Hello All, I am using Ubuntu - Postfix -Dovecot. I was not receiving internal emails which is now fixed. The strange thing is tcpdump shows that the email from HE is being sent to the tunnel endpoint. Do i need a route from the tunnel end point to the host? (i'm using the same host for the test that the tunnel is configured on) Below is my DNS info. Any help will be greatly appreciated!! Thx!!
; <<>> DiG 9.7.1-P2 <<>> jasc22.com any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42735
;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;jasc22.com. IN ANY
;; ANSWER SECTION:
jasc22.com. 86400 IN SOA ns1.he.net. hostmaster.he.net. 2011042603 10800 1800 604800 86400
jasc22.com. 86400 IN MX 10 5103.jasc22.com.
jasc22.com. 82230 IN AAAA 2001:470:d:ee7::2
jasc22.com. 86400 IN NS ns4.he.net.
jasc22.com. 86400 IN NS ns3.he.net.
jasc22.com. 86400 IN NS ns5.he.net.
jasc22.com. 86400 IN NS ns2.he.net.
jasc22.com. 86400 IN NS ns1.he.net.
;; Query time: 54 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Thu Apr 28 10:20:02 2011
;; MSG SIZE rcvd: 220
Routing table -
2001:470:c:ee7::/64 :: Un 256 0 0 he-ipv6
2001:470:d:ee7::/64 :: U 256 0 0 eth1
fe80::/64 :: U 256 0 0 eth1
fe80::/64 :: Un 256 0 0 he-ipv6
::/0 :: U 1024 0 0 he-ipv6
::/0 :: !n -1 1 199 lo
::1/128 :: Un 0 2 31 lo
2001:470:c:ee7::2/128 :: Un 0 1 1186 lo
2001:470:d:ee7::2/128 :: Un 0 1 267 lo
fe80::6369:6bb5/128 :: Un 0 1 0 lo
fe80::e22a:82ff:fe3a:c791/128 :: Un 0 1 0 lo
ff00::/8 :: U 256 0 0 eth1
ff00::/8 :: U 256 0 0 he-ipv6
::/0 :: !n -1 1 199 lo
I assume the 2001:470:d:ee7::2 you're using is out of your routed /64?
@cholzhauer - Thx for your reply. Yes, that's correct!! I'm able to get to my web server via IPv6 and DNS-AAAA and MX records all seem to be working fine but not sure what the problem is. Any troubleshooting tips?
dig aaaa 5103.jasc22.com +trace doesn't return a result when checking any of the listed auth ns.
And there is no AAAA record in your zonefile in dns.he.net for 5103.jasc22.com, as you pasted.
~$ host 5103.jasc22.com
Host 5103.jasc22.com not found: 3(NXDOMAIN)
thx @broquea!!! I changed the AAAA to point to 5103.jasc22.com which now resolves to the IP. However, when i run ig aaaa 5103.jasc22.com +trace, i still do not get anything. any tips that you could provide? thx!!
Think there is another problem:
$ telnet 5103.jasc22.com 25
Trying 2001:470:d:ee7::2...
telnet: Unable to connect to remote host: Connection refused
thx broquea!! i figured that out and fixed the issue. i am now able to send email internally but still having issues sending externally. checking logs to see what is going on.
broquea - i fixed most of my config issues. i am now able to receive internal emails but not external. i tried from gmail as well but no luck. having issues with DNS and name servers. any other troubleshooting tips that you can provide will be greatly appreciated. thx!
Check DNS
[carl@mars ~]$ host 5103.jasc22.com
Host 5103.jasc22.com not found: 3(NXDOMAIN)
thx cholzhauer - i checked below and it resolves to the IP. thoughts?
s733l@5103:/var/log$ host 5103.jasc22.com
5103.jasc22.com has IPv6 address 2001:470:d:ee7::2
It's resolving now.
[carl@mars ~]$ host 5103.jasc22.com
5103.jasc22.com has IPv6 address 2001:470:d:ee7::2
But, you have another issue
[carl@mars ~]$ telnet 5103.jasc22.com 25
Trying 2001:470:d:ee7::2...
telnet: connect to address 2001:470:d:ee7::2: Connection refused
telnet: Unable to connect to remote host
Either your mail server isn't listening on IPv6 or your firewall is blocking traffic. You say it works internally, so I would look at the firewall.
thx much cholzhauer!!! it's strange...my system is on the DMZ and i'm allowing SMTP. However, when I run a portscan it's showing up as closed. very strange. can't seem to figure this one out. does anybody know if ATT blocks SMTP inbound? When I check the logs, I am not seeing any traffic on port 25.
