|
|
|
|
|
|
by johnklos
444 days ago
|
|
|
The biggest problem with huge corporations is that sometimes it's next to impossible to actually communicate with them. Does anyone have any good contacts at Apple? I sent this more than two weeks ago: Date: Wed, 12 Mar 2025 22:56:55 +0000 (UTC)
From: John Klos <*******@klos.com>
To: apple.com-Admin@anonymised.email, apple.com-Tech@anonymised.email, Apple-NOC@apple.com, d*******@apple.com
Subject: Issue with Apple's SMTP delivery
Hello,
I've had several issues reported about email delivery from Apple. The error they have in common is this:
Mar 12 21:38:17 daisy sm-mta[28249]: 52CLcCoi028249: ruleset=check_mail, arg1=<*******@me.com>, relay=p-west1-cluster6-host7-snip6-8.eps.apple.com [IPv6:2a01:b747:3003:204:0:0:0:47], reject=550 4.1.8 <*******@me.com>... Access denied. HELO does not resolve. (HELO p00-icloudmta-asmtp-us-west-1a-1.p00-icloudmta-asmtp-vip.icloud-mail-carry.svc.kube.us-west-1a.k8s.cloud.apple.com)
Looking in to this, the resolution of "p00-icloudmta-asmtp-us-west-1a-1.p00-icloudmta-asmtp-vip.icloud-mail-carry.svc.kube.us-west-1a.k8s.cloud.apple.com" results in this list of MX:
mx-in.g.apple.com
mx-in-mdn.apple.com
mx-in-hfd.apple.com
mx-in-ma.apple.com
mx-in-rn.apple.com
mx-in-vib.apple.com
mx-in-rno.apple.com
mx-in-sg.apple.com
All but two of these resolve to A records.
Two of those, though, resolve to more MX:
host mx-in-rno.apple.com
mx-in-rno.apple.com mail is handled by 10 mx-in.g.apple.com.
mx-in-rno.apple.com mail is handled by 20 mx-in-vib.apple.com.
mx-in-rno.apple.com mail is handled by 20 mx-in-rno.apple.com.
mx-in-rno.apple.com mail is handled by 20 mx-in-rn.apple.com.
mx-in-rno.apple.com mail is handled by 20 mx-in-hfd.apple.com.
mx-in-rno.apple.com mail is handled by 20 mx-in-sg.apple.com.
mx-in-rno.apple.com mail is handled by 20 mx-in-mdn.apple.com.
mx-in-rno.apple.com mail is handled by 20 mx-in-ma.apple.com.
host mx-in-mdn.apple.com
mx-in-mdn.apple.com mail is handled by 20 mx-in-mdn.apple.com.
mx-in-mdn.apple.com mail is handled by 20 mx-in-sg.apple.com.
mx-in-mdn.apple.com mail is handled by 10 mx-in.g.apple.com.
mx-in-mdn.apple.com mail is handled by 20 mx-in-vib.apple.com.
mx-in-mdn.apple.com mail is handled by 20 mx-in-rn.apple.com.
mx-in-mdn.apple.com mail is handled by 20 mx-in-hfd.apple.com.
mx-in-mdn.apple.com mail is handled by 20 mx-in-ma.apple.com.
mx-in-mdn.apple.com mail is handled by 20 mx-in-rno.apple.com.
This loop is a mistake and should be fixed.
Additionally, RFC 5321 section 2.3.5 says that the name given in an EHLO / HELO greeting should be an IP literal or a primary host name ("a domain name that resolves to an address RR"). The name given in the EHLO / HELO exchange does not resolve to an address RR; it only resolves to an MX. While this is technically incorrect, the looping MX is the real issue. However, if you're fixing the looping issue, you may want to consider fixing this issue at the same time.
Please look in to this, and please let me know if you have any questions or need any additional information.
Thank you,
John Klos
|
|
|