Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


fixitnow

1 post

Wannabe Geek


#285953 27-May-2021 15:55
Send private message

Hi All

 

We run a small business with our internal mail server and a fortigate FW.

 

When clients send us emails using their free Gmail, some of these Gmails are received in by us, delayed from 10 minutes to 72 hours.

 

I have analyzed the headers for these delayed Gmail received in on Google admin tool box.

 

The GMail servers IP address the delayed emails come in from are  in the  range 209.85.221.40 to 209.85.221.55

 

GMails originating from these GMail IP addresses are literally stuck in the GMail server. Once they are sent from the GMail after spending the delay time on the GMail server, we receive them in about 1 to 2 seconds into our system.

 

We have gone outside our scope and have whitelisted all GMail addresses' as wild card, we do not check the sending ip address on any RBL list.

 

We have also whitelisted the ip addresses listed above.

 

We have tried using our staff Gmails addresses from their mobile phone ( 4G) , from remote work places etc. this is the same result continually.

 

Almost all of the IP addresses listed above are in one or more RBL lists ( however we do not check any RBL lists )

 

We are taking the onus to work this out, since these free GMail user clients of ours are small shop owners and individuals who are our business clients.

 

Seeking any ideas/suggestions, other possibilities to try,  to overcome this annoyance.

 

Thank you

 

 

 

 

 

 


Create new topic
michaelmurfy
/dev/ttys0
11021 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2714012 27-May-2021 17:06
Send private message

fixitnow:

 

We run a small business with our internal mail server and a fortigate FW.

 

This is your problem. If your business depends on reliable email then you need to consider moving this to the cloud yourself. Migrating to Office 365 or Google Workspace is what you likely need to do to properly resolve this.

Until then, you can honestly expect to have random email issues. You're not saving any money by having your mail server on-prem when you consider cost of maintenance and dealing with problems such as this.





Michael Murphy | https://murfy.nz | https://keybase.io/michaelmurfy - Referral Links: Sharesies | Electric Kiwi
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation.


Affiliate link
 
 
 

Affiliate link: Norton Secure VPN helps secure private information using bank-grade encryption when using public Wi-Fi on your PC, Mac, or mobile device.
Dynamic
3403 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2714022 27-May-2021 17:20
Send private message

I only 97% agree with michaelmurphy.  I enjoyed running mail servers in the past.  Nowadays, its nice not to have the bother as I have better things to do with my time.  Receiving is typically fine for an in-house mail server but sending can be problemmatic.  IMHO if you 'just need email to work', outsourcing it to a reputable provider is your best bet.  We use 365.

 

As to the issue.... if you send an email from a gmail account to your work address AND a personal email address (on a different server that is not gmail), does the email arrive in the second location immediately or have the same delay?  Assuming it arrives immediately, does your Fortigate see a connection attempt at the same time?  You might need to turn logging up to 11.  What about the Exchange SMTP connector?  Again you will need to look at the SMTP logs, and may need to turn these up.  

 

I'm wondering if it is a TLS issue... though I would guess that would break email completely, not just delay it.





“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

 

Referral links to services I use, really like, and may be rewarded if you sign up:
PocketSmith for budgeting and personal finance management.  A great Kiwi company.


freitasm
BDFL - Memuneh
74152 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2714976 29-May-2021 10:22
Send private message

I've seen cases where GMail SMTP servers were blacklisted but that didn't affect mail flow as some server won't actually check for GMail, Google Workspace and Office 365 as that would impact millions of users. 

 

In one recent case Office 365 was refusing to accept emails from Google Workspace because of the HTML-based signature. 

 

What I mean here is that the cause may elude even seasoned users. 

 

Good pointers above about TLS - you have a firewall there. Do you have a TLS-capable mail server? Is the certificate still valid (because if not, then Google will drop it instead of trying again)? Are you doing a MITM on your firewall and perhaps screwing up with the certificate or the TLS handshake?   





Support Geekzone by subscribing, making a donation. or using one of our referral links: Sharesies | Goodsync  | Mighty Ape | Backblaze | Norton 360 | Lenovo laptops 

 

freitasm on Keybase | My technology disclosure

 

 

 

 

 

 




sparkz25
750 posts

Ultimate Geek
Inactive user


  #2714990 29-May-2021 10:47
Send private message

For what is worth, I would look at migrating away from a hosted mail server and you will see less of these issues.

 

as @michaelmurphy has said, "You're not saving any money by having your mail server on-prem when you consider the cost of maintenance and dealing with problems such as this."

 

Offie 365 would be my go-to for ease of use, after the last exchange issue due to lack of patching that was widespread I was glad that we had all of our clients in 365.

 

The time and effort that you are taking to look into this would have already possibly paid for 4-5 months for 5 Mailboxes in 365 at a base rate of $200hr, and this isn't even including power costs and your time to patch this server.

 

Just look at the 365 pricing it is cheap!

 


freitasm
BDFL - Memuneh
74152 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2714992 29-May-2021 10:50
Send private message

You can go even cheaper if it's Exchange only (no OneDrive and SharePoint).





Support Geekzone by subscribing, making a donation. or using one of our referral links: Sharesies | Goodsync  | Mighty Ape | Backblaze | Norton 360 | Lenovo laptops 

 

freitasm on Keybase | My technology disclosure

 

 

 

 

 

 


BlakJak
949 posts

Ultimate Geek

Trusted

  #2715612 30-May-2021 18:18
Send private message

michaelmurfy:

fixitnow:

 

We run a small business with our internal mail server and a fortigate FW.

 

This is your problem. If your business depends on reliable email then you need to consider moving this to the cloud yourself. Migrating to Office 365 or Google Workspace is what you likely need to do to properly resolve this.

Until then, you can honestly expect to have random email issues. You're not saving any money by having your mail server on-prem when you consider cost of maintenance and dealing with problems such as this.

 

 

Running your own mail server is not the problem. It's a choice, but it's not the problem - your answer is not technically correct.

 

 

If OP has persistent problems with email from Gmail and can't find any evidence that their end is causing it, then they should raise an issue with Google and get some feedback. Of course no garuntees they'll talk to them, but if they're not even trying to deliver the email, the problem is not at the recipients end.

 

 

Assuming the recipient domain has other good measures in place like SPF, DKIM and DMARC of course.

 

 

Another solution would be to front the mail delivery with a cloud mail scrubbing service such as SMX. This'd be an elegant way of mixing a cloud-based solution with continuing to be able to run on-prem if they so desire.

 

 

Yes there are other overheads associated with the on-prem server and one should make deliberate decisions around the ROI of continuing to operate one vice going into the cloud with services such as M365 - however, 365 has not been immune from issues especially this year, and there may be other reasons that on-prem makes good sense. Those reasons are slowly becoming less defendable, but it's not fair to say that the problems that OP reports are caused by the use of an on-prem server.




No signature to see here, move along...

Create new topic





News and reviews »

Samsung Introducing Galaxy Z Flip4 and Galaxy Z Fold4
Posted 11-Aug-2022 01:00


Samsung Unveils Health Innovations with Galaxy Watch5 and Galaxy Watch5 Pro
Posted 11-Aug-2022 01:00


Google Bringing First Cloud Region to Aotearoa New Zealand
Posted 10-Aug-2022 08:51


ANZ To Move to FIS Modern Banking Platform
Posted 10-Aug-2022 08:28


GoPro Hero10 Black Review
Posted 8-Aug-2022 17:41


Amazon to Acquire iRobot
Posted 6-Aug-2022 11:41


Samsung x LIFE Picture Collection Brings Iconic Moments in History to The Frame
Posted 4-Aug-2022 17:04


Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media
Posted 4-Aug-2022 16:50


Microsoft Announces New Solutions for Threat Intelligence and Attack Surface Management
Posted 3-Aug-2022 21:54


Seagate Addresses Hyperscale Workloads with Enterprise-Class Nytro SSDs
Posted 3-Aug-2022 21:50


Visa Launching Eco-friendly Payment Solutions in New Zealand
Posted 3-Aug-2022 21:48


NCR Delivers Services to Run Bank of New Zealand ATM Network
Posted 30-Jul-2022 11:06


New HP Portfolio Supports New Era of Hybrid Work
Posted 28-Jul-2022 17:14


Harman Kardon Launches Citation MultiBeam 1100 Soundbar
Posted 28-Jul-2022 17:10


Nanogirl Labs Launches Creator Project
Posted 28-Jul-2022 17:05









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







Backblaze unlimited backup