[SOLVED] Not receiving emails from gmail on base domain

Apparently I can only put 2 links in my post, as I am a new user. I have replaced all instances of domain.net with domain,net; but I actually mean the first.

TL;DR: Can’t receive emails from gmail (and only gmail) on @domain,net, but I can receive them from gmail to @mail,domain,net, outgoing emails work perfectly fine, from every other provider I can receive on both. Logs show as if gmail never sent the email, I have tried from multiple gmail accounts. What can I do to receive emails?

I will be using “domain,net” instead of my actual domain.

My VPS is hetzner.

My registrar is namecheap, I have the box assigned to mail,domain,net (instead of box,domain,net). The DNS from namecheap point to ns1,mail,domain,net and ns2,mail,domain,net, so I am using miab DNS records that are already setup.
The only other change I made with DNS records was adding nextcloud,domain,net to point to a nextcloud server on hetzner using CNAME.

On the System Status Checks everything is green except:

:heavy_multiplication_x: There are 2 software packages that can be updated.
[Try Ubuntu Pro beta with a free personal subscription on up to 5 machines.] ()
[Learn more at https://ubuntu,com/pro] ()

Even when I do apt update && apt upgrade it only shows grub packages and it says they have been kept back.

? This domain’s DNSSEC DS record is not set. The DS record is optional. The DS record activates DNSSEC. See below for instructions.
Show more

The show more shows a bunch of stuff, this one is weird cause I’m already using miab’s premade DNS records.

Currently I have tested sending emails to: tutanota, gmail, yahoo, hotmail. They all get sent and in the regular inbox (not spam). I have 0 issues sending emails.

I have received emails with no issue (except the greylist, which I have to wait a few minutes for the email to arrive) from: tutanota, yahoo, hotmail, when I made an account for mailinabox.email to post this I got a verification email, same for slack,com, but I can’t receive any emails from gmail on @domain,net, but I can receive emails from gmail on @mail,domain,net.

When sending an email from gmail to @domain,net, gmail just shows as if it’s sent successfully (when I sent to a non-existing email <doesn’t exist>@mail,domain,net gmail sent me an email telling me it doesn’t exist, when I did the same for <doesn’t exist>@domain,net gmail doesn’t tell me the email doesn’t exist). I have tried using multiple past gmail accounts I had.

When I do cat /var/log/mail.log nothing new pops up. Like I never sent the email from gmail.
mailq doesn’t show anything either.

I have used this to try flushing google’s DNS dns,google/cache (I added a comma, replace with dot) on domain,net for A, AAAA, and MX records as well as mail,domain,net for A, AAAA, and MX records.

I have no idea what to do from here. Any ideas?

Ask Gmail for assistance. Good luck with that!

Slightly more seriously though - I have not heard of this one before. Are you sure that your domain was never added to Google Workspace (formerly G-Suite)? This is the behavior that I’d expect when a sending mail server believes that they control your domain.

Afterall, Google controls the world, ya know. /s

I have no idea what the issue was. I did nothing and I just got spammed by all the emails I sent (even some from 10 hours ago) from my different gmail accounts.

I also never paid for any google services (so I never used workspaces to add a domain to google anyways).

The only thing I can imagine is that gmail uses its own DNS (cause google’s DNS was showing the correct MX records) and it just didn’t refresh.

Thanks for the help, I guess just waiting is the best option sometimes.

Just a wild guess. But is it possible that on the old server a max_age policy of 86400 was enforced in the mta-sts.txt. ?

I think that you hit the nail on the head … Now, someone needs to fully explain mta-sts as seemingly it is going to be an issue in migrations.

I’m no expert on this, so I’m not entirely sure, especially when it comes to my reasoning about the max_age value.

Maybe the actual issue was the TTL of the DNS record, because afaik the mta-sts policy should only care about enforcing TLS for a certain domain. From this I would conclude that you should be able to change the DNS records without waiting for the max-age policy to expire, respectively you should be able to move a domain to a diffrent IP, if you also move the certificates, respectively if the new server also provides valid certificates for your domain. So maybe the max_age policy wasn’t the actual reason for the delay, but because of a high TTL, Google didn’t check the DNS record earlier, which then caused the delay.

Btw. Google is afaik the only one of the large providers, that really cares about MTA-STS, so not sure how important that is anyways. :wink:

Yeah hence information from someone like @JoshData about the importance of this feature of MiaB and why it was implemented would be in order perhaps?

1 Like

Absolutely. I certainly would welcome a well founded explanation :slight_smile:

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.