Our company uses Google (now called G Suite) to scan all of our inbound mail for spam and viruses before passing through to our servers
Everything has been working fine until around Oct 12th. One of our users indicated that a sender was getting a delivery failure with a permanent error of “read error: generic::failed_precondition: read error (0): error”.
I couldn’t really find anything on line and figured maybe I needed to the sender to our safe sender list. I don’t know if that would make any difference.
Two days later I found out that an IT user is having issues receiving, intermittently, from a sender that we receive emails from frequently. Some were getting through and others had the same error when I looked in the Google logs.
The logs indicated that their system was transferring the messages to the Google pipeline and allegedly delivering to the users gmail box, (which then passes to our server) but these messages would never reach our server, so users wouldn’t know that they hadn’t received an email unless the sender followed up for some reason.
After opening a ticket and then having the re-route it because they thought we were having issues sending (not receiving) messages it reached the appropriate group.
They claim that a) this has been happening since July (but we wer unawares) and b) that the issue is on our end. They have pointed out a problem with the Recursive Queries assigned by our DNS host (Network Solutions) that could be causing some problems on our server. However, they say the error we are getting (read error: generic::failed_precondition: read error (0): error) could be a different problem. They then go on to
They then go on to say:
Google announced deprecation of RC4 in September 2015 and began its gradual roll-out on June 16th 2016. On July 26th, the deprecation finally hit Google SMTP servers and this is when your organization could be encountering mail delivery issues. Based on our investigation, the TLS connections switched to another cipher suite which appears to fail intermittently due to an implementation bug on the receiving end (mail.polyair.com).
Based on the assumption that our disabling of RC4 was the cause of delivery failures, we recommend you disable RC4 to attempt to confirm the issue.
And that’s where I run into issues because I have no idea what I’m supposed to do. We don’t have SSL on our two servers that handle the SMTP traffic (and I know I should). This is what the server documents look like on the Ports - Internet Ports tab.
Should I be unchecking the 3 that reference RC4?
They want me to confirm if this is the issue, but since I don’t know when the issue will crop up, how am I supposed to know if it worked? And by disabling these, am I opening up some other issue?
Any help would be appreciated.
Thanks,
Pam