The error message clearly indicates Google's strict requirements for IPv6 email delivery:
550-5.7.1 [2a01:4f8:212:27c8::2] Our system has detected that this message does
550-5.7.1 not meet IPv6 sending guidelines regarding PTR records and
550-5.7.1 authentication.For successful delivery to Gmail via IPv6, you must satisfy three critical requirements:
- A properly configured reverse DNS (PTR) record for your IPv6 address
- Valid SPF record including IPv6 addresses
- Working DKIM/DMARC authentication
First verify your current PTR record configuration:
dig -x 2a01:4f8:212:27c8::2And check SPF/DKIM status:
nslookup -type=txt staging.mydomain.com
nslookup -type=txt _dmarc.staging.mydomain.comEnsure Sendmail is properly configured for IPv6 in your sendmail.mc:
dnl Enable IPv6
DAEMON_OPTIONS(Family=inet6, Name=MTA-v6, Port=smtp')dnl
dnl IPv4 fallback
DAEMON_OPTIONS(Family=inet, Name=MTA-v4, Port=smtp')dnlRebuild and restart Sendmail after changes:
sudo make -C /etc/mail
sudo service sendmail restartYour IPv6 PTR record should match your HELO hostname. Example bind zone entry:
2.a.8.c.7.2.1.2.0.8.f.4.0.1.0.a.2.ip6.arpa. IN PTR staging.mydomain.com.SPF record should include both IPv4 and IPv6:
staging.mydomain.com. IN TXT "v=spf1 ip4:192.0.2.1 ip6:2a01:4f8:212:27c8::2 -all"Use these tools to validate your setup:
sudo apt-get install swaks
swaks --to myname@gmail.com --server aspmx.l.google.com \
--helo staging.mydomain.com --from myname@staging.mydomain.comFor comprehensive testing:
sudo apt-get install telnet
telnet aspmx.l.google.com 25
EHLO staging.mydomain.comBefore attempting delivery again, verify:
- PTR record matches HELO hostname
- SPF includes all sending IPs
- DKIM signatures validate
- DMARC policy exists
Use Google's Postmaster Tools for additional diagnostics once you have domain verification set up.
When trying to send emails from a fresh Sendmail installation on Ubuntu 14.04 to Gmail addresses, you might encounter the frustrating error:
550-5.7.1 [2a01:4f8:212:27c8::2] Our system has detected that this message does
550-5.7.1 not meet IPv6 sending guidelines regarding PTR records and
550-5.7.1 authentication.
This occurs because Google enforces stricter requirements for IPv6 connections compared to IPv4. The key issues are:
- Missing or improperly configured PTR record for your IPv6 address
- Incomplete SPF/DKIM/DMARC authentication setup
- Sendmail not properly configured for IPv6 delivery
First, check if your IPv6 address has a proper PTR record. Use dig to verify:
dig -x 2a01:4f8:212:27c8::2
You should see output like:
;; ANSWER SECTION:
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.c.7.2.1.2.0.0.0.8.f.4.0.1.0.a.2.ip6.arpa. 3600 IN PTR mail.yourdomain.com.
If missing, contact your hosting provider to set up reverse DNS for your IPv6 address.
Edit your Sendmail configuration file (/etc/mail/sendmail.mc) and add:
define(confBIND_OPTS', WorkAroundBrokenAAAA')dnl
define(confDIRECT_SUBMISSION_MODIFIERS', C')dnl
FEATURE(no_default_msa')dnl
DAEMON_OPTIONS(Name=MTA-v4, Family=inet')dnl
DAEMON_OPTIONS(Name=MTA-v6, Family=inet6, Port=smtp, Addr=::')dnl
Then regenerate your Sendmail configuration:
sudo make -C /etc/mail
sudo service sendmail restart
For Gmail delivery, you need proper email authentication:
SPF Record
Add to your DNS zone:
yourdomain.com. IN TXT "v=spf1 ip6:2a01:4f8:212:27c8::2 ~all"
DKIM Configuration
Install OpenDKIM:
sudo apt-get install opendkim opendkim-tools
Generate DKIM keys:
sudo opendkim-genkey -b 2048 -d yourdomain.com -s mail
sudo chown opendkim:opendkim /etc/opendkim/keys/yourdomain.com/mail.private
Add the public key to your DNS:
mail._domainkey.yourdomain.com. IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC..."
Use these tools to verify your setup:
sudo apt-get install swaks
swaks --to myname@gmail.com --from myname@yourdomain.com --server localhost
Check deliverability with Google's Postmaster Tools:
https://postmaster.google.com/
If IPv6 configuration proves too difficult, you can force Sendmail to use IPv4:
define(DAEMON_OPTIONS', Family=inet, Name=MTA-v4')dnl
define(DAEMON_OPTIONS', Family=inet, Name=MSP-v4, Port=submission')dnl
This should resolve the immediate delivery issues while you work on proper IPv6 configuration.