[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issues sending to gmail today?

That's crazy! I haven't received those IPs in any replies from three completely separate networks/geographic locations. Is there any way you can configure opportunistic TLS on your MTAs?


----- On Apr 24, 2014, at 9:15 PM, Matthew Promenchenkel <mpromenc@merit.edu> wrote:
; <<>> DiG 9.8.1-P1 <<>> mx gmail.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23768
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 17

;gmail.com.            IN    MX

gmail.com.        2989    IN    MX    40 alt4.gmail-smtp-in.l.google.com.
gmail.com.        2989    IN    MX    20 alt2.gmail-smtp-in.l.google.com.
gmail.com.        2989    IN    MX    5 gmail-smtp-in.l.google.com.
gmail.com.        2989    IN    MX    10 alt1.gmail-smtp-in.l.google.com.
gmail.com.        2989    IN    MX    30 alt3.gmail-smtp-in.l.google.com.

gmail-smtp-in.l.google.com. 21    IN    A
gmail-smtp-in.l.google.com. 21    IN    A
alt3.gmail-smtp-in.l.google.com. 21 IN    A
alt3.gmail-smtp-in.l.google.com. 21 IN    A
alt3.gmail-smtp-in.l.google.com. 21 IN    A
alt2.gmail-smtp-in.l.google.com. 21 IN    A
gmail-smtp-in.l.google.com. 21    IN    A
gmail-smtp-in.l.google.com. 21    IN    A
alt4.gmail-smtp-in.l.google.com. 21 IN    AAAA    2a00:1450:4013:c01::1a
alt2.gmail-smtp-in.l.google.com. 21 IN    A
alt3.gmail-smtp-in.l.google.com. 21 IN    AAAA    2a00:1450:400c:c05::1a
alt3.gmail-smtp-in.l.google.com. 21 IN    A
alt2.gmail-smtp-in.l.google.com. 21 IN    A
gmail-smtp-in.l.google.com. 21    IN    AAAA    2607:f8b0:4001:c03::1a
alt2.gmail-smtp-in.l.google.com. 21 IN    A
alt1.gmail-smtp-in.l.google.com. 93 IN    A
alt4.gmail-smtp-in.l.google.com. 70 IN    A

;; Query time: 7 msec
;; WHEN: Thu Apr 24 21:11:55 2014
;; MSG SIZE  rcvd: 458

20 seconds later
; <<>> DiG 9.8.1-P1 <<>> mx gmail.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9402
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;gmail.com.            IN    MX

gmail.com.        3029    IN    MX    20 alt2.gmail-smtp-in.l.google.com.
gmail.com.        3029    IN    MX    40 alt4.gmail-smtp-in.l.google.com.
gmail.com.        3029    IN    MX    5 gmail-smtp-in.l.google.com.
gmail.com.        3029    IN    MX    10 alt1.gmail-smtp-in.l.google.com.
gmail.com.        3029    IN    MX    30 alt3.gmail-smtp-in.l.google.com.

;; Query time: 7 msec
;; WHEN: Thu Apr 24 21:12:21 2014
;; MSG SIZE  rcvd: 150

host gmail-smtp-in.l.google.com
gmail-smtp-in.l.google.com has address
gmail-smtp-in.l.google.com has address
gmail-smtp-in.l.google.com has address
gmail-smtp-in.l.google.com has address
gmail-smtp-in.l.google.com has IPv6 address 2607:f8b0:4001:c05::1a
A few seconds later
host gmail-smtp-in.l.google.com
gmail-smtp-in.l.google.com has address
gmail-smtp-in.l.google.com has IPv6 address 2607:f8b0:4001:c03::1b

The 2 IPs in red are where the delivery failures occur.


