Recent issue we are seeing is someone sending an internal email and it bounces back to them with no explanation as to why. Logs say "The MX record IP 'xxx.xxx.xxx.xxx' is a local ip. All ip's of a lower preference have been tried." The xxx is our WAN address for the server, so it is finding DNS ok.
It is not consistent either. We can see in the logs where it will bounce once or twice, then deliver once or twice, etc.
The domain is set for External MX. I just recently changed it to External MX but checked "Deliver locally if user exists" to see if that helps.
Example of failure: (Email sent from a mailbox to the same mailbox as it also forwards emails)
[2018.07.31] 10:51:26 [52597] Delivery started for EMAIL@DOMAIN.com at 10:51:26 AM
[2018.07.31] 10:51:33 [52597] Skipping spam checks: No local recipients
[2018.07.31] 10:51:36 [52597] Sending remote mail for EMAIL@DOMAIN.com
[2018.07.31] 10:51:37 [52597] Spam check results: [BARRACUDA: passed], [CBL: passed], [HOSTKARMA - BLACKLIST: passed], [SPAMCOP: passed], [SURBL - SA BLACKLIST: passed], [SURBL - SPAMCOP WEB: passed], [UCEPROTECT-1: passed], [UCEPROTECT-2: passed], [UCEPROTECT-3: passed], [URIBL-BLACK: passed]
[2018.07.31] 10:51:37 [52597] The mx record ip '216.127.146.226' is a local ip. All ip's of a lower preference have been tried.
[2018.07.31] 11:01:37 [52597] Sending remote mail for EMAIL@DOMAIN.com
[2018.07.31] 11:01:37 [52597] Spam check results: [BARRACUDA: passed], [CBL: passed], [HOSTKARMA - BLACKLIST: passed], [SPAMCOP: passed], [SURBL - SA BLACKLIST: passed], [SURBL - SPAMCOP WEB: passed], [UCEPROTECT-1: passed], [UCEPROTECT-2: passed], [UCEPROTECT-3: passed], [URIBL-BLACK: passed]
[2018.07.31] 11:01:37 [52597] The mx record ip '216.127.146.226' is a local ip. All ip's of a lower preference have been tried.
[2018.07.31] 11:01:37 [52597] Bounce email written to 85553471.eml
[2018.07.31] 11:01:37 [52597] Delivery for EMAIL@DOMAIN.com to EMAIL@DOMAIN.com has completed (Bounced)
[2018.07.31] 11:01:41 [52597] Delivery finished for EMAIL@DOMAIN.com at 11:01:41 AM [id:x85552597]
The bounce NDR looks like this:
Could not deliver message to the following recipient(s):
Failed Recipient:
EMAIL@DOMAIN.com
-- The header and top 20 lines of the message follows --
Received: from COMPUTER (XX-XXX-XXX-XXX-static.hfc.comcastbusiness.net
[XX.XXX.XXX.XXX]) by our.mail.server with SMTP;
Tue, 31 Jul 2018 10:52:48 -0400
Subject: Alarm :Card Found
Date: Tue, 31 Jul 2018 10:52:51 -0400
Content-Type: text/plain;
charset=iso-8859-1
Reply-To:
EMAIL@DOMAIN.COM
X-Declude-Sender:
EMAIL@DOMAIN.COM[XX.XXX.XXX.XXX]
X-Declude-Spoolname: 85552719.eml
X-Declude-Whitelist: Authenticated;
EMAIL@DOMAIN.COM
X-Declude-RefID:
X-Declude-Note: Scanned by Declude 4.12.11
X-Declude-Scan: Incoming Score [0] at 10:52:51 on 31 Jul 2018
X-Declude-Tests: Whitelisted
X-Country-Chain:
X-Declude-Code: 0
X-HELO: COMPUTER
X-Identity: XX.XXX.XXX.XXX | | Domain.com