Not working from specific e-mail domain

[adam3smith]

We're testing this out for our private repo https://github.com/QualitativeDataRepository/Deposit-Prospects/
I've set the service up from my github account and I tried creating issues sending from several email addresses. Creating issues works for the most part, but fails for the Microsoft Exchange administered emails we send from the syr.edu domain, including [email protected] . Any ideas on how to troubleshoot this?

[adam3smith]

To add:
The first email just bounced with this message:

Delivery is delayed to these recipients or groups:
@fire.fundersclub.com.herokudns.com
Subject: Testing Bot
This message hasn't been delivered yet. Delivery will continue to be attempted.

Diagnostic information for administrators:
Generating server: mx.syr.edu

@fire.fundersclub.com.herokudns.com
fire.fundersclub.com.herokudns.com
Remote Server returned '554 5.4.0 <fire.fundersclub.com.herokudns.com #4.4.1>'

Original message headers:
etc.

[antonelepfl]

I have the same issue. Only with Exchange I reach the issue. Any news on this?

[thomasmerz]

I have the same problem when sending e-mails from my private domain (hosted at strato.de) to @fire-bot - but not when sending from my work account (a more "reputated" domain than my private domain).
❓ What's the reason that some domains are "more equal" than others? 😞 @FundersClub

   Letzter Fehler   : 451 4.4.1 
   Erklärung: Connection refused by fire.fundersclub.com.herokudns.com
   Letzter Weiterleitungsversuch war: Sonntag, 28. Februar 2021 13:02:27 +0100 (CET)

   Mitschnitt der Session:
   ... während des  Weiterleitungsversuches zu fire.fundersclub.com.herokudns.com [3.212.138.198]:
   >>> CONNECT fire.fundersclub.com.herokudns.com [3.212.138.198]
   <<< 451 4.4.1 Connection refused by fire.fundersclub.com.herokudns.com

[eranrund]

It is weird that your server is trying to connect to fire.fundersclub.com.herokudns.com for email delivery, since this is not what our MX record specifies:
fire.fundersclub.com mail exchanger = 1 mx.sendgrid.net.

I am not sure what would cause that.

[thomasmerz]

I had a look on my machines regarding the MX record per host:

Mails from "germany" and "finland" sent to @fire-bot won't be send via the right MX.
"apple" and "chameleon" can send and use @fire-bot.

🇩🇪  ✔ ~ [master|✔]
09:34 # dig fire.fundersclub.com MX|grep MX
; <<>> DiG 9.11.3-1ubuntu1.14-Ubuntu <<>> fire.fundersclub.com MX
;fire.fundersclub.com.		IN	MX
🇩🇪  ✔ ~ [master|✔]

🇫🇮  ✔ ~ [master|✔]
09:36 # dig fire.fundersclub.com MX|grep MX
; <<>> DiG 9.16.1-Ubuntu <<>> fire.fundersclub.com MX
;fire.fundersclub.com.		IN	MX
fire.fundersclub.com.	300	IN	MX	1 mx.sendgrid.net.
🇫🇮  ✔ ~ [master|✔]

🍏 ✔ [81%] ⚡ 🌱🍃🐣🌸 Thomas.Merz@dm-C02CGH01MD6M:~ [ttys002/4009]
09:36 $ dig fire.fundersclub.com MX|grep MX
; <<>> DiG 9.10.6 <<>> fire.fundersclub.com MX
;fire.fundersclub.com.		IN	MX
fire.fundersclub.com.	60	IN	MX	1 mx.sendgrid.net.
🍏 ✔ [81%] ⚡ 🌱🍃🐣🌸 Thomas.Merz@dm-C02CGH01MD6M:~ [ttys002/4010]

🦎🖥  thomas@merz-nimbus:~ [0/6271]
09:37 $ dig fire.fundersclub.com MX|grep MX
; <<>> DiG 9.16.6 <<>> fire.fundersclub.com MX
;fire.fundersclub.com.		IN	MX
🦎🖥  thomas@merz-nimbus:~ [0/6272]

[thomasmerz]

All hosts are running Pihole with the same upstream DNS resolvers 🤔
So I doublechecked on one hosts:

🇩🇪  ✔ ~ [master|✔]
09:44 # dig @1.1.1.1 fire.fundersclub.com MX

; <<>> DiG 9.11.3-1ubuntu1.14-Ubuntu <<>> @1.1.1.1 fire.fundersclub.com MX
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9897
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;fire.fundersclub.com.		IN	MX

;; ANSWER SECTION:
fire.fundersclub.com.	197	IN	MX	1 mx.sendgrid.net.

;; Query time: 4 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue Mar 02 09:46:22 CET 2021
;; MSG SIZE  rcvd: 80

🇩🇪  ✔ ~ [master|✔]
09:46 # dig @localhost fire.fundersclub.com MX

; <<>> DiG 9.11.3-1ubuntu1.14-Ubuntu <<>> @localhost fire.fundersclub.com MX
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5324
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;fire.fundersclub.com.		IN	MX

;; ANSWER SECTION:
fire.fundersclub.com.	300	IN	CNAME	fire.fundersclub.com.herokudns.com.

