I was recently on a customer site who was experiencing a problem with performing mail redirects via outlook rules in their environment. The scenario went something like this:
Once, long ago, in an exchange galaxy far far away there were three mailboxes. Each mailbox had outlook inbox rules configured. These inbox rules would specify an action to take if an email message contained a specific work in the body or subject. Depending on the content of the email message the message would get a redirect to one of the other mailboxes. The rule was quite simple, After the message arrives and the message includes specific words, do the following….Redirect the message to Mailbox2.
Simple enough right? Well, mailbox2 also had a rule setup. After the message arrives and the message includes specific words, do the following….Redirect the message to Mailbox3.
Here is where things got really interesting. The mail message that arrived in Mailbox1 would redirect to Mailbox2. If that same message met the criteria of the inbox rule on Mailbox2 that email would get redirected to Mailbox3, based on the inbox rule, but it would never arrive to Mailbox3.
If we created an email and sent it to Mailbox2, with the required criteria to get redirected to mailbox3 the item would arrive. Hmmm…. Where was the email message going you ask? Well now, absolutely nowhere.
As it turns out this customer was moving to O365. The mailboxes in question were also on O365. I went out and started to do some work in my trusty work environment on O365 (pretty sweet right?). Basically in O365 I recreated their exact issue, setup an inbox rule, and forward the message to mailbox2 which then would have an inbox rule to redirect to mailbox3, except it would not arrive to mailbox3.
I then decided I would fire this scenario up in my on-prem lab. I created three mailboxes and created the same rule as noted above, when email arrives, redirect to another mailbox. I sent an email to Mailbox1 that met the criteria of the rule which then forwarded the email to Mailbox2, which then forwarded to Mailbox3. Whoa, the message arrived. I actually went ahead and created two more mailboxes, Mailbox4 and Mailbox5, created my inbox rules and as it turns out the email would arrive to Mailbox4, but never arrived to Mailbox5. Similar problem, I could get further in this scenario, as in, I was able to forward the email three times touching four mailboxes with my on-prem deployment while only being able to forward once and only touching two mailboxes with my O365 environment.
I then pulled up my trusty email headers, these things are great for troubleshooting mail routing problems btw, and started to review the header. What I found was rather interesting. For my on-prem test I found the following in the header:
X-MS-Exchange-Inbox-Rules-Loop: Mailbox1@xch.lab
X-MS-Exchange-Inbox-Rules-Loop: Mailbox2@xch.lab
X-MS-Exchange-Inbox-Rules-Loop: Mailbox3@xch.lab
Interesting I thought. I then took a look at the header from my O365 work environment and reviewed the header there as well. Did I mention headers are great for troubleshooting?
In the header I found the following:
X-MS-Exchange-Inbox-Rules-Loop: mailbox1@whatthebing.com
That’s it, only one? Now I was scratching my head. Well, logical sense would say that there is only one noted in the O365 environment because I never got the second email redirect from Mailbox2 as noted in my on-prem lab environment. But, what happened to the second redirect, and for that matter what happened to my fourth redirect for my on-prem?
Well, that was a very good question. As it turns out there is code in Exchange that will look for the line noted in the message header, “X-MS-Exchange-Inbox-Rules-Loop”, and as a result if the Transport service finds that specific line in the header too many times it will drop the message. Wait, what, why? Well, it is there for your protection my friend. This is actually there to prevent a MailStorm or DOS attack within your exchange organization. Yes, that’s right, it is there to protect the environment. Last thing you want is an email looping through your environment over and over and over again which can start to cause performance issues, which causes users to complain, which causes you to look bad.
So, you’re probably asking yourself the question, how do I get around this? Is there a registry key I can create or change? No, this cannot be changed. It is hard coded in the exchange server code, there is no registry key that can change this limit and it has been put in place to protect the Exchange Servers both on-prem and in O365. To sum it up, On-Prem you get three redirects per message. O365 you get one redirect per message. Again, it is there to protect the environment.
Oh, I should point out that this only relates to inbox rules. If an administrator were to modify the users mailbox to forward all mail to another mailbox the line dealing with Inbox Rules will not be entered into the header and the Transport service will never see it.
I hope you found this content as helpful as I do. Please feel free to comment and share.
Have a great day!