From: "Fred Seaton" <F-Seaton@wiu.edu>
To: "Matthew Promenchenkel" <mpromenc@merit.edu>
Cc: "zimbra-hied-admins" <zimbra-hied-admins@sfu.ca>, jbryan@zimbra.com
Sent: Thursday, April 24, 2014 9:01:30 PM
Subject: Re: Issues sending to gmail today?

If you run "dig MX gmail.com" from one of your MTAs, what are you getting for output?

From: "Matthew Promenchenkel" <mpromenc@merit.edu>
To: jbryan@zimbra.com
Cc: "zimbra-hied-admins" <zimbra-hied-admins@sfu.ca>
Sent: Thursday, April 24, 2014 6:55:36 PM
Subject: Re: Issues sending to gmail today?

Thanks Jason.  I have some additional information here. 

Also if anyone has any tips to contacting gmail support I would greatly appreciate it.  The only method I could track down requires a google apps account.

Today we got several reports of messages being bounced when our users attempt to send to gmail recipients.  Any assistance you could offer would be greatly appreciated.  We've instructed our user base to try sending again if they get a bounce message like this.  In most cases the second attempt hits either or and delivers successfully.

We're seeing this behavior across a number of MTA hosts in unique clusters that have never had this issue before.  Most messages go through except for those that hit either or,

Here's a sample bounce

Subject: Undelivered Mail Returned to Sender

This is the mail system at host XXXX.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<jdoe@example.com>: host aspmx.l.google.com[] said: 530 5.7.0
    Must issue a STARTTLS command first. qh3sm45465840igb.17 - gsmtp (in reply
    to MAIL FROM command)

Here's a snippet from our postfix logs.

Apr 24 10:37:16 hostnameXXX postfix/smtp[11941]: 28D41401510E: to=<userXXXX>, relay=aspmx.l.google.com[]:25, delay=0.15, delays=0.05/0.01/0.06/0.02, dsn=5.7.0, status=bounced (host aspmx.l.google.com[] said: 530 5.7.0 Must issue a STARTTLS command first. lp4sm45391252igb.12 - gsmtp (in reply to MAIL FROM command))

Below are 2 of many log entries timing out connectiong to before today.

Apr 23 05:18:36 mm-p01 postfix/smtp[27584]: connect to gmail-smtp-in.l.google.com[]:25: Connection timed out
Apr 23 05:21:22 mm-p01 postfix/smtp[29045]: connect to aspmx.l.google.com[]:25: Connection timed out

Apr 21 04:01:00 mm-p01 postfix/smtp[8935]: connect to gmail-smtp-in.l.google.com[]:25: Connection timed out
Apr 21 06:14:52 phx-p02 postfix/smtp[15436]: connect to gmail-smtp-in.l.google.com[]:25: Connection timed out

A chunk of logs including successful deliveries mixed in with failures from one MTA

