question

WALDEKK-9014 avatar image
0 Votes"
WALDEKK-9014 asked WALDEKK-9014 edited

Microsoft365 mail servers with loopback adresses

Hello,

does anyone know why Microsoft is configuring mail servers with loopback addresses on Microsoft365 cloud service ?

Few examples:

For each of these servers nslookup command shows 127.0.0.1 on public Internet.

Acording to standards defined in RFC documents (https://www.ietf.org/standards/rfcs/) it is not allowed:

• RFC 1122 => Internal host loopback address. Addresses of this form MUST NOT appear outside a host.
• RFC 5735 => 127.0.0.0/8 - This block is assigned for use as the Internet host loopback address.


It cauese problems with e-mail messages delivery from Microsoft365 cloud mail servers to other e-mail servers on Internet.

Example:

Mar 5 14:01:44 mx postfix/from_WORLD/smtpd[5368]: NOQUEUE: reject: RCPT from mail-roabra01on2042.outbound.protection.outlook.com[40.107.111.42]:
554 5.7.1 <BRA01-ROA-obe.outbound.protection.outlook.com>: Helo command rejected: mail server in loopback network;
from=<..............................> to=<............................> proto=ESMTP helo=<BRA01-ROA-obe.outbound.protection.outlook.com>*















office-exchange-server-mailflow
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@WALDEKK-9014

To narrow down this issue, I want to confirm with you:

  • Are you using Exchange online to send emails?

  • Which mail server that you try to send emails to?

  • Did you create a customized connector on your Exchange online?

Exchange online could send email to external mail server without any other configuration. From my Exchange online, it could send email to Gmail and Hotmail without issue.

0 Votes 0 ·
WALDEKK-9014 avatar image
0 Votes"
WALDEKK-9014 answered KyleXu-MSFT commented

Organizations that cooperate with us use Exchange online to send e-mails to my organization.
We have Exchange on-prem instalation with MX server at front (postfix).

We have noticed that many e-mails are rejected by our MX server with information : Helo command rejected: mail server in loopback network

When we checked that we found out that it is caused by incorrect configuration of DNS record for some e-mail servers, especially those owned by Microsoft that I mentioned above.

I don't know why loopback address are used for those servers ? What is the purpose ?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I guess this phenomenon may related with the MX server that your used. Because all Exchange online servers are using the same configuration which could send emails to external successfully. You could try to check with the MX server side, whether they could bypass emails which sent from Exchange online.

0 Votes 0 ·
WALDEKK-9014 avatar image
0 Votes"
WALDEKK-9014 answered WALDEKK-9014 edited

I don't think that there is problem with my MX. It works acording to rules defined in RFC documents that I mentioned earlier.
Checks IP address of SMTP server sending message and rejects those that should never appear on Internet.

IMHO the problem is with only few Micsrosoft365 servers that are misconfigured.
Nobody should use loopback addresses on Internet and violate RFC rules even such a big company as Microsoft.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Problem solved.
Microsoft acknowledged the configuration problem with few Microsoft365 mail servers and corrected it.

0 Votes 0 ·