Gmail refusing mails from domain using MiaB NS

Hey MiaB team,

I am using MiaB for quite some time now and always had trouble with Gmail.
I have setup a brand new MiaB instance last year with two domains I use for email and opted for the self-hosted dns option, pointing to “ns1.box2.(my-main-domain).de” and “ns2.box2.(my-main-domain).de”, which are the auto-generated ns files from MiaB. I don’t have any custom rules there. Today I tried to forward a mail from my secondary account to Gmail, but got an Undelivered Mail response containing the following:[2a00:1450:400c:c00::1b] said: 550-5.7.25
    [2a01:4f8:1c17:483d::1] The IP address sending this message does not
    550-5.7.25 have a PTR record setup, or the corresponding forward DNS entry
    does 550-5.7.25 not point to the sending IP. As a policy, Gmail does not
    accept 550-5.7.25 messages from IPs with missing PTR records. Please visit
    550-5.7.25 for
    more 550 5.7.25 information.
    bs25-20020a056000071900b0020e79a9bb44si6607954wrb.457 - gsmtp (in reply to
    end of DATA command)

To my knowledge, DKIM should be configured and working. The auto-generated record in /etc/nsd/zones seems to include it, this is the entry for my secondary domain:

$ORIGIN <my-other-domain-used-for-mail>.com.
$TTL 86400          ; default time to live

@ IN SOA ns1.box2.<my-main-domain>.de. hostmaster.box2.<my-main-domain>.de. (
           2022081000     ; serial number
           7200     ; Refresh (secondary nameserver update interval)
           3600     ; Retry (when refresh fails, how often to try again, should be lower than the refresh)
           1209600  ; Expire (when refresh fails, how long secondary nameserver will keep records around anyway)
           86400    ; Negative TTL (how long negative responses are cached)
        IN      NS      ns1.box2.<my-main-domain>.de.
        IN      NS      ns2.box2.<my-main-domain>.de.
        IN      A       <my-ip-v4-address>
        IN      AAAA    <my-ip-v6-address>
        IN      MX      10 box2.<my-main-domain>.de.
        IN      TXT     "v=spf1 mx -all"
_dmarc  IN      TXT     "v=DMARC1; p=quarantine"
mail._domainkey IN      TXT     "v=DKIM1; h=sha256; k=rsa; s=email; p=<generated-hash>"
_mta-sts        IN      TXT     "v=STSv1; id=<generated-id>"
_caldavs._tcp   IN      SRV     0 0 443 box2.<my-main-domain>.de.
_carddavs._tcp  IN      SRV     0 0 443 box2.<my-main-domain>.de.
autoconfig      IN      A       <my-ip-v4-address>
autoconfig      IN      AAAA    <my-ip-v6-address>
autoconfig      IN      TXT     "v=spf1 -all"
autoconfig      IN      MX      0 .
_dmarc.autoconfig       IN      TXT     "v=DMARC1; p=reject"
autodiscover    IN      A       <my-ip-v4-address>
autodiscover    IN      AAAA    <my-ip-v6-address>
autodiscover    IN      TXT     "v=spf1 -all"
autodiscover    IN      MX      0 .
_dmarc.autodiscover     IN      TXT     "v=DMARC1; p=reject"
mta-sts IN      A       <my-ip-v4-address>
mta-sts IN      AAAA    <my-ip-v6-address>
mta-sts IN      TXT     "v=spf1 -all"
mta-sts IN      MX      0 .
_dmarc.mta-sts  IN      TXT     "v=DMARC1; p=reject"
www     IN      A       <my-ip-v4-address>
www     IN      AAAA    <my-ip-v6-address>
www     IN      TXT     "v=spf1 -all"
www     IN      MX      0 .
_dmarc.www      IN      TXT     "v=DMARC1; p=reject"

; DNSSEC signing keys hash: <generated-hash>

Any ideas why this might happen?

Did you set up reverse DNS for the mentioned ipv6 address at your hoster?

Thank you Jan! I checked and that was indeed not set correctly. Still strange that it happened out of the sudden.

No, not really. Gmail is cracking down harder and harder and enforcing their acceptance policies that they have been not enforcing.

This topic was automatically closed 40 days after the last reply. New replies are no longer allowed.