Starting Nmap 5.00 ( http://nmap.org ) at 2011-04-29 12:08 PDT
Interesting ports on jasc22.com (2001:470:d:ee7::2):
Not shown: 997 filtered ports
PORT STATE SERVICE
25/tcp closed smtp
80/tcp open http
143/tcp open imap
Nmap done: 1 IP address (1 host up) scanned in 6.31 seconds
I can see ATT blocking SMTP on IPv4, but I can't imagine they'd be doing it on IPv6. Who knows though.
thx cholzhauer!! i tried sending myself an email on ipv4 from gmail but that does not seem to be working either. does anybody know if it's possible to complete this test using godaddy's email service? stumped!!!
Besides the point of looking 25 is blocked, sorry but still can not resolve mx record to that host some times - so that could be causing you pain in trying to send email as well.
And I found your problem with the resolving problem
You have these listed as NS
;; Received 493 bytes from 2001:dc3::35#53(m.root-servers.net) in 100 ms
jasc22.com. 172800 IN NS ns1.he.net.
jasc22.com. 172800 IN NS ns2.he.net.
jasc22.com. 172800 IN NS ns3.he.net.
jasc22.com. 172800 IN NS ns4.he.net.
jasc22.com. 172800 IN NS ns5.he.net.
jasc22.com. 172800 IN NS ns71.domaincontrol.com.
jasc22.com. 172800 IN NS ns72.domaincontrol.com.
And notice that the he.net ones return AAAA
5103.jasc22.com. 86400 IN AAAA 2001:470:d:ee7::2
;; Received 61 bytes from 2001:470:200::2#53(ns2.he.net) in 89 ms
But if domaincontrol gets asks -- you fail on that entry
jasc22.com. 3600 IN SOA ns71.domaincontrol.com. dns.jomax.net. 2011042901 28800 7200 604800 86400
;; Received 114 bytes from 208.109.255.46#53(ns72.domaincontrol.com) in 40 ms
All NS listed for a domain need to match up for records or going to have issues. Which NS gets asked is just random luck pretty much.
Thx johnpoz!!! ATT was blocking port 25. I resolved the issues per your email below and then tried but still no luck. Checking my system to see if there are any configuration issues that I need to resolve.
what did you fix?? You still have the same problem
dig 5103.jasc22.com AAAA +trace
;; Received 493 bytes from 2001:7fd::1#53(k.root-servers.net) in 90 ms
jasc22.com. 172800 IN NS ns1.he.net.
jasc22.com. 172800 IN NS ns2.he.net.
jasc22.com. 172800 IN NS ns3.he.net.
jasc22.com. 172800 IN NS ns4.he.net.
jasc22.com. 172800 IN NS ns5.he.net.
jasc22.com. 172800 IN NS ns71.domaincontrol.com.
jasc22.com. 172800 IN NS ns72.domaincontrol.com.
;; Received 405 bytes from 192.48.79.30#53(j.gtld-servers.net) in 191 ms
jasc22.com. 86400 IN SOA ns71.domaincontrol.com. dns.jomax.net. 2011050303 28800 7200 604800 8640 0
;; Received 104 bytes from 216.69.185.46#53(ns71.domaincontrol.com) in 47 ms
Notice when ns71.domaincontrol.com gets asked for AAAA of your mail host you get just SOA - fail!!
If one of the he.net servers get ask you return
5103.jasc22.com. 300 IN AAAA 2001:470:d:ee7::2
;; Received 61 bytes from 2001:470:300::2#53(ns3.he.net) in 90 ms
But I still show that not answering on 25 anyway!!
telnet 5103.jasc22.com 25
Trying 2001:470:d:ee7::2...
