[RndTbl] Gmail problem sending from your own SMTP server
Hartmut W Sager
hwsager at marityme.net
Mon Apr 20 10:03:17 CDT 2020
How did you (and your work colleagues) come to realize that the RDNS name
is what Google cert is trying to match?
Hartmut W Sager - Tel +1-204-339-8331
On Mon, 20 Apr 2020 at 09:20, Gilbert E. Detilllieux <
gedetil at cs.umanitoba.ca> wrote:
> Yeah, we got bitten by this one at work last week (actually started
> noticing problems around Wednesday or Thursday of the previous week, but
> only resolved it last week). We had some users within the department
> who wanted to manage their CS e-mail via Gmail, and had set up their
> Gmail to send out via our SMTP server, which had worked fine until
> Google unilaterally decided on this new restriction, which most likely
> violates several standards.
>
> Since we control reverse DNS on our domain, I was able to fudge things
> up to get Google to accept our cert (a legitimate cert, issued by
> Globalsign, that has multiple generic aliases in the SAN list, but
> intentionally avoided the canonical host name, since these generic
> aliases should be allowed to migrate to different physical servers,
> transparently). I found out that you can have multiple PTR records on
> one IP address, which is completely legal in DNS, but not usually
> considered good practice (or so I thought). Of course, this second PTR
> record caused some things to fail in a non-deterministic way, since
> lookups on the IP address gave the PTR records in pseudo-random order,
> causing code that only looked at the first answer to get inconsistent
> results. Grrr!
>
> Thanks, Google, for once again messing with standards, and forcing
> everyone else to bend to your will!
>
> Gilbert
>
> On 2020-04-18 3:14 p.m., Hartmut W Sager wrote:
> [... deleted ...]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://muug.ca/pipermail/roundtable/attachments/20200420/ae0bbc56/attachment.htm>
More information about the Roundtable
mailing list