sendmail can not deliver to gmail - IPv6 sending guidelines regarding PTR records not met

Question

I am having trouble in delivering mail to google from a fresh sendmail install on ubuntu 14.04. The DNS-records seem to be fine for the ip. Something else must be wrong.

Sending mail from command line:

sudo sendmail -v -Am -i [email protected];

Verbose output:

myname@fx1:/etc/mail$ sudo sendmail -v -Am -i [email protected];
[email protected]... Connecting to aspmx.l.google.com. via esmtp...
220 mx.google.com ESMTP v1si55415385wja.21 - gsmtp
>>> EHLO staging.mydomain.com
250-mx.google.com at your service, [2a01:4f8:212:27c8::2]
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
>>> STARTTLS
220 2.0.0 Ready to start TLS
>>> EHLO staging.mydomain.com
250-mx.google.com at your service, [2a01:4f8:212:27c8::2]
250-SIZE 35882577
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
>>> MAIL From:<[email protected]>
250 2.1.0 OK v1si55415385wja.21 - gsmtp
>>> RCPT To:<[email protected]>
>>> DATA
250 2.1.5 OK v1si55415385wja.21 - gsmtp
354  Go ahead v1si55415385wja.21 - gsmtp
>>> .
550-5.7.1 [2a01:4f8:212:27c8::2] Our system has detected that this message does
550-5.7.1 not meet IPv6 sending guidelines regarding PTR records and
550-5.7.1 authentication. Please review
550-5.7.1  https://support.google.com/mail/?p=ipv6_authentication_error for more
550 5.7.1 information. v1si55415385wja.21 - gsmtp
myname... Connecting to local...
myname... Sent

Any help is greatly apreciated. Thank you in advance.

Answer 1

From Google's point of view, they are trying to verify the identity of the IP address connecting to them, so they will attempt to look up the PTR record for 2a01:4f8:212:27c8::2.

When they resolve that to staging.findix.com, they will then attempt to check that this resolves back to 2a01:4f8:212:27c8::2 - which it doesn't - see this lookup result.

Reverse (PTR record) Lookup

cwatson@thor:~$ nslookup 31.220.4.52
Server:     127.0.0.1
Address:    127.0.0.1#53

Non-authoritative answer:
52.4.220.31.in-addr.arpa    name = tyr.vikingserv.net.

Forward (A record) Lookup

cwatson@thor:~$ nslookup tyr.vikingserv.net
Server:     127.0.0.1
Address:    127.0.0.1#53

Non-authoritative answer:
Name:   tyr.vikingserv.net
Address: 31.220.4.52

Answer 2

1. Check the current protocols:

   postconf inet_protocols

   net_protocols = all

2. Edit cf File if it returns all

   grep 'inet_protocols' /etc/postfix/main.cf

   inet_protocols = ipv4

3. Restart

   service postfix restart

4. Check it again

   postconf inet_protocols

   inet_protocols = ipv4

Answer 3

Your smtp server hostname could be a problem. It seemed to be the case for me. POstfix was somehow sending a host name to smtp.gmail.com not relevant with my smtp domain name.

Answer 4

I think Google's response is a bit disingenuous. Even though their "error message" mentions PTR, the 550 5.7.1 is about relaying. I too was getting this error on a Postfix / Dovecot install, but I fixed it via a few step:

1. Adding the IPv6 IP info to your ifcfg-eth0 config on the mail server
2. Adding a AAAA MX record on your DNS
3. Adding the IPv6 ranges of all "authorized senders" in your postfix/main.cf on your mail server.

I have AT&T Business UVerse, and they don't support static IPv6 for PTR, but after doing the above steps Google stopped erroring out. I used https://www.ultratools.com/ipv6Tools to convert from IPv4 to IPv6. Finally, I put everything together in a howto on my site at Enabling IPV6 on CentOS (for sending and receiving mail)