[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issues sending to gmail today?



That's crazy! I haven't received those IPs in any replies from three completely separate networks/geographic locations. Is there any way you can configure opportunistic TLS on your MTAs?

--
Jason

----- On Apr 24, 2014, at 9:15 PM, Matthew Promenchenkel <mpromenc@merit.edu> wrote:
; <<>> DiG 9.8.1-P1 <<>> mx gmail.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23768
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 17

;; QUESTION SECTION:
;gmail.com.            IN    MX

;; ANSWER SECTION:
gmail.com.        2989    IN    MX    40 alt4.gmail-smtp-in.l.google.com.
gmail.com.        2989    IN    MX    20 alt2.gmail-smtp-in.l.google.com.
gmail.com.        2989    IN    MX    5 gmail-smtp-in.l.google.com.
gmail.com.        2989    IN    MX    10 alt1.gmail-smtp-in.l.google.com.
gmail.com.        2989    IN    MX    30 alt3.gmail-smtp-in.l.google.com.

;; ADDITIONAL SECTION:
gmail-smtp-in.l.google.com. 21    IN    A    74.125.201.108
gmail-smtp-in.l.google.com. 21    IN    A    74.125.142.27
alt3.gmail-smtp-in.l.google.com. 21 IN    A    173.194.67.27
alt3.gmail-smtp-in.l.google.com. 21 IN    A    74.125.201.109
alt3.gmail-smtp-in.l.google.com. 21 IN    A    74.125.201.108
alt2.gmail-smtp-in.l.google.com. 21 IN    A    74.125.201.108
gmail-smtp-in.l.google.com. 21    IN    A    74.125.142.26
gmail-smtp-in.l.google.com. 21    IN    A    74.125.201.109
alt4.gmail-smtp-in.l.google.com. 21 IN    AAAA    2a00:1450:4013:c01::1a
alt2.gmail-smtp-in.l.google.com. 21 IN    A    74.125.131.27
alt3.gmail-smtp-in.l.google.com. 21 IN    AAAA    2a00:1450:400c:c05::1a
alt3.gmail-smtp-in.l.google.com. 21 IN    A    173.194.67.26
alt2.gmail-smtp-in.l.google.com. 21 IN    A    74.125.131.26
gmail-smtp-in.l.google.com. 21    IN    AAAA    2607:f8b0:4001:c03::1a
alt2.gmail-smtp-in.l.google.com. 21 IN    A    74.125.201.109
alt1.gmail-smtp-in.l.google.com. 93 IN    A    74.125.29.26
alt4.gmail-smtp-in.l.google.com. 70 IN    A    173.194.65.27

;; Query time: 7 msec
;; SERVER: 10.108.1.128#53(10.108.1.128)
;; WHEN: Thu Apr 24 21:11:55 2014
;; MSG SIZE  rcvd: 458


20 seconds later
; <<>> DiG 9.8.1-P1 <<>> mx gmail.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9402
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;gmail.com.            IN    MX

;; ANSWER SECTION:
gmail.com.        3029    IN    MX    20 alt2.gmail-smtp-in.l.google.com.
gmail.com.        3029    IN    MX    40 alt4.gmail-smtp-in.l.google.com.
gmail.com.        3029    IN    MX    5 gmail-smtp-in.l.google.com.
gmail.com.        3029    IN    MX    10 alt1.gmail-smtp-in.l.google.com.
gmail.com.        3029    IN    MX    30 alt3.gmail-smtp-in.l.google.com.

;; Query time: 7 msec
;; SERVER: 10.108.1.128#53(10.108.1.128)
;; WHEN: Thu Apr 24 21:12:21 2014
;; MSG SIZE  rcvd: 150

host gmail-smtp-in.l.google.com
gmail-smtp-in.l.google.com has address 74.125.201.109
gmail-smtp-in.l.google.com has address 74.125.142.27
gmail-smtp-in.l.google.com has address 74.125.201.108
gmail-smtp-in.l.google.com has address 74.125.142.26
gmail-smtp-in.l.google.com has IPv6 address 2607:f8b0:4001:c05::1a
A few seconds later
host gmail-smtp-in.l.google.com
gmail-smtp-in.l.google.com has address 74.125.193.27
gmail-smtp-in.l.google.com has IPv6 address 2607:f8b0:4001:c03::1b


The 2 IPs in red are where the delivery failures occur.

-Matt


From: "Fred Seaton" <F-Seaton@wiu.edu>
To: "Matthew Promenchenkel" <mpromenc@merit.edu>
Cc: "zimbra-hied-admins" <zimbra-hied-admins@sfu.ca>, jbryan@zimbra.com
Sent: Thursday, April 24, 2014 9:01:30 PM
Subject: Re: Issues sending to gmail today?

If you run "dig MX gmail.com" from one of your MTAs, what are you getting for output?



From: "Matthew Promenchenkel" <mpromenc@merit.edu>
To: jbryan@zimbra.com
Cc: "zimbra-hied-admins" <zimbra-hied-admins@sfu.ca>
Sent: Thursday, April 24, 2014 6:55:36 PM
Subject: Re: Issues sending to gmail today?

Thanks Jason.  I have some additional information here. 

Also if anyone has any tips to contacting gmail support I would greatly appreciate it.  The only method I could track down requires a google apps account.

Today we got several reports of messages being bounced when our users attempt to send to gmail recipients.  Any assistance you could offer would be greatly appreciated.  We've instructed our user base to try sending again if they get a bounce message like this.  In most cases the second attempt hits either 74.125.142.26 or 74.125.142.27 and delivers successfully.

We're seeing this behavior across a number of MTA hosts in unique clusters that have never had this issue before.  Most messages go through except for those that hit either 74.125.201.109 or, 74.125.201.108

Here's a sample bounce

Subject: Undelivered Mail Returned to Sender

This is the mail system at host XXXX.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<jdoe@example.com>: host aspmx.l.google.com[74.125.201.109] said: 530 5.7.0
    Must issue a STARTTLS command first. qh3sm45465840igb.17 - gsmtp (in reply
    to MAIL FROM command)

Here's a snippet from our postfix logs.

Apr 24 10:37:16 hostnameXXX postfix/smtp[11941]: 28D41401510E: to=<userXXXX>, relay=aspmx.l.google.com[74.125.201.109]:25, delay=0.15, delays=0.05/0.01/0.06/0.02, dsn=5.7.0, status=bounced (host aspmx.l.google.com[74.125.201.109] said: 530 5.7.0 Must issue a STARTTLS command first. lp4sm45391252igb.12 - gsmtp (in reply to MAIL FROM command))

Below are 2 of many log entries timing out connectiong to 74.125.201.108 before today.

Apr 23 05:18:36 mm-p01 postfix/smtp[27584]: connect to gmail-smtp-in.l.google.com[74.125.201.109]:25: Connection timed out
Apr 23 05:21:22 mm-p01 postfix/smtp[29045]: connect to aspmx.l.google.com[74.125.201.109]:25: Connection timed out

Apr 21 04:01:00 mm-p01 postfix/smtp[8935]: connect to gmail-smtp-in.l.google.com[74.125.201.108]:25: Connection timed out
Apr 21 06:14:52 phx-p02 postfix/smtp[15436]: connect to gmail-smtp-in.l.google.com[74.125.201.108]:25: Connection timed out

A chunk of logs including successful deliveries mixed in with failures from one MTA

