Exchange 2016 getting bounce backs from google

TechGuy_007
TechGuy_007 used Ask the Experts™
on
Exchange 2016 getting bounce backs from google:

mx.google.com gave this error:
[2601:40d:8001:dc00:5436:c102:4af2:5c68] Our system has detected that this message does not meet IPv6 sending guidelines regarding PTR records and authentication. Please review https://support.google.com/mail/?p=IPv6AuthError for more information . f10si1906405ioi.62 - gsmtp

I cannot figure this out for the life of me. If it's as simple as a radio box I might just cry. lol
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Team Lead RRS Desk
Top Expert 2016
Commented:
There is no crying in baseball! Oh sorry wrong movie reference.   See below.... I found this on another site...



From Google's point of view, they are trying to verify the identity of the IP address connecting to them, so they will attempt to look up the PTR record for 2a01:4f8:212:27c8::2.

When they resolve that to staging.findix.com, they will then attempt to check that this resolves back to 2a01:4f8:212:27c8::2 - which it doesn't - see this lookup result.

Reverse (PTR record) Lookup

cwatson@thor:~$ nslookup 31.220.4.52
Server:     127.0.0.1
Address:    127.0.0.1#53

Non-authoritative answer:
52.4.220.31.in-addr.arpa    name = tyr.vikingserv.net.

Forward (A record) Lookup

cwatson@thor:~$ nslookup tyr.vikingserv.net
Server:     127.0.0.1
Address:    127.0.0.1#53

Non-authoritative answer:
Name:   tyr.vikingserv.net
Address: 31.220.4.52
Edward PamiasTeam Lead RRS Desk
Top Expert 2016

Commented:
Of course the information above is not for your site but maybe it will help you resolve your problem.
Adam BrownSenior Systems Admin
Top Expert 2010

Commented:
You basically need to contact your ISP and ask them to add a PTR record for your mail server's IP address that matches either your domain or your mail server's name. Essentially, Google's system is doing a reverse IP lookup on your IP and finding the PTR record doesn't match your domain, then refusing the connection because they expect it to be spam.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Jackie Man IT Manager
Top Expert 2010

Commented:
Agreed

1. Goto http://www.dnsstuff.com/tools

2. Under DNS Lookup, type the full URL your mail server hostname... say mail.domain.com

3. In the pull down menu of "Choose a DNS Record type" select PTR and click the blue triangle button next to the input field of the full URL your mail server hostname.

Author

Commented:
I called the ISP and they had the wrong static ipv4 and ipv6 information. I had them setup reverse DNS. I'm waiting the 24-48 hrs to see if it is resolved.
Jackie Man IT Manager
Top Expert 2010

Commented:
You should be fine after reverse DNS setup.

Author

Commented:
Unfortunately. The reverse DNS was setup, but I am still experiencing errors.
Jackie Man IT Manager
Top Expert 2010

Commented:
http://www.dnsstuff.com/tools

Post back the results on running the tool as mentioned in my previous comment.

Author

Commented:
Target      smtp.stealthmgt.com
Timeout Value      1 (default)
Your Overall Score      Lookup failed
Jackie Man IT Manager
Top Expert 2010

Commented:
Did your ISP charge you for Reverse SMS lookup?

Your result Indicates reverse DNS lookup is not yet made.

Author

Commented:
no
Jackie Man IT Manager
Top Expert 2010

Commented:
Then, they are not obliged to help you at all. Setup of Reverse DNS lookup is not free as a lot of re-coding work at ISP side needs to be done.

Author

Commented:
the ipv4 is good to go. the ipv6 is not. i've checked the records on MXtoolbox.com and it will show for the a record but not the AAAA
Jackie Man IT Manager
Top Expert 2010

Commented:
There is nothing can be done on the matter and your only way out is to discuss with your ISP.
Jackie Man IT Manager
Top Expert 2010

Commented:
Google will not entertain you just to give you an exception for no proper reverse DNS setup and they will just think that you are a SPAM source.

Author

Commented:
Yeah, I called the ISP again and am awaiting a callback from tier 2

Author

Commented:
ptr record is setup but bounce backs are still occuring
Jackie Man IT Manager
Top Expert 2010

Commented:
http://www.dnsstuff.com/tools

Post back the results on running the tool as mentioned in my previous comment.

Author

Commented:
@Jackie_man your tool keeps failing. But when i run a reverse lookup on mxtoolbox, it shows my ptr being correct.
error-1.png
Adam BrownSenior Systems Admin
Top Expert 2010

Commented:
All of this is a lot easier to deal with if you use a cloud based spam filter and send your outgoing email through that. They generally take care of the reverse DNS and SPF issues. Also, do you have SPF set up on your public DNS to include your IPv6 record?

Author

Commented:
I have it running through barracuda cloud spam filter. i think i have it figured out FINALLY.
Adam BrownSenior Systems Admin
Top Expert 2010

Commented:
Just a note here...Based on google's guidelines, not having an SPF record or DKIM configured will cause the issue you see here. You'll also need to make sure you aren't black-listed. That said, sending mail out from Barracuda is a better solution, since it provides you with better mail security.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial