Reporting-MTA: dns; hostname.ourdomain.tld X-Postfix-Queue-ID: F3D6980D3870 X-Postfix-Sender: rfc822; sender@ourdomain.tld Arrival-Date: Mon, 22 Mar 2021 16:26:39 +0100 (CET) Final-Recipient: rfc822; address@gmail.com Original-Recipient: rfc822;adress@gmail.com Action: failed Status: 5.4.6 Diagnostic-Code: X-Postfix; mail for gmail.com loops back to myself
Relevant part in maillog:
warning: host gmail-smtp-in.l.google.com[0.0.0.0]:25 greeted me with my own hostname nethmailserverhostname.internaldomain.tld
warning: host gmail-smtp-in.l.google.com[0.0.0.0]:25 replied to HELO/EHLO with my own hostname nethmailserverhostname.internaldomain.tld
F3D6980D3870: to=gmailuser@gmail.com, relay=gmail-smtp-in.l.google.com[0.0.0.0]:25, delay=0.22, delays=0.15/0.01/0.06/0, dsn=5.4.6, status=bounced (mail for gmail.com loops back to myself)
It has to do with dns resolution. Changing the dns setting on my mail-nethserver to 1.1.1.1 solved the problem. So piHole configured as dns server for this neth-mailserver is causing this. Adding gmail-smtp-in.l.google.com in Whitelist of said piHole lets the nethserver get correct reply for ping thus mail is successfully delivered to gmailbox.
Maybe it’s really time to do your own internal DNS, all the parts are in place…
OPNsense & NethServer…
My Home PIHole use only these two.
And ALL Internet resolutions work…
Even with my own internal DNS I think a misconfigured piHole would have the same symptoms… piHole itself is configured with 1.1.1.1 as its dns upstream server and that works, as I can get a correct reply when pinging from pihole console. But for some reason piHole gave wrong answer to its dns clients if they queried for gmail-smtp-in.l.google.com. I think there must be some problematic block lists? I have 3’660’820 domains blocked
I think as you’re using a Google DNS, and also, PI does block certain Google Trackers…
That’s why I use my own DNS.
AD - no issues
Any Internet resolution . also no issues!
I also do not allow eg mailservers to use the PI-Hole…
Well thats not really the point here, as my prob. is not the upstream dns server, but the blocklists. In my opinion even if I would use my own dns server, the problem would persist as long as I don’t either whitelist the needed mx records for google or identify and delete problematic blocklists.
Edit to add, that I now don’t use/trust cloudflare anymore and while the best solution would be to create our own dns upstream server with unbound the next best solution for us is to use quad9 who moved to switzerland