[SOLVED] Not receiving emails from gmail on base domain

atheridis · October 28, 2022, 1:35pm

Apparently I can only put 2 links in my post, as I am a new user. I have replaced all instances of domain.net with domain,net; but I actually mean the first.

TL;DR: Can’t receive emails from gmail (and only gmail) on @domain,net, but I can receive them from gmail to @mail,domain,net, outgoing emails work perfectly fine, from every other provider I can receive on both. Logs show as if gmail never sent the email, I have tried from multiple gmail accounts. What can I do to receive emails?

I will be using “domain,net” instead of my actual domain.

My VPS is hetzner.

My registrar is namecheap, I have the box assigned to mail,domain,net (instead of box,domain,net). The DNS from namecheap point to ns1,mail,domain,net and ns2,mail,domain,net, so I am using miab DNS records that are already setup.
The only other change I made with DNS records was adding nextcloud,domain,net to point to a nextcloud server on hetzner using CNAME.

On the System Status Checks everything is green except:

There are 2 software packages that can be updated.
[Try Ubuntu Pro beta with a free personal subscription on up to 5 machines.] ()
[Learn more at https://ubuntu,com/pro] ()

Even when I do apt update && apt upgrade it only shows grub packages and it says they have been kept back.

? This domain’s DNSSEC DS record is not set. The DS record is optional. The DS record activates DNSSEC. See below for instructions.
Show more

The show more shows a bunch of stuff, this one is weird cause I’m already using miab’s premade DNS records.

Currently I have tested sending emails to: tutanota, gmail, yahoo, hotmail. They all get sent and in the regular inbox (not spam). I have 0 issues sending emails.

I have received emails with no issue (except the greylist, which I have to wait a few minutes for the email to arrive) from: tutanota, yahoo, hotmail, when I made an account for mailinabox.email to post this I got a verification email, same for slack,com, but I can’t receive any emails from gmail on @domain,net, but I can receive emails from gmail on @mail,domain,net.

When sending an email from gmail to @domain,net, gmail just shows as if it’s sent successfully (when I sent to a non-existing email <doesn’t exist>@mail,domain,net gmail sent me an email telling me it doesn’t exist, when I did the same for <doesn’t exist>@domain,net gmail doesn’t tell me the email doesn’t exist). I have tried using multiple past gmail accounts I had.

When I do cat /var/log/mail.log nothing new pops up. Like I never sent the email from gmail.
mailq doesn’t show anything either.

I have used this to try flushing google’s DNS dns,google/cache (I added a comma, replace with dot) on domain,net for A, AAAA, and MX records as well as mail,domain,net for A, AAAA, and MX records.

I have no idea what to do from here. Any ideas?

alento · October 28, 2022, 1:41pm

Ask Gmail for assistance. Good luck with that!

Slightly more seriously though - I have not heard of this one before. Are you sure that your domain was never added to Google Workspace (formerly G-Suite)? This is the behavior that I’d expect when a sending mail server believes that they control your domain.

Afterall, Google controls the world, ya know. /s

atheridis · October 28, 2022, 2:29pm

I have no idea what the issue was. I did nothing and I just got spammed by all the emails I sent (even some from 10 hours ago) from my different gmail accounts.

I also never paid for any google services (so I never used workspaces to add a domain to google anyways).

The only thing I can imagine is that gmail uses its own DNS (cause google’s DNS was showing the correct MX records) and it just didn’t refresh.

Thanks for the help, I guess just waiting is the best option sometimes.

miabuser · October 28, 2022, 3:52pm

Just a wild guess. But is it possible that on the old server a max_age policy of 86400 was enforced in the mta-sts.txt. ?

alento · October 28, 2022, 4:33pm

I think that you hit the nail on the head … Now, someone needs to fully explain mta-sts as seemingly it is going to be an issue in migrations.

miabuser · October 28, 2022, 5:09pm

I’m no expert on this, so I’m not entirely sure, especially when it comes to my reasoning about the max_age value.

Maybe the actual issue was the TTL of the DNS record, because afaik the mta-sts policy should only care about enforcing TLS for a certain domain. From this I would conclude that you should be able to change the DNS records without waiting for the max-age policy to expire, respectively you should be able to move a domain to a diffrent IP, if you also move the certificates, respectively if the new server also provides valid certificates for your domain. So maybe the max_age policy wasn’t the actual reason for the delay, but because of a high TTL, Google didn’t check the DNS record earlier, which then caused the delay.

Btw. Google is afaik the only one of the large providers, that really cares about MTA-STS, so not sure how important that is anyways.

alento · October 28, 2022, 5:51pm

Yeah hence information from someone like @JoshData about the importance of this feature of MiaB and why it was implemented would be in order perhaps?

miabuser · October 28, 2022, 6:13pm

Absolutely. I certainly would welcome a well founded explanation

system · November 4, 2022, 6:13pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.