Resolving gmail.com mail server

Talespin_Kit picture Talespin_Kit · Dec 27, 2011 · Viewed 7.7k times · Source

I am trying to find the gmail.com mail server using dig command and verifying the results returned by dig command using telnet.

$ dig gmail.com MX

; <<>> DiG 9.7.3 <<>> gmail.com MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54145
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;gmail.com.         IN  MX

;; ANSWER SECTION:
gmail.com.      800 IN  MX  10 alt1.gmail-smtp-in.l.google.com.
gmail.com.      800 IN  MX  20 alt2.gmail-smtp-in.l.google.com.
gmail.com.      800 IN  MX  30 alt3.gmail-smtp-in.l.google.com.
gmail.com.      800 IN  MX  40 alt4.gmail-smtp-in.l.google.com.
gmail.com.      800 IN  MX  5 gmail-smtp-in.l.google.com.

;; Query time: 14 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue Dec 27 02:09:50 2011
;; MSG SIZE  rcvd: 150

Dig command says "alt1.gmail-smtp-in.l.google.com" is one of the mail server. The smtp ports 25 or 587 is not opened(verified using telnet) for the link "alt1.gmail-smtp-in.1.google.com". However the link http://support.google.com/mail/bin/answer.py?hl=en&answer=13287 says that smtp.gmail.com is the mail server for gmail.com and the port 587 opens for it. Why dig is giving wrong email servers or where my understanding in reading dig output is going wrong.

Answer

Ken Bloom picture Ken Bloom · Dec 27, 2011

General Theory

Generally speaking, an SMTP server has two different functions that often get conflated: outgoing mail submission, and receiving mail from other networks. These two functions are performed using the same SMTP protocol. Usually these two functions are performed by the same machine, and historically they could even be performed on the same port. So it's easy to see why people conflate these two functions.

Though these two functions still us the same SMTP protocol, it's becoming less and less true that these are performed on the same port (as system administrators prevent their customers from spamming by blocking outgoing port 25 traffic). Often SMTP submission uses SSL encryption these days, while transporting mail between two different networks is still done in plain text. With the complexity of Google's network, it wouldn't surprise me if these two functions are performed on different machines. (Disclaimer: I work for Google, but I have no inside knowledge about GMail's operation.)

  1. Outgoing mail submission. When you send email from GMail, particularly when you configure an email client like Evolution to send from your gmail account, you have to configure an SMTP server to use to send your mail. Your email client connects directly with this SMTP server, and that SMTP server takes responsibility for sending the message to the right place elsewhere on the internet. This is often configured using a special port, and requiring login information so that only authorized users can send email. This is the function that the support link above is dealing with. You configure your email client to use the domain name smtp.gmail.com on port 587, and I think your email client finds this server by using the DNS A record for an ordinary domain name lookup.

  2. Receiving email from other networks. The SMTP server that's relaying your message to the other network looks up the MX record for gmail.com (in your case, finding that the place to send the message is alt1.gmail-smtp-in.l.google.com) and sends the message to port 25 on that host. This is what you looked up in DIG, and tested with telnet.

    Now why didn't you see alt1.gmail-smtp-in.l.google.com's port 25 when you tried telnetting from your consumer internet connection? The answer is that to prevent outgoing spam, your ISP blocks outgoing traffic on port 25. You therefore can't send anything to gmail.com port 25 without going through your ISP's SMTP server or some other SMTP server that requires a login and takes submissions on port 587.

What you tried to do.

So you're trying to perform function #2. You did The MX lookup for gmail.com yourself, and found that it corresponds to the server alt1.gmail-smtp-in.l.google.com. Then you tried telnetting to port 587 on alt1.gmail-smtp-in.l.google.com. That didn't work because alt1.gmail-smtp-in.l.google.com isn't listening on that port (it only needs to listen on port 25 in order to perform function #2). Then you tried telnetting to port 25 on alt1.gmail-smtp-in.l.google.com. That didn't work because your ISP blocks outgoing connections on port 25.

What you need to do to send email to gmail.com is find a server that performs function #1 and send your email through there. Alternatively, find an ISP that doesn't mind being a spam haven and doesn't block outgoing traffic on port 25. (Actually, please don't.)