Dan, as always, that was massively helpful. Thank you.
I have added AAAA records for my domain and mail server (which I'm
standardizing the name on right now so I have both) and added a TXT SPF
record. I found it pretty hard to get DETAILED explanations of the
modifiers in SPF records but finally found some at
https://postmarkapp.com/blog/explaining-spf No other page I found even
explained what the a and mx options meant.
My current SPF record has some duplication in it now (since some of the
explicit ones are covered by a and mx) but I will experiment with
cutting it down once things work: "v=spf1 mx a a:thekramers.net
a:mail.thekramers.net a:bantha.org a:zenyatta.thekramers.net ~all"
NOTE I have not tested it yet; I want to give the records a chance to
propagate out before I do but I have high hopes you were right. And if
this doesn't fix my problem, it's something I should have done anyway.
On 6/11/19 9:15 AM, Dan Ritter wrote:
David Kramer wrote:
I am having trouble sending mail to GMail accounts, and I'm getting
inconsistent explanations. I could use some help figuring out the real
cause.
Setup: I have a mail server running on Linode running
postfix/dovecot/clamav/etc ( I successfully moved mail off my home server
about a year ago). I have Verizon FIOS at home. I use Thunderbird for
email on my main Linux computer.
When I send email to a gmail account, I am getting:
host aspmx.l.google.com[2607:f8b0:400d:c0e::1a] said:
550-5.7.1 [2600:3c03::f03c:91ff:fe62:5ea] Our system has detected that
this
550-5.7.1 message does not meet IPv6 sending guidelines regarding PTR
records 550-5.7.1 and authentication. Please review 550-5.7.1
https://support.google.com/mail/?p=IPv6AuthError for more information 550
The link that goes to HAS ABSOLUTELY NOTHING to do with IPv6, it has to do
with bulk emails. What I *THINK* it means is I need to set up IPv6 records,
but I'm not sure which ones.
dig -t mx thekramers.net
...
;; ANSWER SECTION:
thekramers.net. 3600 IN MX 10 zenyatta.thekramers.net.
thekramers.net. 3600 IN MX 20 bantha.org.
...
;; ADDITIONAL SECTION:
zenyatta.thekramers.NET. 3600 IN A 104.237.150.41
dig -t mx bantha.org
...
;; ANSWER SECTION:
bantha.org. 3600 IN MX 20 mail.azuen.net.
bantha.org. 3600 IN MX 10 bantha.org.
dig -t a zenyatta.thekramers.net.
...
;; ANSWER SECTION:
zenyatta.thekramers.net. 3600 IN A 104.237.150.41
dig -t a mail.azuen.net.
...
;; ANSWER SECTION:
mail.azuen.net. 3600 IN A 192.34.87.82
dig -t a bantha.org
...
;; ANSWER SECTION:
bantha.org. 1200 IN A 173.66.162.52
dig -t aaaa thekramers.net, zenyatta.thekramers.net,
mail.azuen.net, dig -t aaaa bantha.org --- none of these have
IPv6 addresses.
So it's perfectly reasonable for Google to believe that mail
from an IPv6 host is not from any of these mailservers.
Anywhere you have IPv6 connectivity on a mailserver, publish
a AAAA record and an MX record for that AAAA record.
thekramers.net should also have an SPF txt record, most likely
something like
"v=spf1 mx a:thekramers.net a:bantha.org a:mail.azuen.net ~all"
which will clue Google (and others) in to the fact that these
are mailservers which are authorized to send for you, and
others are more suspicious but not impossible. (-all would make
others impossible).
According to
https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3athekramers.net&run=toolpage
my IP address is on the SORBS DUHL list and the Spamhaus ZEN list. Digging
into Sorbs and https://www.spamhaus.org/pbl/query/PBL1637778 I get the
impression my whole IP range is blocked because outgoing mail should go to
smtp.verizon.net when I'm at home. But if that's the case how does sent
mail get saved to my IMAP server?? Is it sent there too?
Those are advisory lists that say that IPs in those ranges are
probably not mailservers. There's nothing you can do to get off
of them, basically, because VZ supplies the info.
It has nothing to do with whether or not someone will actually
deliver mail to smtp.verizon.net, and I'm sure smtp.verizon.net
rejects mail bound for thekramers.net. That's what MX records
are for.
So should I be sending mail through smtp.verizon.com or through my Linode
server?
Through your linode server, and you should add its AAAA record
to something like mail.thekramers.net and also as an MX for you,
and add mail.thekramers.net to the SPF txt record.
If I'm sending mail through my Linode server, then why would a block on my
home IP address range matter when my MX records point to my Linode server?
It doesn't.
Does this have anything to do with IPv6?
Yes, The Linode server has IPv4 and IPv6 addresses, and has been
using the IPv6 address to contact Google. When Google tries to
estimate the likelihood of it being a spammer, it sees no signs
that this is a legitimate mailserver for thekramers.net.
-dsr-
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss
