Hey MiaB team,
I am using MiaB for quite some time now and always had trouble with Gmail.
I have setup a brand new MiaB instance last year with two domains I use for email and opted for the self-hosted dns option, pointing to “ns1.box2.(my-main-domain).de” and “ns2.box2.(my-main-domain).de”, which are the auto-generated ns files from MiaB. I don’t have any custom rules there. Today I tried to forward a mail from my secondary account to Gmail, but got an Undelivered Mail response containing the following:
gmail-smtp-in.l.google.com[2a00:1450:400c:c00::1b] said: 550-5.7.25
[2a01:4f8:1c17:483d::1] The IP address sending this message does not
550-5.7.25 have a PTR record setup, or the corresponding forward DNS entry
does 550-5.7.25 not point to the sending IP. As a policy, Gmail does not
accept 550-5.7.25 messages from IPs with missing PTR records. Please visit
550-5.7.25 https://support.google.com/mail/answer/81126#ip-practices for
more 550 5.7.25 information.
bs25-20020a056000071900b0020e79a9bb44si6607954wrb.457 - gsmtp (in reply to
end of DATA command)
To my knowledge, DKIM should be configured and working. The auto-generated record in /etc/nsd/zones seems to include it, this is the entry for my secondary domain:
$ORIGIN <my-other-domain-used-for-mail>.com.
$TTL 86400 ; default time to live
@ IN SOA ns1.box2.<my-main-domain>.de. hostmaster.box2.<my-main-domain>.de. (
2022081000 ; serial number
7200 ; Refresh (secondary nameserver update interval)
3600 ; Retry (when refresh fails, how often to try again, should be lower than the refresh)
1209600 ; Expire (when refresh fails, how long secondary nameserver will keep records around anyway)
86400 ; Negative TTL (how long negative responses are cached)
)
IN NS ns1.box2.<my-main-domain>.de.
IN NS ns2.box2.<my-main-domain>.de.
IN A <my-ip-v4-address>
IN AAAA <my-ip-v6-address>
IN MX 10 box2.<my-main-domain>.de.
IN TXT "v=spf1 mx -all"
_dmarc IN TXT "v=DMARC1; p=quarantine"
mail._domainkey IN TXT "v=DKIM1; h=sha256; k=rsa; s=email; p=<generated-hash>"
_mta-sts IN TXT "v=STSv1; id=<generated-id>"
_caldavs._tcp IN SRV 0 0 443 box2.<my-main-domain>.de.
_carddavs._tcp IN SRV 0 0 443 box2.<my-main-domain>.de.
autoconfig IN A <my-ip-v4-address>
autoconfig IN AAAA <my-ip-v6-address>
autoconfig IN TXT "v=spf1 -all"
autoconfig IN MX 0 .
_dmarc.autoconfig IN TXT "v=DMARC1; p=reject"
autodiscover IN A <my-ip-v4-address>
autodiscover IN AAAA <my-ip-v6-address>
autodiscover IN TXT "v=spf1 -all"
autodiscover IN MX 0 .
_dmarc.autodiscover IN TXT "v=DMARC1; p=reject"
mta-sts IN A <my-ip-v4-address>
mta-sts IN AAAA <my-ip-v6-address>
mta-sts IN TXT "v=spf1 -all"
mta-sts IN MX 0 .
_dmarc.mta-sts IN TXT "v=DMARC1; p=reject"
www IN A <my-ip-v4-address>
www IN AAAA <my-ip-v6-address>
www IN TXT "v=spf1 -all"
www IN MX 0 .
_dmarc.www IN TXT "v=DMARC1; p=reject"
; DNSSEC signing keys hash: <generated-hash>
Any ideas why this might happen?