;; AUTHORITY SECTION:
herokudns.com.		10	IN	SOA	dns1.p05.nsone.net. hostmaster.nsone.net. 1614674756 600 900 1209600 10

;; Query time: 21 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Mar 02 09:46:23 CET 2021
;; MSG SIZE  rcvd: 159

🇩🇪  ✔ ~ [master|✔]
09:46 #

Seems to be a problem on my site(s) regarding Pihole getting "wrong" MX records sometimes or from some upstream DNS resolvers ❓
Or a problem on one of these upstreams DNS resolvers which might also be of interest to you❓

OpenDNS (ECS, DNSSEC);208.67.222.222;208.67.220.220;2620:119:35::35;2620:119:53::53
DNS.WATCH;84.200.69.80;84.200.70.40;2001:1608:10:25:0:0:1c04:b12f;2001:1608:10:25:0:0:9249:d69b
Quad9 (filtered, DNSSEC);9.9.9.9;149.112.112.112;2620:fe::fe;2620:fe::9
Quad9 (unfiltered, no DNSSEC);9.9.9.10;149.112.112.10;2620:fe::10;2620:fe::fe:10
Quad9 (filtered + ECS);9.9.9.11;149.112.112.11;2620:fe::11;2620:fe::fe:11
Cloudflare;1.1.1.1;1.0.0.1;2606:4700:4700::1111;2606:4700:4700::1001
AdGuard DNS (default);94.140.14.14;94.140.15.15;2a10:50c0::ad1:ff;2a10:50c0::ad2:ff
AdGuard DNS (family);94.140.14.15;94.140.15.16;2a10:50c0::bad1:ff;2a10:50c0::bad2:ff
NextDNS;45.90.28.39;45.90.30.39;2a07:a8c0::61:fbae;2a07:a8c1::61:fbae```

[thomasmerz]

Further investigation regarding some DNS resolvers that I use(d):

🦎🖥  ✔ ~/dev/docker-pi-hole/etc-pihole [master|✚ 1…3]
22:29 $ for r in $(cat dns-servers.conf|cut -d ";" -f2,3|tr ";" " "); do echo $r; dig @$r fire.fundersclub.com MX|grep MX|grep -v ^\; ; echo "---" ; done
208.67.222.222
fire.fundersclub.com.	182	IN	MX	1 mx.sendgrid.net.
---
208.67.220.220
fire.fundersclub.com.	182	IN	MX	1 mx.sendgrid.net.
---
84.200.69.80
---
84.200.70.40
---
9.9.9.9
---
149.112.112.112
---
9.9.9.10
fire.fundersclub.com.	281	IN	MX	1 mx.sendgrid.net.
---
149.112.112.10
---
9.9.9.11
fire.fundersclub.com.	300	IN	MX	1 mx.sendgrid.net.
---
149.112.112.11
fire.fundersclub.com.	300	IN	MX	1 mx.sendgrid.net.
---
1.1.1.1
fire.fundersclub.com.	165	IN	MX	1 mx.sendgrid.net.
---
1.0.0.1
fire.fundersclub.com.	165	IN	MX	1 mx.sendgrid.net.
---
94.140.14.14
---
94.140.15.15
---
94.140.14.15
fire.fundersclub.com.	280	IN	MX	1 mx.sendgrid.net.
---
94.140.15.16
fire.fundersclub.com.	279	IN	MX	1 mx.sendgrid.net.
---
45.90.28.39
fire.fundersclub.com.	182	IN	MX	1 mx.sendgrid.net.
---
45.90.30.39
fire.fundersclub.com.	182	IN	MX	1 mx.sendgrid.net.
---
🦎🖥  ✔ ~/dev/docker-pi-hole/etc-pihole [master|✚ 1…3]

It seems that some DNS resolvers are overshooting the target 😞

[thomasmerz]

I was able fix it at my Pihole(s) by this "hack" from https://discourse.pi-hole.net/t/let-specific-clients-bypass-pi-hole-in-ftldns-was-working-with-dnsmasq/14005/3 👍🏻

🦎🖥  ✔ ~/dev/docker-pi-hole [master|✚ 1…3]
23:04 $ cat etc-dnsmasq.d/05-pihole-custom-cname.conf
# https://discourse.pi-hole.net/t/let-specific-clients-bypass-pi-hole-in-ftldns-was-working-with-dnsmasq/14005/3
# after changing: pihole pihole restartdns reload-lists

# Change these lines if you want dnsmasq to serve MX records.

# Return an MX record named "maildomain.com" with target
# servermachine.com and preference 50
#mx-host=maildomain.com,servermachine.com,50
mx-host=mx.sendgrid.net,fire.fundersclub.com,1

🦎🖥  ✔ ~/dev/docker-pi-hole [master|✚ 1…3]
23:05 $ dig @localhost fire.fundersclub.com MX|grep MX|grep -v ^\;
fire.fundersclub.com.	170	IN	MX	1 mx.sendgrid.net.
🦎🖥  ✔ ~/dev/docker-pi-hole [master|✚ 1…3]
23:05 $

[thomasmerz]

@adam3smith , do you have the same problem as I had? Some DNS resolvers that mess up CNAMEs for MX record for fire.fundersclub.com?

[thomasmerz]

BTW:
I'm sorry, but e-mail was not working fine enough for me. I now use GitHub CLI for creating (and editing and managing) my issues on GitHub.