On 25/08/2025 02:26, Viktor Dukhovni via mailop wrote:
On Sun, Aug 24, 2025 at 07:39:17PM +0100, Simplelists - Andy Beverley via
mailop wrote:
delivery102.simplelists.com. IN A 91.234.234.172
I've just checked now and interestingly the deliveries to the same Gmail
server immediately before and immediately after succeeded. If it had been an
actual DNS error I would have expected more than one failure because of
caching (although who knows what's the other side of that single IP
address):
Does the system in question have just one source IP address? Or is
possible that some deliveries appear to the receiving systems to
originate from different IPs than do others?
The server in question has several outbound IP addresses. However, I
checked each of those 3 example deliveries and they were all sent using
the same IP address.
If the IP address is sure to have been the same, and *all* your
nameservers had consistent zone content at that time, then perhaps
there's a bug.
Never say never, but I can't see how the zone content could have changed
on this occasion. It's in a database that rarely changes and there
certainly weren't any manual updates.
Had the relevant DNS queries resulted in timeouts or other transient
lookup problems, and the remote MTA were Postfix, the reject code would
have been a 4XX. I don't know that Gmail gets this right, but I'd be
surprised if they got it wrong, that'd be a serious bug, worth
contacting their engineering team about.
Anyone have a contact...?
I do have a contact on the Google mail team, but first let's be sure to
rule out any issues on your end. I'd like to recommend monitoring of
the correctness of the zone data by issuing regular (say every 5
minutes) queries checking the FCrDNS consistency of all your outbound
MTA source IPs at each of the nameservers IP addresses, and over all
available transports (UDP, TCP, DoT, ...).
Okay, I'm running a test now every minute.
Also, how frequently do you see this type of reject?
I've just run a check on that particular server: there were 7 such
bounces out of ~2.5m successful deliveries to Gmail. So very much an
edge case.
We've only seen this recently, and interestingly all 7 of those bounces
happened on the hour (not the same hour).
Many thanks,
Andy
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
