Senders in our organization sporadically getting the message 552 5.6.0 Headers too large (32768 max).

Josh McGee 21 Reputation points
2022-06-27T20:23:32.273+00:00

We have a hybrid Exchange/Office 365 environment. Senders are sporadically getting the error message 552 5.6.0 Headers too large (32768 max). When this happens, message trace usually shows that the message is delivered 5 times in a row, but then fails on the 6th attempt. The sender then receives an NDR that includes the header. This header appears to combine all 6 email headers, which then generates the above mentioned error message due to it's large size.

Additional notes:
This issue occurs whether the sender is emailing bulk recipients, or single recipients.
As of last week our configuration was working without issue. However we moved internet service providers and had our external IP's changed.

Anyone have any idea what could cause this? It doesn't seem to effect every email.

Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,797 questions
{count} votes

Accepted answer
  1. Andy David - MVP 138.4K Reputation points MVP
    2022-06-27T22:08:52.647+00:00

    and the mx record in external DNS is correct? If the sender and the recipient are both on-prem, then the message should never leave the on-prem server.
    Are some of the recipients in 365 and some on-prem?
    are the connectors between 365 and on-prem correct? Are there any stale IP addresses defined in there?


2 additional answers

Sort by: Most helpful
  1. Andy David - MVP 138.4K Reputation points MVP
    2022-06-27T21:00:00.487+00:00

    Did your message routing change? Sounds like its going through alot of hops

    0 comments No comments

  2. Josh McGee 21 Reputation points
    2022-06-27T21:12:25.947+00:00

    Hi Andy,

    ISP changed the IP of the mail server and we made a DNS change to reflect that but other than that no I don't believe so.

    When looking at a trace of one of the looped messages, the from and to address are both the address of our on prem mail server, so it's like the mail server is routing traffic to itself over and over.