We help IT Professionals succeed at work.

Exchange 2016 getting bounce backs from google

TechGuy_007
TechGuy_007 asked
on
142 Views
Last Modified: 2017-07-11
Exchange 2016 getting bounce backs from google:

mx.google.com gave this error:
[2601:40d:8001:dc00:5436:c102:4af2:5c68] Our system has detected that this message does not meet IPv6 sending guidelines regarding PTR records and authentication. Please review https://support.google.com/mail/?p=IPv6AuthError for more information . f10si1906405ioi.62 - gsmtp

I cannot figure this out for the life of me. If it's as simple as a radio box I might just cry. lol
Comment
Watch Question

Team Lead RRS Desk
Top Expert 2016
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
Edward PamiasTeam Lead RRS Desk
Top Expert 2016

Commented:
Of course the information above is not for your site but maybe it will help you resolve your problem.
Adam BrownCloud Security Consultant
CERTIFIED EXPERT
Top Expert 2010

Commented:
You basically need to contact your ISP and ask them to add a PTR record for your mail server's IP address that matches either your domain or your mail server's name. Essentially, Google's system is doing a reverse IP lookup on your IP and finding the PTR record doesn't match your domain, then refusing the connection because they expect it to be spam.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Agreed

1. Goto http://www.dnsstuff.com/tools

2. Under DNS Lookup, type the full URL your mail server hostname... say mail.domain.com

3. In the pull down menu of "Choose a DNS Record type" select PTR and click the blue triangle button next to the input field of the full URL your mail server hostname.

Author

Commented:
I called the ISP and they had the wrong static ipv4 and ipv6 information. I had them setup reverse DNS. I'm waiting the 24-48 hrs to see if it is resolved.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
You should be fine after reverse DNS setup.

Author

Commented:
Unfortunately. The reverse DNS was setup, but I am still experiencing errors.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
http://www.dnsstuff.com/tools

Post back the results on running the tool as mentioned in my previous comment.

Author

Commented:
Target      smtp.stealthmgt.com
Timeout Value      1 (default)
Your Overall Score      Lookup failed
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Did your ISP charge you for Reverse SMS lookup?

Your result Indicates reverse DNS lookup is not yet made.

Author

Commented:
no
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Then, they are not obliged to help you at all. Setup of Reverse DNS lookup is not free as a lot of re-coding work at ISP side needs to be done.

Author

Commented:
the ipv4 is good to go. the ipv6 is not. i've checked the records on MXtoolbox.com and it will show for the a record but not the AAAA
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
There is nothing can be done on the matter and your only way out is to discuss with your ISP.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Google will not entertain you just to give you an exception for no proper reverse DNS setup and they will just think that you are a SPAM source.

Author

Commented:
Yeah, I called the ISP again and am awaiting a callback from tier 2

Author

Commented:
ptr record is setup but bounce backs are still occuring
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
http://www.dnsstuff.com/tools

Post back the results on running the tool as mentioned in my previous comment.

Author

Commented:
@Jackie_man your tool keeps failing. But when i run a reverse lookup on mxtoolbox, it shows my ptr being correct.
error-1.png
Adam BrownCloud Security Consultant
CERTIFIED EXPERT
Top Expert 2010

Commented:
All of this is a lot easier to deal with if you use a cloud based spam filter and send your outgoing email through that. They generally take care of the reverse DNS and SPF issues. Also, do you have SPF set up on your public DNS to include your IPv6 record?

Author

Commented:
I have it running through barracuda cloud spam filter. i think i have it figured out FINALLY.
Adam BrownCloud Security Consultant
CERTIFIED EXPERT
Top Expert 2010

Commented:
Just a note here...Based on google's guidelines, not having an SPF record or DKIM configured will cause the issue you see here. You'll also need to make sure you aren't black-listed. That said, sending mail out from Barracuda is a better solution, since it provides you with better mail security.