I've been getting (and still am) outbound emails being rejected and inbound emails never making it to me. So I've been digging into it. My hypothesis is that there is an issue occurring with DNS lookups on the SG server. The long explanation as to how I got here is below the questions.
Questions:
Has anyone checked if the SG server is correctly resolving DNS names?
Do we need to flush the DNS cache or perhaps recycle it?
Is there a hosts file that is causing problems?
The path to get to the hypothesis.
The key for me was when I sent an email from a gmail account to an SG email address. In the email message/delivery-status section (below) Google presented the 550 error in a slightly different way. The new bit I saw is shown in purple. Looking at the address in the 550 diagnostic message, it points back to google, specifically a DNS lookup shows mail-oa1-f53.google.com. Looking at other emails sent from other email domains, the address reflects the source MTA.
Reporting-MTA: dns; googlemail.com
Arrival-Date: Fri, 20 Jan 2023 19:36:41 -0800 (PST)
X-Original-Message-ID: <CALU=J0P=eNthxZZw7o_+VFZFg2ZxDxTTH9bgrCZqGAUoLphuAw@mail.gmail.com>
Final-Recipient: rfc822;
yyyyyyyy.xxxxxxxxxx@ordinaryamerican.netAction: failed
Status: 5.0.0
Remote-MTA: dns; gourmet7.spamgourmet.com.
(216.75.62.102, the server for the
domain ordinaryamerican.net.)Diagnostic-Code: smtp; 550-X-Host-Lookup-Failed: Reverse DNS lookup does not match for 209.85.160.53
550 (deferred)
Last-Attempt-Date: Fri, 20 Jan 2023 19:37:02 -0800 (PST)
The Remote-MTA, which is gourmet7, is the server generating the 550 error. The Reporting-MTA is only the server that received the error message from gourmet7. Looking at the address in the 550 diagnostic message, it points back to google, specifically a DNS lookup shows mail-oa1-f53.google.com. Looking at other emails sent from other email domains, the address reflects the source MTA. What I think is occurring is that when the email MTA that services email inbound to and outbound from SG, his requests to the DNS resolution server is getting back invalid data.
In more detail, using the example of an email coming in from gmail:
1) gmail server contacts the email server at SG.
2) the SG email server wants to verify who is sending it, so it does a reverse lookup by doing a DNS resolution.
3) the DNS resolver sends back either an error or an address that is not 209.85.160.53 (mail-oa1-f53.google.com).
I don't think the actual SG software is actually getting the opportunity to process the email.