This solution is for Email Security Gateway all Firmware
This issue seems to be related to sending out to domains being hosted by MXLOGIC and to customers using a P.A.N. Firewall (Palo Alto Networks).
There is a security feature on the P.A.N. Firewall called ?DNS Sinkhole Protection? that forges a response to a DNS query for a known malicious domain/URL and causes the malicious domain name to resolve to a definable IP address (fake IP) that is given to the client. If the client attempts to access the fake IP address and there is a security rule in place that blocks traffic to this IP, the information is recorded in the logs.
The IP that is being entered as the ?fake IP? may be 127.0.0.1 which could be causing the "Message loops back to myself" response; or they may be using the default 220.127.116.11 IP as well.
To disable the ?DNS Sinkhole Protection? in the P.A.N. go to Objects > Security Profiles > Anti-Spyware. Choose the security profile with the ?Sinkhole? DNS Action. After clicking on that profile, go to the ?DNS Signatures? tab. There will be a pull down menu option labeled ?Action on DNS Queries?. Change this to ?Default (alert)? or any other non-block/non-sinkhole option you prefer. Commit and you are done.
This is the ?quick fix? option, but more details of the feature can be found on their website here: https://live.paloaltonetworks.com/docs/DOC-6220
Link To This Page: