40

I am having trouble in delivering mail to google from a fresh sendmail install on ubuntu 14.04. The DNS-records seem to be fine for the ip. Something else must be wrong.

Sending mail from command line: 

sudo sendmail -v -Am -i myname@gmail.com;

Verbose output:

myname@fx1:/etc/mail$ sudo sendmail -v -Am -i myname@gmail.com;
myname@gmail.com... Connecting to aspmx.l.google.com. via esmtp...
220 mx.google.com ESMTP v1si55415385wja.21 - gsmtp
>>> EHLO staging.mydomain.com
250-mx.google.com at your service, [2a01:4f8:212:27c8::2]
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
>>> STARTTLS
220 2.0.0 Ready to start TLS
>>> EHLO staging.mydomain.com
250-mx.google.com at your service, [2a01:4f8:212:27c8::2]
250-SIZE 35882577
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
>>> MAIL From:<myname@staging.mydomain.com>
250 2.1.0 OK v1si55415385wja.21 - gsmtp
>>> RCPT To:<myname@gmail.com>
>>> DATA
250 2.1.5 OK v1si55415385wja.21 - gsmtp
354  Go ahead v1si55415385wja.21 - gsmtp
>>> .
550-5.7.1 [2a01:4f8:212:27c8::2] Our system has detected that this message does
550-5.7.1 not meet IPv6 sending guidelines regarding PTR records and
550-5.7.1 authentication. Please review
550-5.7.1  https://support.google.com/mail/?p=ipv6_authentication_error for more
550 5.7.1 information. v1si55415385wja.21 - gsmtp
myname... Connecting to local...
myname... Sent

Any help is greatly apreciated. Thank you in advance.

merlin
  • 2,033
  • 11
  • 37
  • 72

4 Answers4

40

  1. Check the current protocols:

    postconf inet_protocols

    net_protocols = all

  2. Edit cf File if it returns all

    grep 'inet_protocols' /etc/postfix/main.cf

    inet_protocols = ipv4

  3. Restart

    service postfix restart

  4. Check it again

    postconf inet_protocols

    inet_protocols = ipv4

Ender
  • 604
  • 3
  • 9
  • 13
21

From Google's point of view, they are trying to verify the identity of the IP address connecting to them, so they will attempt to look up the PTR record for 2a01:4f8:212:27c8::2.

When they resolve that to staging.findix.com, they will then attempt to check that this resolves back to 2a01:4f8:212:27c8::2 - which it doesn't - see this lookup result.

Reverse (PTR record) Lookup

cwatson@thor:~$ nslookup 31.220.4.52
Server:     127.0.0.1
Address:    127.0.0.1#53

Non-authoritative answer:
52.4.220.31.in-addr.arpa    name = tyr.vikingserv.net.

Forward (A record) Lookup

cwatson@thor:~$ nslookup tyr.vikingserv.net
Server:     127.0.0.1
Address:    127.0.0.1#53

Non-authoritative answer:
Name:   tyr.vikingserv.net
Address: 31.220.4.52
Craig Watson
  • 9,370
  • 3
  • 30
  • 46
  • 4
    That first para isn't quite right; since multiple A/AAAA records can point to the same IP address, that would be impossible. What's required is that whatever hostname your PTR record points to, when you look that hostname up, you should get back to the original address. That is, the address->hostname->address loop must be complete; the hostname->address->hostname loop cannot be so guaranteed, and noone should care about it. – MadHatter Oct 28 '15 at 10:54
  • Thank you. That resolved the problem and messages from the terminal get delivered. – merlin Oct 28 '15 at 11:27
  • 3
    It seems to me you answer the "why" but not the "how to fix". I personally don't have enough DNS knowledge for this answer to help me. – Bob Apr 12 '18 at 20:34
  • 1
    I had to add the AAAA record for my IPv6 address from the google error message (2a01:4f8:212:27c8::2 in your case) to the DNS server of the domain name returned by the `hostname` command. After some time (the expiry of the TTL which was the next day) I was able to send email to my gmal account with this command: `sendmail -v -Am -i @gmail.com;` (and pressing Ctrl+D). – Csongor Halmai Nov 02 '18 at 13:50
2

Your smtp server hostname could be a problem. It seemed to be the case for me. POstfix was somehow sending a host name to smtp.gmail.com not relevant with my smtp domain name.

David Bouyeure
  • 21
  • 1
2

I think Google's response is a bit disingenuous. Even though their "error message" mentions PTR, the 550 5.7.1 is about relaying. I too was getting this error on a Postfix / Dovecot install, but I fixed it via a few step:

  1. Adding the IPv6 IP info to your ifcfg-eth0 config on the mail server
  2. Adding a AAAA MX record on your DNS
  3. Adding the IPv6 ranges of all "authorized senders" in your postfix/main.cf on your mail server.

I have AT&T Business UVerse, and they don't support static IPv6 for PTR, but after doing the above steps Google stopped erroring out. I used https://www.ultratools.com/ipv6Tools to convert from IPv4 to IPv6. Finally, I put everything together in a howto on my site at Enabling IPV6 on CentOS (for sending and receiving mail)

Matthew Hunt
  • 19
  • 3