-2

I'd like to use Gmail for Work for my own domain and I have troubles setting it up.

So, before that in my DNS config I had an "A" record (mail.example.com), pointing to the email server I used. Now, to use Gmail for Work, it is required to add a few "MX" records (starting with priority: 1) to my DNS config. I did that, but I left the "A" record there (with priority: 0). And the whole thing is not working properly.

Sometimes when I try to send an email (from a different email, like my hotmail address) to myname@example.com it is ok, but sometimes (especially when I try to reply to an email received from myname@example.com) I get this error:

Delivery to the following recipient failed permanently:

myname@example.com

Technical details of permanent failure:
We tried to deliver your message, but it was rejected by the server for the recipient domain example.com by mail.example.com. [OLD_SERVER_IP].

The error that the other server returned was:
550 relay not permitted by administrator

Is it because of the "A" record is still there? If not, how could I fix it? I spoke to the support team of my domain registrar and they told me that having the "A" record there is fine because the MX is also there and the email should not even touch the server I used before.

The changes were made about 5-6 hours ago.

Thank you very much four your help.

laszlokiss
  • 1
  • 3
  • 1
    Please provide the domain in question. – EEAA Aug 06 '15 at 17:06
  • Also, please provide the entire contents of the error message you posted. – EEAA Aug 06 '15 at 17:07
  • I take if you have enabled and validated the domain name in google apps and sufficient time has passed for DNS records to propagate. – albal Aug 06 '15 at 18:27
  • I validated the domain name. I don't know how much time it takes to propagate the records, but the annoying thing is that it is only half-working. Sometimes when I try to send an email it is ok, but sometimes I get the error. – laszlokiss Aug 06 '15 at 18:30
  • DNS does not propagate - but previous lookups may be cached around the internet. The caches will usually expire within a day or so. That's why, when you switch mailservers, you should have the old server forward to the new for a while during the switchover. – Jenny D Aug 06 '15 at 19:28

2 Answers2

1

We tried to deliver your message, but it was rejected by the server for the recipient domain example.com by mail.example.com

If that's the A record of your OLD server as you pointed out in your question, there's your answer. You can't send email to your "Gmail for Work" account (let's say bob@example.com) and expect your old mail server that isn't hosting mailboxes for bob@example.com to accept them or relay them. The 550 error is because your mail.example.com server is getting the email sent to it and isn't setup to relay it again outbound to Google's servers.

You stated you left your A record with a priority of 0, which I am taking to mean you left it in the MX records list. If you aren't hosting mail for this example.com on that server anymore then it shouldn't be listed in your MX records at all. You can leave the A record around, but your MX records should only point to the FQDN or IPs of your mail host.

