Problem

If you have been having difficulty with delays receiving mail from people that use either Gmail or have their domain Google Mail hosted, then you might like to have a look at your firewall and see if it is blocking the incoming mail.

We have been having a great deal of problems with mail being delayed on receipt, and in some cases this can be minutes growing to hours. In one case exceeded the 2 day limit and bounced back to the sender. In all cases we had no record of the mail being anywhere near our servers until it was actually delivered to a mail client, usually seconds after being recorded hitting our servers.

We used the incredibly useful Analyze Headers feature of MXToolbox on delayed mail and found that in every case it came through a Google mail server. What was most alarming was the indication that it was on a blacklist!

Hop Delay From By With Time (UTC) Blacklist
1 * 10.25.225.211 HTTP 6/23/2017 8:24:31 AM
2 59 minutes mail-lf0-f54.google.com SMTP 6/23/2017 9:23:56 AM
3 0 seconds mail-lf0-f54.google.com 209.85.215.54 HE1EUR02FT018.mail.protection.outlook.com 10.152.10.248 Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) 6/23/2017 9:23:56 AM

So we then ran the mail server through the RBL checker on MXToolbox and low and behold:

RBL Listing

Not all blacklists had been fired, and it seems that SORBS was used by our SonicWall firewall as a RBL checker, which was installed by default.

Resolution

We understand that there have been issues recorded with SORBS. Therefore we looked up what to change these to on our firewall, and picked the following as potentials with the help of our anti-spam provider, Spam Titan, which had not been blocking the mail when it got through our firewall:

• zen.spamhaus.org
• psbl.surriel.com
• truncate.gbudb.net
• bl.spamcop.net

Of these the SpamCop one is known to produce a low number of false positives and automatically de-lists servers, meaning more of a chance of a problem going away even if you get one in the first place.

So we chose this and zen.spamhaus.org as two RBLs on the firewall and removed SORBS completely.

Within a few minutes mail which we had been expected for hours that morning started to come through, Later in the day a conversation with a customer that had become very stilted due to mail delay became instant once more.

Conclusion

So the conclusion is: if you are being driven up the wall by delayed email into your site, use the MXToolbox tools to verify the servers giving you hassle, and then have a look at the RBL rules set either on your firewall or other anti-spam system filtering your mail. Try new values for RBL servers, and wait and see if it improves your situation like it did us!

Interestingly 99% of the other mail domains we communicate with had never given us this problem, which is why it had been so frustrating. Also it is not easy to tell if somebody using their own domain is actually hosted by Google until you analyse the headers of an email they send – it was not just mail from Gmail itself that was affected.