I wanted to share an issue we’ve seen multiple reports of this week, where MDaemon customers have started receiving bouncebacks from Google mail servers.
Valid email is being refused due to PTR record failures, and it’s happening for all Gmail domains including customer registered domains that are used with Google services.
Identifying the problem
When we look in the MDaemon SMTP (out) log, we see an error like this during the SMTP session.
<– 550-5.7.1 [2001:0:5ef5:79fb:34e1:18ed:adbb:2299] Our system has detected that
<– 550-5.7.1 this message does not meet IPv6 sending guidelines regarding PTR
<– 550-5.7.1 records and authentication. Please review
<– 550-5.7.1 https://support.google.com/mail/?p=ipv6_authentication_error for more
<– 550 5.7.1 information. bq2si3288976wjd.21 – gsmtp
As you can see, the underlying reason the message is failing is due to it arriving from an IPv6 address and the Gmail server checking for a valid IPv6 PTR record. In our experience, it’s not uncommon that a site has a valid IPv4 PTR record but not a Valid IPv6 PTR record. If you don’t use IPv6 you don’t need one, but modern routers and servers usually do route IPv6 so it can be used by mistake. Out of the box MDaemon does fully support iPv6 and if the server it is installed on has a valid IPv6 address it could be used to create SMTP sessions.
So how do we fix it?
In MDaemon if you are not specifically using IPv6 ( I have yet to find a customer who is). the simple fix is to turn off the support and restart the MDaemon services to restrict the server to only connect using ipV4 addresses. To do this open the MDameon console and navigate to Setup > Server Settings > IPV6
To do this open the MDaemon console and navigate to Setup > Server Settings > IPV6.
Choose to accept only IPv4 connections and untick the option to ‘Connect to outbound IPv6 hosts where possible’. When you click OK, MDaemon will prompt if you want to restart the services. If you want to manually restart the services later you can do.
Once MDaemon has restarted all new SMTP sessions should be sent using IPv4 addresses and the Gmail blocking issue should not return.