Google mail admin contact needed (STARTTLS capabilities issue)

Brent Jones brent at servuhome.net
Sat Dec 4 01:30:38 UTC 2010


There appears to be a widespread issue with Google inbound MX's
yesterday/today and I am unable to reach sufficient levels of support
from Google tickets or forums.

The problems seems to be many, if not all inbound Google MX records
for Gmail.com and Google Apps hosted domains are no longer reliably
advertising TLS as being supported over port 25 via STARTTLS.
It also appears TLS on connect over port 465 is also spotty at best,
with some servers responding, and some not. Previously 465 was
recommended by Google for mail clients to use, but seems to be
experience issues the last day or so intermittently.

This has been preventing opportunistic TLS from working over the last
couple days for my personal Google apps domain, and verified with
several other Google apps hosted domains.
However, Postini inbound MX'es still show STARTTLS in the capabilities
list after EHLO, so this seems to be only Google MX'es, not impacting
those who use Postini.

For example, below shows the same MX at Google responding with and
without TLS. I attempted about a dozen times over a few minutes to the
same MX until I got STARTTLS listed in the capabilities list, but the
next attempt to the same MX would no longer show STARTTLS

Any assistance on or off list would be appreciated.


(08:17 PM Fri Dec 03)-(~)
$ telnet alt1.gmail-smtp-in.l.google.com 25
Trying 209.85.229.27...
Connected to alt1.gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP y73si4442013weq.155
ehlo domain.com
250-mx.google.com at your service, [64.124.180.7]
250-SIZE 35651584
250-8BITMIME
250 ENHANCEDSTATUSCODES


(08:20 PM Fri Dec 03)-(~)
$ telnet alt1.gmail-smtp-in.l.google.com 25
Trying 209.85.229.27...
Connected to alt1.gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP j3si4484656wbc.99
ehlo domain.com
250-mx.google.com at your service, [64.124.180.7]
250-SIZE 35651584
250-8BITMIME
250-STARTTLS
250 ENHANCEDSTATUSCODES


(08:22 PM Fri Dec 03)-(~)
# telnet alt4.gmail-smtp-in.l.google.com 25
Trying 74.125.67.27...
Connected to alt4.gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP g16si6002830ibb.2
ehlo domain.com
250-mx.google.com at your service, [64.124.180.7]
250-SIZE 35651584
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250 PIPELINING


(08:26 PM Fri Dec 03)-(~)
# telnet alt4.gmail-smtp-in.l.google.com 25
Trying 74.125.67.27...
Connected to alt4.gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP e7si5973534ibb.84
ehlo domain.com
250-mx.google.com at your service, [64.124.180.7]
250-SIZE 35651584
250-8BITMIME
250-ENHANCEDSTATUSCODES
250 PIPELINING


(08:28 PM Fri Dec 03)-(~)
$ telnet ASPMX.L.GOOGLE.COM 25
Trying 74.125.91.27...
Connected to ASPMX.L.GOOGLE.COM.
Escape character is '^]'.
220 mx.google.com ESMTP n7si5304773qcu.37
ehlo domain.com
250-mx.google.com at your service, [64.124.180.7]
250-SIZE 35651584
250-8BITMIME
250 ENHANCEDSTATUSCODES
STARTTLS
502 5.5.1 Unrecognized command. n7si5304773qcu.37

-- 
Brent Jones
brent at servuhome.net




More information about the NANOG mailing list