[RndTbl] Gmail problem sending from your own SMTP server
Gilbert E. Detilllieux
gedetil at cs.umanitoba.ca
Mon Apr 20 09:19:58 CDT 2020
Yeah, we got bitten by this one at work last week (actually started
noticing problems around Wednesday or Thursday of the previous week, but
only resolved it last week). We had some users within the department
who wanted to manage their CS e-mail via Gmail, and had set up their
Gmail to send out via our SMTP server, which had worked fine until
Google unilaterally decided on this new restriction, which most likely
violates several standards.
Since we control reverse DNS on our domain, I was able to fudge things
up to get Google to accept our cert (a legitimate cert, issued by
Globalsign, that has multiple generic aliases in the SAN list, but
intentionally avoided the canonical host name, since these generic
aliases should be allowed to migrate to different physical servers,
transparently). I found out that you can have multiple PTR records on
one IP address, which is completely legal in DNS, but not usually
considered good practice (or so I thought). Of course, this second PTR
record caused some things to fail in a non-deterministic way, since
lookups on the IP address gave the PTR records in pseudo-random order,
causing code that only looked at the first answer to get inconsistent
results. Grrr!
Thanks, Google, for once again messing with standards, and forcing
everyone else to bend to your will!
Gilbert
On 2020-04-18 3:14 p.m., Hartmut W Sager wrote:
> Gmail is sure piling up its problems like never before in my 8-10 years
> of using it. In addition to the other issues of the last two months, we
> now have:
>
> The recent intermittent Gmail problem in sending from your own SMTP
> server (if you don't want your "send from" address at your own domain
> name to be an "alias" of your Gmail address) has now become an "always
> happens" problem. Here's the failure message you get from Gmail:
>
> Message not delivered
> You're sending this from a different address or alias using the 'Send
> mail as' feature. The settings for your 'Send mail as' account are
> misconfigured or out of date. Check those settings and try resending.
> TLS Negotiation failed, the certificate doesn't match the host.
> After much experimenting and Internet research, I found the answer
> buried in Gmail support forums - an answer from a smart user, not from
> Google. In my case, since I use Tucows/OpenSRS for my SMTP server, the
> chain is
> smtp-1.marityme.com <http://smtp-1.marityme.com> [cname]
> --> smtp.marityme.com.cust.a.hostedemail.com
> <http://smtp.marityme.com.cust.a.hostedemail.com>
> --> 216.40.42.5 --> [RDNS] mail.hostedemail.com
> <http://mail.hostedemail.com>
>
> Tucows/OpenSRS specifies the server
> *smtp.marityme.com.cust.a.hostedemail.com
> <http://smtp.marityme.com.cust.a.hostedemail.com>*, which I cname to for
> concenience and elegance, and that resolves to *216.40.42.5*, whose RDNS
> lookup gives *mail.hostedemail.com <http://mail.hostedemail.com>*. Now,
> unlike before, Gmail expects me to give *mail.hostedemail.com
> <http://mail.hostedemail.com>* as the SMTP server in the "send from"
> configuration, and then the sending mechanism works again (at least
> yesterday and today, who knows about tomorrow).
>
> The purpose of this post is to save other members days of headache
> trying to figure this one out.
--
Gilbert E. Detillieux E-mail: <gedetil at cs.umanitoba.ca>
Dept. of Computer Science Web: http://www.cs.umanitoba.ca/~gedetil/
University of Manitoba Phone: (204)474-8161
Winnipeg MB CANADA R3T 2N2 Fax: (204)474-7609
More information about the Roundtable
mailing list