Jenny D
  • 27,358
  • 21
  • 74
  • 110
TheCleaner
  • 32,352
  • 26
  • 126
  • 188
  • Yes that is exactly the A record of my old server. I'm only scratching the surface here, I have no relevant knowledge with this kind of stuff, but as I sad my domain registrar support told me that the "A" record is fine there. This was a little suspicious for me to. For Google, I had to set these MX records: https://support.google.com/a/answer/174125?hl=en – laszlokiss Aug 06 '15 at 17:26
  • I have only one list, with the name, type, content, ttl and prio colums. And there is a value there "mydomain.com", "A", [OLD_SERVER_IP], 3600,0 – laszlokiss Aug 06 '15 at 17:28
  • Your MX records should only contain your mail servers that send/receive email for that domain. If you are only hosting mail for that domain now on Google then the link you provided should be the only entries for your MX record. You shouldn't have the "mail.mydomain.com" record in the MX record at all. It's fine if you keep an A record around for it, but it shouldn't be in the MX record at this point if it isn't hosting mail for the domain. – TheCleaner Aug 06 '15 at 17:38
  • All MX records are pointing to Google's servers. – laszlokiss Aug 06 '15 at 17:41
  • and the name of the MX records is "example.com". Google said that it should be either blank or "@" but the UI where I'm managing the records does not allow to set either of those. So I have the mx records like this: "example.com", "MX", "ASPMX.L.GOOGLE.COM", 3600, 1 – laszlokiss Aug 06 '15 at 17:50
  • Where "example.com" is my domain name. – laszlokiss Aug 06 '15 at 17:50
  • Can you provide your MX records (sanitized if you wish) in your original question? First, I've never heard of a UI for DNS entries that didn't let you enter the "@" for the host, but I digress...that doesn't really matter...but you definitely shouldn't have anything in your MX record for "mail.mydomain.com" at all. But again, a complete output of your MX records (through a query, not what is shown in your DNS UI) is needed here to move forward. – TheCleaner Aug 06 '15 at 18:07
  • OK, your MX records are correct. If you are only experiencing this on communication INTRA domain (meaning emails only have this happen if the sender and recipient are both in your @mydomain.com), then you need to make sure of two things 1) that Google Apps has mailboxes for all of your mydomain.com mailboxes, 2) that your clients aren't configured to use any mail server other than the Google Apps servers. Verify both of these in depth and that should fix you up. – TheCleaner Aug 06 '15 at 18:33
  • However, it allows me to enter "@.example.com", but I'm not sure that it means the same. Again, I'm kind of newbie in this topic. – laszlokiss Aug 06 '15 at 18:34
  • I'm experiencing this by sending an email from myprivateemail@gmail.com to bob@mydomain.com. – laszlokiss Aug 06 '15 at 18:36
  • Hmm. I'm not exactly sure, but now I cannot reproduce the issue. I'm trying again and again... What I did was removing the "A" record about an hour ago. – laszlokiss Aug 06 '15 at 18:39
  • @.example.com in a DNS entry is the same as typing example.com.example.com if the $ORIGIN is set to example.com – Alex Aug 06 '15 at 18:42
  • I'm pretty sure that I don't get that. Is "example.com.example.com" means something? :) – laszlokiss Aug 06 '15 at 18:47
  • However, @TheCleaner, I'm trying to send emails back and forth and it seems to be working. I'm not sure why, but now I never want to touch these settings again. Thanks for your help. – laszlokiss Aug 06 '15 at 18:50
  • @laszlokiss This is a perfect example of why you should include your domain in the question - if you'd done this, people could have helped you check your settings a lot sooner. – Jenny D Aug 06 '15 at 19:30
-2

This seems to be related to the SMTP server you are using to send email. Not the MX record the rest of us are using to send you emails.

There isn't a lot of information in your question but the error 550 relay not permitted by administrator is pretty clear. Your SMTP server is refusing to relay emails using the credentials you provided.

Alex
  • 3,079
  • 20
  • 28
  • This is unlikely; the error message looks like the one his outgoing mailserver would use when the receiving mailserver refuses the email. – Jenny D Aug 06 '15 at 17:16
  • I don't think that either, I try to reply from a Gmail or Hotmail email account. I did not make any config there. – laszlokiss Aug 06 '15 at 17:22
  • @Jenny D, error 550 relay not permitted by X only pertains to SMTP authentication issues. So it would make much more sense that HIS smtp server is returning this error. – Alex Aug 06 '15 at 17:24
  • Are you using a mail client or the webmail from Gmail and Hotmail? – Alex Aug 06 '15 at 17:32
  • I am using the webmail from Gmail and Hotmail – laszlokiss Aug 06 '15 at 17:39
  • @Alex That's a huge oversimplification. In this case, the target mailserver was not configured to handle email for this domain. Thus, it would only accept emails **for that domain** if sent from an authorized IP address or an authenticated and authorized user. Have a look at http://www.ietf.org/rfc/rfc5321.txt which explains all the uses of the error codes applicable. – Jenny D Aug 06 '15 at 19:26
  • @Alex Also, if the error message came from his outgoing mailserver‚ he'd get it directly in his email client, not as a bounce message. – Jenny D Aug 06 '15 at 19:29