Apr 24 07:05:33 phx-p01 postfix/smtp[5441]: AAD3A4029112: to=<wilvicruf@gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.142.26]:25, delay=1.6, delays=0.33/0.13/0.1/1, dsn=2.0.0, status=sent (250 2.0.0 OK 1398337533 pe7si2318225icc.24 - gsmtp)
Apr 24 07:05:33 phx-p01 postfix/smtp[2950]: A75E84028F1A: to=<kiwis@ieee.org>, relay=aspmx.l.google.com[74.125.142.27]:25, delay=1.6, delays=0.21/0.24/0.25/0.93, dsn=2.0.0, status=sent (250 2.0.0 OK 1398337533 bs7si2310348icc.73 - gsmtp)
Apr 24 07:06:19 phx-p01 postfix/smtp[2957]: 0636B4029249: to=<kinnistk@pennfield.net>, relay=aspmx.l.google.com[74.125.201.109]:25, delay=0.17, delays=0.01/0/0.14/0.02, dsn=5.7.0, status=bounced (host aspmx.l.google.com[74.125.201.109] said: 530 5.7.0 Must issue a STARTTLS command first. b6sm13036268igm.2 - gsmtp (in reply to MAIL FROM command))
Apr 24 07:06:21 phx-p01 postfix/smtp[2940]: 663574029249: to=<jamesguessis@gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.142.26]:25, delay=0.38, delays=0.01/0/0.1/0.27, dsn=2.0.0, status=sent (250 2.0.0 OK 1398337581 bo3si2314502icc.64 - gsmtp)
Apr 24 07:06:25 phx-p01 postfix/smtp[5443]: EF15040291EA: to=<KENCAPITALIZED@GMAIL.COM>, relay=gmail-smtp-in.l.google.COM[74.125.142.27]:25, delay=0.37, delays=0.01/0.02/0.15/0.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1398337585 n6si19742979ige.22 - gsmtp)
Apr 24 07:06:44 phx-p01 postfix/smtp[31294]: BA8E14029300: to=<danielle759@gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.142.27]:25, delay=0.59, delays=0.01/0/0.09/0.49, dsn=2.0.0, status=sent (250 2.0.0 OK 1398337604 x9si6137132igl.10 - gsmtp)
Apr 24 07:06:45 phx-p01 postfix/smtp[5441]: E3D534029300: to=<rbmckelvey@gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.142.27]:25, delay=0.31, delays=0.01/0/0.06/0.24, dsn=2.0.0, status=sent (250 2.0.0 OK 1398337605 ng1si2300805icc.142 - gsmtp)
Apr 24 07:06:57 phx-p01 postfix/smtp[5438]: BFAD4402922E: to=<HILTNER3@GMAIL.COM>, relay=gmail-smtp-in.l.google.COM[74.125.142.27]:25, delay=0.67, delays=0.01/0.02/0.07/0.58, dsn=2.0.0, status=sent (250 2.0.0 OK 1398337617 a6si6135804igx.17 - gsmtp)
Apr 24 07:07:08 phx-p01 postfix/smtp[2944]: 914A3402929D: to=<tleigh696@gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.201.109]:25, delay=0.09, delays=0.01/0.01/0.06/0.02, dsn=5.7.0, status=bounced (host gmail-smtp-in.l.google.com[74.125.201.109] said: 530 5.7.0 Must issue a STARTTLS command first. vc5sm44049284igb.3 - gsmtp (in reply to MAIL FROM command))


-Matt


From: "Jason Bryan" <jbryan@zimbra.com>
To: "Matthew Promenchenkel" <mpromenc@merit.edu>
Cc: "zimbra-hied-admins" <zimbra-hied-admins@sfu.ca>
Sent: Thursday, April 24, 2014 6:24:38 PM
Subject: Re: Issues sending to gmail today?

Hmm, those two IPs are not listed in gmail.com or google.com MX. Does the recipient domain have those two IPs listed? I wonder if there is a STARTTLS requirement on that domain.


Jason Bryan
Lead Engineer, Continuous Product Development
Zimbra | Community & Collaboration

----- On Apr 24, 2014, at 5:07 PM, Matthew Promenchenkel <mpromenc@merit.edu> wrote:

Is anyone else seeing this behavior today?


We're seeing this behavior across a number of MTA hosts that have never had this issue before.  Most messages go through except for those that hit either 74.125.201.109 or, 74.125.201.108

Here's a snippet from our postfix logs.

Apr 24 10:37:16 hostnameXXX postfix/smtp[11941]: 28D41401510E: to=<userXXXX>, relay=aspmx.l.google.com[74.125.201.109]:25, delay=0.15, delays=0.05/0.01/0.06/0.02, dsn=5.7.0, status=bounced (host aspmx.l.google.com[74.125.201.109] said: 530 5.7.0 Must issue a STARTTLS command first. lp4sm45391252igb.12 - gsmtp (in reply to MAIL FROM command))


Matthew Promenchenkel
Systems Analyst
Merit Network, Inc.
(734)527-5769