CSF Blocking Email From Gmail

2 posts Page 1 of 1
joegold100
Junior Member
Posts: 2
Joined: 09 Nov 2018, 23:31


I've decided to start a new thread because I haven't seen any current working solution, or activity on older threads regarding this issue.

I have spent countless hours over the last 3 months trying to solve this issue with email that is getting blocked which comes from Gmail:

DNS Error: 91335 DNS type 'mx' lookup of localinternetads.com responded with code SERVFAIL

I've read through 3 dozen CSF forum threads, as well as many more on cPanel. I've also asked cPanel support to look at the issue too, and no one can come up for a valid reason on why this is happening or how to fix it.

We've also setup a script to search for Google SMTP IP's and we compare/add/remove them on 24 hour basis to CSF ignore list.

The fact remains when CSF is active and I check DNS using https://intodns.com/localinternetads.com I see:

- Missing nameservers reported by your nameservers
- Mismatched NS records
- SOA record - No valid SOA record came back!
- MX Records Oh well, I did not detect any MX records so you probably don't have any and if you know you should have then they may be missing at your nameservers!

When I shut CSF off, I don't see any of these issues. We thought previously that because we have a few countries blocked like China, North Korea, etc, that this was somehow causing the issue. However, I see that IntoDNS is reporting this server provided the DNS lookup info: "h.gtld-servers.net was kind enough to give us that information. "

When I lookup h.gtld-servers.net I see that it is located in Virginia so there should be no reason it can't get these records.

When I check with https://mxtoolbox.com/SuperTool.aspx?ac ... n=toolpage even with CSF on, there are no DNS issues.

This is driving me nuts.

What in CSF is blocking DNS/MX records from lookup from Gmail & IntoDNS?

If anyone can help, it would be greatly appreciated.

Thank you,

Joe
joegold100
Junior Member
Posts: 2
Joined: 09 Nov 2018, 23:31


I just wanted to post an update to this issue. After a year of battling with this on 4 different servers with CSF, including help from 4 different support techs at cPanel/WHm, and trying at least a dozen "fixes" from numerous posts all over the internet, I was able to resolve the issue myself.

Here is what was happening:

1) Gmail is doing a DNS/MX lookup every time they try to deliver an email to the server
2) When a large volume of email from gmail comes in at a time, the repeated lookups cause the CSF to think it is an attack and bans their SMTP IP.
3) adding googles SMTP ip's to CSF ignore did not work since their IP's changes on a daily and weekly basis.

Solution:

This is probably not the best solution for everyone but I've made this change on (4) different domains that were having problems. All domains hosted using WHM and the servers are AWS Ec2 with CSF installed:

1) Instead of directing the domain to use the servers name servers, I changed them to use GoDaddy's name servers & DNS.
2) Copied and rebuilt the DNS from each domain (from zone edit in WHM) on the server into Godaddy's DNS manager.

That's it. It took about 2 mins for the DNS on Godaddy to be live. I then did a lookup on intodns and mx toolbox and all issues were resolved. We contacetd 8 different customers who were unable to deliver email from gmail to these domains and all were able to successfully deliver email again. This has now been running for 2 weeks without any more delivery issues or customer complaints.

I hope this helps someone else who is experiencing these problems.
2 posts Page 1 of 1