connection with the indicated mail exchanger and send the components -- sender, recipient, message contents and such -- to the intended system.
In the case of the server with the "loops back to me" errors, however, there was a slight twist to this normal sequence of events. The MX record for the target domain, instead of identifying a legitimate mail server, contained the loopback address, 127.0.0.1. As a result, any mail delivery attempted for the domain would be directed back to the system trying to make the delivery. It's as if the mail server, in Pogo-like fashion, were saying "I have identified the target system and it is me". Let's look at a couple examples (using nslookup).
Our first example is for trib.com.
> nslookup Default Server: ns1.local.com Address: 10.1.1.11 > set querytype=mx > trib.com Default Server: ns1.local.com Address: 10.1.1.11 Non-authoritative answer: trib.com MX preference = 10, mail exchanger = mail.trib.com mail.trib.com internet address = 127.0.0.1 |
Notice that the mail exchanger is set to mail.trib.com and the IP address provided for trib.com is the loopback -- 127.0.0.1. Continuing in nslookup, we see the same configuration being used for the domain version.net below:
> version.net Default Server: ns1.local.com Address: 10.1.1.11 Non-authoritative answer: version.net MX preference = 3, mail exchanger = mail.version.net mail.version.net internet address = 127.0.0.1 > exit |
The "loops back to me" errors would likely appear in your syslog file (depending, of course on the configuration of your /etc/syslog.conf file) and rejected mail will probably end up in the inbox of whichever user is assigned the role of postmaster.
