IPV6 issue: mail does not go to google, anymore.

7 posts / 0 new
Last post
#1 Sat, 02/01/2014 - 13:46
remibruggeman

IPV6 issue: mail does not go to google, anymore.

Hello,

recently, I have noticed all mail to gmail (and other google affiliated mail) does not arrive and comes back with an undeliverable:

host gmail-smtp-in.l.google.com[2a00:1450:4001:c02::1b]
    said: 550-5.7.1 [zzzz:zzz:zzzz:zzz::z] Our system has detected that this
    message does 550-5.7.1 not meet IPv6 sending guidelines regarding PTR
    records and 550-5.7.1 authentication. Please review 550-5.7.1
    https://support.google.com/mail/?p=ipv6_authentication_error for more 550
    5.7.1 information.  - gsmtp (in reply to end of DATA
    command)

After some researching I noticed there are 2 options: a) fix the IPV6 issue on the server or b) force postfix to use ipv4.

Lazy as I am (and without time to quickly learn ipv6 to solve the issue) I went with option B. It did not work. No mail was sent at all anymore. so I reversed the changes.

Now I am looking at the ipv6 problem. Seems like my ISP gave me an ipv6 subnet instead of a single IP. Could that be the issue? My IP config:

DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
HWADDR=c8:60:00:xx:xx:xx
IPADDR=xx.xx.xx.xx
NETMASK=255.255.255.255
SCOPE="peer xx.xx.xx.xx"
IPV6INIT=yes
IPV6ADDR=zzzz:zzz:zzzz:zzz::z/64
IPV6_DEFAULTGW=zzz::1
IPV6_DEFAULTDEV=eth0

I notice that google responds to IP zzzz:zzz:zzzz:zzz::z. Would it work if I remove the /64 from the configuration file?

Thanks for your ever useful insight

Sat, 02/01/2014 - 14:02
remibruggeman

I removed the /64. did not change the outcome.

I added DKIM to the server. Did not yet change the outcome.

Sat, 02/01/2014 - 14:09
remibruggeman

Next I will attempt to add a PTR record

Sat, 02/01/2014 - 14:38
remibruggeman

which first needs a reverse DNS zone. I have never set anything like this up. Can anybody give me an example?

-----------EDIT----------- The reverse dns zone looks like this now:

$ttl 38400
5.x.8.in-addr.arpa. IN SOA ns1.domain.be. supposed.email.net. (
1391285886
10800
3600
604800
38400 )
5.x.8.in-addr.arpa. IN NS ns1.domain.be.

I am hosting multiple domains on this IP. What do I need to do now? Add records to this zone or add the reverse record to all other zones? In which format can I add these records?

Thanks!

Sat, 02/01/2014 - 15:09
Locutus

Seems trying to get IPv6 to work just for this might be more hassle than worth... What problem did you have when you tried to force Postfix to use IPv4? I.e. what exactly did you do, and what exactly "did not work", i.e. what exactly happened?

A quick googling reveals that adding the line "inet_protocols = ipv4" to your /etc/postfix/main.cf should do the trick.

Sat, 02/01/2014 - 17:09
remibruggeman

Locutus,

... yeah ... Indeed ... It does.

I followed this: http://postfix.1071664.n5.nabble.com/disable-ipv6-when-sending-to-gmail-...

It seemed to work for people on there, not for me. Setting inet_protocols to ipv4 works though.

The problem is averted now, but will return when ipv6 becomes the standard ...

What I do not understand is that my host gave me a subnet zzzz:zzz:zzzz:zzz::z/64. From what understand, that contains a couple of million addresses. Am I understanding this correctly?

Sun, 02/02/2014 - 09:04
Locutus

Yeah that's correct. With IPv6 it's normally done that way to give each host (at least) a /64 network, to support some types of auto-configuration that include the MAC address of the network device. So yeah, a /64 net consists of 2^64 addresses, seems exaggerated to give that to a host. But that's how it's done.

Of course you're free to use only one of these addresses, you can assign them as you please. Or you assign a subnet of that /64 to Virtualmin, which can in turn auto-assign new addresses to your domains (and create the proper netword card address) when you create them.

Topic locked