7

I am trying to find the gmail.com mail server using dig command and verifying the results returned by dig command using telnet.

$ dig gmail.com MX

; <<>> DiG 9.7.3 <<>> gmail.com MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54145
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;gmail.com.         IN  MX

;; ANSWER SECTION:
gmail.com.      800 IN  MX  10 alt1.gmail-smtp-in.l.google.com.
gmail.com.      800 IN  MX  20 alt2.gmail-smtp-in.l.google.com.
gmail.com.      800 IN  MX  30 alt3.gmail-smtp-in.l.google.com.
gmail.com.      800 IN  MX  40 alt4.gmail-smtp-in.l.google.com.
gmail.com.      800 IN  MX  5 gmail-smtp-in.l.google.com.

;; Query time: 14 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue Dec 27 02:09:50 2011
;; MSG SIZE  rcvd: 150

Dig command says "alt1.gmail-smtp-in.l.google.com" is one of the mail server. The smtp ports 25 or 587 is not opened(verified using telnet) for the link "alt1.gmail-smtp-in.1.google.com". However the link http://support.google.com/mail/bin/answer.py?hl=en&answer=13287 says that smtp.gmail.com is the mail server for gmail.com and the port 587 opens for it. Why dig is giving wrong email servers or where my understanding in reading dig output is going wrong.

Talespin_Kit
  • 20,830
  • 29
  • 89
  • 135

1 Answers1

18

General Theory

Generally speaking, an SMTP server has two different functions that often get conflated: outgoing mail submission, and receiving mail from other networks. These two functions are performed using the same SMTP protocol. Usually these two functions are performed by the same machine, and historically they could even be performed on the same port. So it's easy to see why people conflate these two functions.

Though these two functions still use the same SMTP protocol, it's becoming less and less true that these are performed on the same port (as system administrators prevent their customers from spamming by blocking outgoing port 25 traffic). Often SMTP submission uses SSL encryption these days, while transporting mail between two different networks is still done in plain text. With the complexity of Google's network, it wouldn't surprise me if these two functions are performed on different machines. (Disclaimer: I work for Google, but I have no inside knowledge about GMail's operation.)

  1. Outgoing mail submission. When you send email from GMail, particularly when you configure an email client like Evolution to send from your gmail account, you have to configure an SMTP server to use to send your mail. Your email client connects directly with this SMTP server, and that SMTP server takes responsibility for sending the message to the right place elsewhere on the internet. This is often configured using a special port, and requiring login information so that only authorized users can send email. This is the function that the support link above is dealing with. You configure your email client to use the domain name smtp.gmail.com on port 587, and I think your email client finds this server by using the DNS A record for an ordinary domain name lookup.

  2. Receiving email from other networks. The SMTP server that's relaying your message to the other network looks up the MX record for gmail.com (in your case, finding that the place to send the message is alt1.gmail-smtp-in.l.google.com) and sends the message to port 25 on that host. This is what you looked up in DIG, and tested with telnet.

    Now why didn't you see alt1.gmail-smtp-in.l.google.com's port 25 when you tried telnetting from your consumer internet connection? The answer is that to prevent outgoing spam, your ISP blocks outgoing traffic on port 25. You therefore can't send anything to gmail.com port 25 without going through your ISP's SMTP server or some other SMTP server that requires a login and takes submissions on port 587.

What you tried to do.

So you're trying to perform function #2. You did The MX lookup for gmail.com yourself, and found that it corresponds to the server alt1.gmail-smtp-in.l.google.com. Then you tried telnetting to port 587 on alt1.gmail-smtp-in.l.google.com. That didn't work because alt1.gmail-smtp-in.l.google.com isn't listening on that port (it only needs to listen on port 25 in order to perform function #2). Then you tried telnetting to port 25 on alt1.gmail-smtp-in.l.google.com. That didn't work because your ISP blocks outgoing connections on port 25.

What you need to do to send email to gmail.com is find a server that performs function #1 and send your email through there. Alternatively, find an ISP that doesn't mind being a spam haven and doesn't block outgoing traffic on port 25. (Actually, please don't.)

jellycsc
  • 10,904
  • 2
  • 15
  • 32
Ken Bloom
  • 57,498
  • 14
  • 111
  • 168
  • I think you have misunderstood my port verification server thing(may be i should have mentioned explicitly the server name for which i have tested the open ports). I did not check for open ports in "gmail.com". I have checked the "alt1.gmail-smtp-in.l.google.com" ports 25 and 587, which is reported as the mail server of gmail.com by dig. I am not thinking of sending email from gmail.com. Assume that i have to write a mail client which has to send email to "username@gmail.com" . The first thing i have to find is what is mail server for gmail.com is. How to find that. – Talespin_Kit Dec 27 '11 at 00:53
  • Thanks for updating the answer. I have few queries regarding the port blocking by ISP. I can connect to port 25 of "smtp.gmail.com", but i can not connect to port 25 of "alt1.gmail-smtp-in.l.google.com". So, why does the ISP block the port 25 for "alt1.gmail-smtp-in.l.google.com" but not "smtp.gmail.com". Is there any method to find out whether the ISP blocks a port(I have a doubt whether the port 25 of "alt1.gmail-smtp-in.l.google.com" is really open) . One more query is, why does the information about "smtp.gmail.com" is not present in the MX record. – Talespin_Kit Dec 27 '11 at 14:53
  • YOu are right about the ISP port blocking issue. I have tried to connect to port 25 of "alt1.gmail-smtp-in.l.google.com" server with different ISP provider and it is open. However the one question still remains is that why is the "smtp.gmail.com" is not present in the MX record. – Talespin_Kit Dec 30 '11 at 15:08
  • @Talespin_Kit: smtp.gmail.com is not present in the MX record becaues `smtp.gmail.com` only peforms function #1, while the MX record for `gmail.com` only contains information about servers for performing function #2. – Ken Bloom Dec 30 '11 at 20:25