Apr 24 07:05:33 phx-p01 postfix/smtp[5441]: AAD3A4029112: to=<wilvicruf@gmail.com>, relay=gmail-smtp-in.l.google.com[]:25, delay=1.6, delays=0.33/0.13/0.1/1, dsn=2.0.0, status=sent (250 2.0.0 OK 1398337533 pe7si2318225icc.24 - gsmtp)
Apr 24 07:05:33 phx-p01 postfix/smtp[2950]: A75E84028F1A: to=<kiwis@ieee.org>, relay=aspmx.l.google.com[]:25, delay=1.6, delays=0.21/0.24/0.25/0.93, dsn=2.0.0, status=sent (250 2.0.0 OK 1398337533 bs7si2310348icc.73 - gsmtp)
Apr 24 07:06:19 phx-p01 postfix/smtp[2957]: 0636B4029249: to=<kinnistk@pennfield.net>, relay=aspmx.l.google.com[]:25, delay=0.17, delays=0.01/0/0.14/0.02, dsn=5.7.0, status=bounced (host aspmx.l.google.com[] said: 530 5.7.0 Must issue a STARTTLS command first. b6sm13036268igm.2 - gsmtp (in reply to MAIL FROM command))
Apr 24 07:06:21 phx-p01 postfix/smtp[2940]: 663574029249: to=<jamesguessis@gmail.com>, relay=gmail-smtp-in.l.google.com[]:25, delay=0.38, delays=0.01/0/0.1/0.27, dsn=2.0.0, status=sent (250 2.0.0 OK 1398337581 bo3si2314502icc.64 - gsmtp)
Apr 24 07:06:25 phx-p01 postfix/smtp[5443]: EF15040291EA: to=<KENCAPITALIZED@GMAIL.COM>, relay=gmail-smtp-in.l.google.COM[]:25, delay=0.37, delays=0.01/0.02/0.15/0.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1398337585 n6si19742979ige.22 - gsmtp)
Apr 24 07:06:44 phx-p01 postfix/smtp[31294]: BA8E14029300: to=<danielle759@gmail.com>, relay=gmail-smtp-in.l.google.com[]:25, delay=0.59, delays=0.01/0/0.09/0.49, dsn=2.0.0, status=sent (250 2.0.0 OK 1398337604 x9si6137132igl.10 - gsmtp)
Apr 24 07:06:45 phx-p01 postfix/smtp[5441]: E3D534029300: to=<rbmckelvey@gmail.com>, relay=gmail-smtp-in.l.google.com[]:25, delay=0.31, delays=0.01/0/0.06/0.24, dsn=2.0.0, status=sent (250 2.0.0 OK 1398337605 ng1si2300805icc.142 - gsmtp)
Apr 24 07:06:57 phx-p01 postfix/smtp[5438]: BFAD4402922E: to=<HILTNER3@GMAIL.COM>, relay=gmail-smtp-in.l.google.COM[]:25, delay=0.67, delays=0.01/0.02/0.07/0.58, dsn=2.0.0, status=sent (250 2.0.0 OK 1398337617 a6si6135804igx.17 - gsmtp)
Apr 24 07:07:08 phx-p01 postfix/smtp[2944]: 914A3402929D: to=<tleigh696@gmail.com>, relay=gmail-smtp-in.l.google.com[]:25, delay=0.09, delays=0.01/0.01/0.06/0.02, dsn=5.7.0, status=bounced (host gmail-smtp-in.l.google.com[] said: 530 5.7.0 Must issue a STARTTLS command first. vc5sm44049284igb.3 - gsmtp (in reply to MAIL FROM command))


From: "Jason Bryan" <jbryan@zimbra.com>
To: "Matthew Promenchenkel" <mpromenc@merit.edu>
Cc: "zimbra-hied-admins" <zimbra-hied-admins@sfu.ca>
Sent: Thursday, April 24, 2014 6:24:38 PM
Subject: Re: Issues sending to gmail today?

Hmm, those two IPs are not listed in gmail.com or google.com MX. Does the recipient domain have those two IPs listed? I wonder if there is a STARTTLS requirement on that domain.

Jason Bryan
Lead Engineer, Continuous Product Development
Zimbra | Community & Collaboration

----- On Apr 24, 2014, at 5:07 PM, Matthew Promenchenkel <mpromenc@merit.edu> wrote:

Is anyone else seeing this behavior today?

We're seeing this behavior across a number of MTA hosts that have never had this issue before.  Most messages go through except for those that hit either or,

Here's a snippet from our postfix logs.

Apr 24 10:37:16 hostnameXXX postfix/smtp[11941]: 28D41401510E: to=<userXXXX>, relay=aspmx.l.google.com[]:25, delay=0.15, delays=0.05/0.01/0.06/0.02, dsn=5.7.0, status=bounced (host aspmx.l.google.com[] said: 530 5.7.0 Must issue a STARTTLS command first. lp4sm45391252igb.12 - gsmtp (in reply to MAIL FROM command))

Matthew Promenchenkel
Systems Analyst
Merit Network, Inc.