Hello,
recently, I have noticed all mail to gmail (and other google affiliated mail) does not arrive and comes back with an undeliverable:
host gmail-smtp-in.l.google.com[2a00:1450:4001:c02::1b]
said: 550-5.7.1 [zzzz:zzz:zzzz:zzz::z] Our system has detected that this
message does 550-5.7.1 not meet IPv6 sending guidelines regarding PTR
records and 550-5.7.1 authentication. Please review 550-5.7.1
https://support.google.com/mail/?p=ipv6_authentication_error for more 550
5.7.1 information. - gsmtp (in reply to end of DATA
command)
After some researching I noticed there are 2 options: a) fix the IPV6 issue on the server or b) force postfix to use ipv4.
Lazy as I am (and without time to quickly learn ipv6 to solve the issue) I went with option B. It did not work. No mail was sent at all anymore. so I reversed the changes.
Now I am looking at the ipv6 problem. Seems like my ISP gave me an ipv6 subnet instead of a single IP. Could that be the issue? My IP config:
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
HWADDR=c8:60:00:xx:xx:xx
IPADDR=xx.xx.xx.xx
NETMASK=255.255.255.255
SCOPE="peer xx.xx.xx.xx"
IPV6INIT=yes
IPV6ADDR=zzzz:zzz:zzzz:zzz::z/64
IPV6_DEFAULTGW=zzz::1
IPV6_DEFAULTDEV=eth0
I notice that google responds to IP zzzz:zzz:zzzz:zzz::z. Would it work if I remove the /64 from the configuration file?
Thanks for your ever useful insight
I removed the /64. did not change the outcome.
I added DKIM to the server. Did not yet change the outcome.
Next I will attempt to add a PTR record
which first needs a reverse DNS zone. I have never set anything like this up. Can anybody give me an example?
-----------EDIT----------- The reverse dns zone looks like this now:
$ttl 384005.x.8.in-addr.arpa. IN SOA ns1.domain.be. supposed.email.net. (
1391285886
10800
3600
604800
38400 )
5.x.8.in-addr.arpa. IN NS ns1.domain.be.
I am hosting multiple domains on this IP. What do I need to do now? Add records to this zone or add the reverse record to all other zones? In which format can I add these records?
Thanks!
Seems trying to get IPv6 to work just for this might be more hassle than worth... What problem did you have when you tried to force Postfix to use IPv4? I.e. what exactly did you do, and what exactly "did not work", i.e. what exactly happened?
A quick googling reveals that adding the line "inet_protocols = ipv4" to your /etc/postfix/main.cf should do the trick.
Locutus,
... yeah ... Indeed ... It does.
I followed this: http://postfix.1071664.n5.nabble.com/disable-ipv6-when-sending-to-gmail-...
It seemed to work for people on there, not for me. Setting inet_protocols to ipv4 works though.
The problem is averted now, but will return when ipv6 becomes the standard ...
What I do not understand is that my host gave me a subnet zzzz:zzz:zzzz:zzz::z/64. From what understand, that contains a couple of million addresses. Am I understanding this correctly?
Yeah that's correct. With IPv6 it's normally done that way to give each host (at least) a /64 network, to support some types of auto-configuration that include the MAC address of the network device. So yeah, a /64 net consists of 2^64 addresses, seems exaggerated to give that to a host. But that's how it's done.
Of course you're free to use only one of these addresses, you can assign them as you please. Or you assign a subnet of that /64 to Virtualmin, which can in turn auto-assign new addresses to your domains (and create the proper netword card address) when you create them.