Today, a Google Apps user sent a message with two recipients to us, one with TO and other a CC internal mailing list. Naturally, Google treated each as an independent message.
Over the course of an hour or so, because Google attempted to deliver the messages using different outgoing hosts, postscreen rejected the message(s) ~20 times, with a service unavailable, as we'd expect and normally want. Eventually, the TO recipient received the email where the distribution list recipients hadn't yet... that message is still in some queue at Google, and continues to be tried with different outgoing addresses. Unfortunately, the TO recipient has since replied to all recipients. Management(TM) saw the CC'ed reply, but hadn't gotten the original message. This has caused some concern. How have others dealt with this type of situation? The only solution I can see would involve identifying the google MX IP range and white-listing those hosts. This has two undesired side effects: 1st it's on me to find the hosts,and 2nd we should expect this for other services using a huge pool of boxes. If I understand things correctly, this is too early in the process to permit based on sender's name, nor would that necessarily be good for stuff from "google" in general. The second thought I have is that the postscreen expiration should probably be made longer lest we go through this over and over again. Comments/Thoughts/Suggestions?
