E-mail forwarding to Gmail error

hugovanmeijeren

Verified User
Joined
Feb 27, 2017
Messages
6
Hi, I am in the process of moving to a new VPS with DirectAdmin (I am switching to a new hosting provider, the old VPS also uses DirectAdmin) and I am trying to get everything set up and working. Some information first:
-OS: CentOS v7.0
-DirectAdmin version 1.51.3
-Exim version 4.88

The problem I am dealing with is that one of the sites I am hosting uses the DirectAdmin E-mail forwarder functionality. The e-mail should be forwarded to a Gmail address. On the old server, this worked fine, however on the new VPS I am having a hard time to get it to work.
I think I have the general mail settings set-up as it should, the VPS has an IPv4 and IPv6 address and reverse DNS has been set correctly. I have correctly set-up SPF and DKIM and do not have any problems when sending e-mail through a mail account on the server to any external mail address (e.g. Gmail). I have checked with mail-tester.com and get a 10/10 for e-mail that has been sent from a mail account on the server.

I've read that the problem with using forwarders is that the header needs to be rewritten in order to avoid problems with spam detectors on the receiving mail server. Therefore I have installed SRS (through the DirectAdmin SpamBlocker 4.5 package). As far as I can tell, SRS is working as it should and the headers of mail that has been send through the forwarder are correctly rewritten.

However, when I try to send an e-mail to the forwarder that leads to a Gmail account, my mails get bounced immediately. I always receive the same error message from the Gmail server:
Our system has detected that this 550-5.7.1 message does not meet IPv6 sending guidelines regarding PTR records 550-5.7.1 and authentication. Please review 550-5.7.1 https://support.google.com/mail/?p=IPv6AuthError for more information 550 5.7.1 . f82si13695930wmi.104 - gsmtp

Up to now, I do not have a clue what else I can do to get this to work. Therefore, any help or suggestions would be appreciated.

BTW: forwarding to any mail account other than Gmail (even sending mail FROM Gmail) works fine.
 
Okay, just to add something. I did an additional test, sending from a Gmail account through the forwarder which forwards to another Gmail account. This time the e-mail gets delivered, but the header shows an error, saying that SPF check has failed (my server is not allowed to send/forward mail with the original IP from the sender).

I thought that SRS should avoid this exact problem? Could it be that I have overlooked some setting?
 
The sending IP must have a PTR record (i.e., a reverse DNS of the sending IP) and it should match the IP obtained via the forward DNS resolution of the hostname specified in the PTR record. Otherwise, mail will be marked as spam or possibly rejected.

Check the PTR record that you get from this command:

Code:
dix -x <yourip>

If it is not correct, contact the datacenter and tell them to update your PTR.
 
Check the PTR record that you get from this command:

Code:
dix -x <yourip>

If it is not correct, contact the datacenter and tell them to update your PTR.

I think you meant
Code:
dig -x <IP>
. Well, I tried. For IPv4 I got the correct PTR record.
However, for IPv6 I got the following result:

dig_result.jpg


I'm not sure if I understand everything correctly (the result looks very different from the IPv4 result). As I see it, it does not list my PTR record, or does it? I have set a reverse DNS address for my IPv6 on the server...
 
Okay, so I tried replying to this thread yesterday, but apparently my posts are blocked (possibly due me trying to post a link)...
I'll give it another try...

So, I used the
Code:
dig -x <myIP>
command and when entering my IPv4 I got the correct PTR record for my server.
However, when I enter the IPv6, I get a result that does not look like the results of the IPv4 at all, and I'm actually unsure on how to interpret it.
I get the following result:

Code:
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.2 <<>> -x MyIPv6
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11958
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.3.0.0.8.f.f.f.8.c.7.0.1.0.a.2.ip6.arpa. IN PTR

;; AUTHORITY SECTION:
0.a.2.ip6.arpa.        1953    IN    SOA    pri.authdns.ripe.net. dns.ripe.net. 1488216588 3600 600 864000 3600

;; Query time: 230 msec
;; SERVER: 80.69.67.66#53(80.69.67.66)
;; WHEN: ma feb 27 19:59:26 CET 2017
;; MSG SIZE  rcvd: 161

As far as I can tell it does not list the PTR record which I have set for the IPv6, right?
 
Yes, there is no PTR record on your IPv6 IP.

Contact the datacenter admins where your server is located and ask them to add PTR record (the same as your IPv4 one I guess).
 
Hi Wattie,

Thanks for your help. I've contacted the datacenter and they admitted to having made a mistake. They have corrected the issue and now the correct PTR record shows up.

However, it still did not solve my original problem. I've found out that I did not specify the correct range of IPv6 addresses in my SPF record. After changing this, my issue was resolved. :)
 
That was my first though but at the beginning your said "I have correctly set-up SPF and DKIM and ..." :)
 
That was my first though but at the beginning your said "I have correctly set-up SPF and DKIM and ..." :)

Very true, I was lead to believe this because of the testing with mail-tester.com, which pointed out that SPF was correctly configured (it was, just not for forwarded mail). ;)
 
Back
Top