Sending mail to gmail loops back to myself problem

There I get the following reply from neth-mailserver:

The mail system adress@gmail.com: mail for gmail.com loops back to myself

Reporting-MTA: dns; hostname.ourdomain.tld X-Postfix-Queue-ID: F3D6980D3870 X-Postfix-Sender: rfc822; sender@ourdomain.tld Arrival-Date: Mon, 22 Mar 2021 16:26:39 +0100 (CET) Final-Recipient: rfc822; address@gmail.com Original-Recipient: rfc822;adress@gmail.com Action: failed Status: 5.4.6 Diagnostic-Code: X-Postfix; mail for gmail.com loops back to myself

Relevant part in maillog:
warning: host gmail-smtp-in.l.google.com[0.0.0.0]:25 greeted me with my own hostname nethmailserverhostname.internaldomain.tld
warning: host gmail-smtp-in.l.google.com[0.0.0.0]:25 replied to HELO/EHLO with my own hostname nethmailserverhostname.internaldomain.tld
F3D6980D3870: to=gmailuser@gmail.com, relay=gmail-smtp-in.l.google.com[0.0.0.0]:25, delay=0.22, delays=0.15/0.01/0.06/0, dsn=5.4.6, status=bounced (mail for gmail.com loops back to myself)

It has to do with dns resolution. Changing the dns setting on my mail-nethserver to 1.1.1.1 solved the problem. So piHole configured as dns server for this neth-mailserver is causing this. Adding gmail-smtp-in.l.google.com in Whitelist of said piHole lets the nethserver get correct reply for ping thus mail is successfully delivered to gmailbox.

@Elleni

Hi

Maybe it’s really time to do your own internal DNS, all the parts are in place…
OPNsense & NethServer…
My Home PIHole use only these two.
And ALL Internet resolutions work…

My 2 cents
Andy

Even with my own internal DNS I think a misconfigured piHole would have the same symptoms… piHole itself is configured with 1.1.1.1 as its dns upstream server and that works, as I can get a correct reply when pinging from pihole console. But for some reason piHole gave wrong answer to its dns clients if they queried for gmail-smtp-in.l.google.com. I think there must be some problematic block lists? I have 3’660’820 domains blocked

Actually looking in piHole/Tools/Query Lists I found the following list containing the said domain:
https://v.firebog.net/hosts/Airelle-hrsk.txt

@Elleni

I think as you’re using a Google DNS, and also, PI does block certain Google Trackers…
That’s why I use my own DNS.
AD - no issues
Any Internet resolution . also no issues!

I also do not allow eg mailservers to use the PI-Hole…

My PI-Hole @Home:

Bildschirmfoto 2021-03-22 um 23.16.082512×1474 418 KB

Bildschirmfoto 2021-03-22 um 23.16.361998×632 196 KB

Bildschirmfoto 2021-03-22 um 23.16.251980×1460 531 KB

192.168.31.1 = OPNsense / Firewall
192.168.31.20 = NethServer
192.168.31.11 = NethServer AD

Any misconfigured DNS can give problems, ranging from minor headaches to major eruptions from dormant volcanos, eg Client or Boss…

Note: A PI-Hole is not a real DNS Server - and can’t be one. But: It acts as DNS Server for client hosts, and that’s what counts here!

My 2 cents
Andy

I use 1.1.1.1 (CloudFlare) as upstream dns not google as I trust those

Still, it’s not your own…
It’s APNIC, run by Cloudflare.

Why use ANY upstream at all?
A DNS is essentially also a tracker…

Well thats not really the point here, as my prob. is not the upstream dns server, but the blocklists. In my opinion even if I would use my own dns server, the problem would persist as long as I don’t either whitelist the needed mx records for google or identify and delete problematic blocklists.

As said:

I also do not allow eg mailservers to use the PI-Hole…

A car without monitoring, eg:

• No speedometer
• No tank indicator

First time on the highway your gas runs out means you lose your ticket (Here in Switzerland!).
No driving anymore… Not daily business?

Seeing too many problems with that at the moment, but that’s only my opinion…

I am already using it for IP based blocking, but also still hesitating for dns, thus piHole stays for some time

Still seeing too many issues with people adding / fiddling with certain lists…

As said, a lot of lists do have issues. If you can’t download it (2 tries!), it’s Bullsh*t.
Move it to the Bitbucket (Trash it!)…

From the logs gmail-smtp-in.l.google.com seems to be resolving to 0.0.0.0 ?

dig gmail-smtp-in.l.google.com
dig @8.8.8.8 gmail-smtp-in.l.google.com

Edit to add, that I now don’t use/trust cloudflare anymore and while the best solution would be to create our own dns upstream server with unbound the next best solution for us is to use quad9 who moved to switzerland