Email Service Breaks when IPv4/IPv6 Proxied

We recently moved our DNS to Cloudflare, got all the DNS records set up, and things worked great. But we soon discovered that our site’s contact forms and semdmail in general (we use php) were broken. The site is on a dedicated server with its dedicated IPv4 and IPv6 addresses. After some investigation, we discovered that sendmail on the server is returning the following error message from Google (we use Google’s G Suite for our email):

“Our system has detected that this message does not meet IPv6 sending guidelines regarding PTR records and authentication. Please review https://support.google.com/mail/?p=IPv6AuthError for more information.”

The site needs to be accessible both via IPv4 and IPv6. When we created the DNS records on Cloudflare, we added one A record for the IPv4 and one AAAA record for IPv6 - both proxied.

When we turned the proxies off, the email service on the sever went back to normal and worked fine.

Have we missed any setting as we would like to have the advantage of the site being proxied?

Any insight will be much appreciated.

When i unterstand you correctly your Email Records are showing to a proxied record? When this is the case you need to make a seperate unproxied Record for your Email Server. Cloudflare doesnt proxy Emails. Thus, the receiving server sees a different IP address connection instead of the Cloudflare IP it sees in the DNS and blockes the Connection

Thank you for your response. Yes we did note that Cloudflare does not proxy email and we did have 5 MX records created for our email and are all un-proxied as shown below:

But for some odd reason, as mentioned before, when our A record for the domain and AAAA record for IPv6 are proxied, the contact form on the server break. But otherwise, all emails do work. Any ideas why this might be happening?

Is the error you are getting when you send mail to users of Google’s mail service, or when you attempt to relay?

https://support.google.com/a/answer/2956491?hl=en

If this is WordPress, I strongly recommend this plugin:

1 Like

Thank you for the suggestion. We are not using WP. We use PHP, LAMP stack.

As the other responses indicated, it sounds like your system is trying to connect to a proxied hostname to send mail.

You have two options:

  1. Sign up for an external email relay, and configure your system to connect to that instead.
  2. Create an unproxied ‘mail’ hostname that points to your server, and use that hostname to send mail.

Thanks again. Do we create unproxied ‘mail’ hostname that points to our server with another party besides cloudflare.

Also is this what WP Mail SMTP by WPForms does? Curious how they go about this issue?

It’s just another hostname in your DNS here that points to the same server as ‘www’ or the apex domain.

It intercepts WordPress’s mail function and redirects sending mail using whatever protocol and authentication the various services use. It could be basic SMTP authentication (username/password) at a mail host, or an API endpoint with a key.

It’s just another hostname in your DNS here that points to the same server as ‘www’ or the apex domain.

Is the second row in our DNS records here what you are referring to?

While I’m not familiar with sendmail, most MTAs have an option to use a smart relay feature, where it will log into your mail server (in this case, Google) as a client and send mail using an assigned email account instead of sending mail to the mail server. This should only carry the restrictions that come with clients.

You could also use the same feature with a different service, such as Mailgun, Sendgrid, SES, etc.

I’ve used a very lightweight package called nullmailer that only does this service, which is sometimes referred as “null client”.

Also, do you have the PTR record configured for the server’s IP addresses?

Of course, the activist in me wants to just politely remind you that the service you are paying for, Google Workspace, is causing problems with a very basic server functionality - you could always consider using a different mail provider. :wink:

Just to note, keep in mind, Google mail servers to not have rDNS/PTR record, and you would always have some issues regarding it when sending e-mails to some recipients if their mail server is configured to drop/reject the incomming if it does not contain a valid PTR record.

+1 @sdayman alrady pointed out which plugin you should use.

Decide if your WordPress forms should use your web server’s IP and mail to send out mails to your inbox, or configure Google one’s to do it.

Regarding the G Suite account, you would need Oauth:

@sdayman great point as already stated using a hostname regarding the MX record and IPv6 by RFC 1035 (RFC 1035 - Domain names - implementation and specification), see by an example:

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.