Just hangs -- so you still have a dns problem, and you still have a port blocked problem. So yeah email never going to work.
hi johnpoz.....so when i try to run dig 5103.jasc22.com AAAA +trace i get the following error. I ran other dig commands and it seems like it's working. Please let me know your thoughts. As well, I have included my mail.log and I received the email but still having issues with postfix.
s733l@5103:~$ dig 5103.jasc22.com AAAA +trace
; <<>> DiG 9.7.1-P2 <<>> 5103.jasc22.com AAAA +trace
;; global options: +cmd
;; connection timed out; no servers could be reached
s733l@5103:~$ dig 5103.jasc22.com AAAA +trace
; <<>> DiG 9.7.1-P2 <<>> 5103.jasc22.com AAAA +trace
;; global options: +cmd
;; connection timed out; no servers could be reached
However, when I run the following I get the results below.
s733l@5103:~$ dig any jasc22.com
; <<>> DiG 9.7.1-P2 <<>> any jasc22.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30888
;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;jasc22.com. IN ANY
;; ANSWER SECTION:
jasc22.com. 300 IN MX 10 5103.jasc22.com.
jasc22.com. 86400 IN SOA ns1.he.net. hostmaster.he.net. 2011050309 10800 1800 604800 86400
jasc22.com. 300 IN AAAA 2001:470:d:ee7::2
jasc22.com. 300 IN NS ns4.he.net.
jasc22.com. 300 IN NS ns3.he.net.
jasc22.com. 300 IN NS ns5.he.net.
jasc22.com. 300 IN NS ns2.he.net.
jasc22.com. 300 IN NS ns1.he.net.
;; Query time: 61 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Wed May 4 10:44:24 2011
;; MSG SIZE rcvd: 236
s733l@5103:~$ dig @ns1.he.net -x 2001:470:d:ee7::2
; <<>> DiG 9.7.1-P2 <<>> @ns1.he.net -x 2001:470:d:ee7::2
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48445
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.e.e.0.d.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa. IN PTR
;; ANSWER SECTION:
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.e.e.0.d.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa. 86400 IN PTR jasc22.com.
;; Query time: 36 msec
;; SERVER: 216.218.130.2#53(216.218.130.2)
;; WHEN: Wed May 4 10:44:59 2011
;; MSG SIZE rcvd: 114
s733l@5103:~$ dig aaaa 5103.jasc22.com +short
2001:470:d:ee7::2
Below is my mail.log....I did receive the email but having issues with postfix seems like it.
May 4 08:26:45 5103 postfix/cleanup[3209]: 7EB1A9A0372: message-id=<4dc1703592b3b.1304522805@ipv6.he.net>
May 4 08:26:45 5103 postfix/qmgr[3072]: 7EB1A9A0372: from=<ipv6@he.net>, size=439, nrcpt=1 (queue active)
May 4 08:30:31 5103 postfix/cleanup[3473]: EB4759A038A: message-id=<4dc17117078fe.1304523031@ipv6.he.net>
May 4 08:30:31 5103 postfix/qmgr[3461]: EB4759A038A: from=<ipv6@he.net>, size=439, nrcpt=1 (queue active)
May 4 08:34:44 5103 postfix/qmgr[3644]: 7EB1A9A0372: from=<ipv6@he.net>, size=439, nrcpt=1 (queue active)
May 4 08:36:30 5103 postfix/qmgr[3891]: EB4759A038A: from=<ipv6@he.net>, size=439, nrcpt=1 (queue active)
May 4 08:47:24 5103 postfix/qmgr[4155]: 7EB1A9A0372: from=<ipv6@he.net>, size=439, nrcpt=1 (queue active)
May 4 08:47:24 5103 postfix/qmgr[4155]: EB4759A038A: from=<ipv6@he.net>, size=439, nrcpt=1 (queue active)
May 4 08:48:49 5103 postfix/cleanup[4323]: 6D3489A0388: message-id=<4dc1703592b3b.1304522805@ipv6.he.net>
May 4 08:48:49 5103 postfix/qmgr[4155]: 6D3489A0388: from=<ipv6@he.net>, size=853, nrcpt=1 (queue active)
May 4 08:48:49 5103 postfix/cleanup[4326]: BD6A29A03C0: message-id=<4dc17117078fe.1304523031@ipv6.he.net>
May 4 08:48:49 5103 postfix/qmgr[4155]: BD6A29A03C0: from=<ipv6@he.net>, size=853, nrcpt=1 (queue active)
May 4 08:48:50 5103 postfix/smtp[4327]: B6FAE9A03BF: to=<ipv6@he.net>, relay=he.net[2001:470:0:76::2]:25, delay=0.58, delays=0.1/0.1/0.24/0.14, dsn=4.0.0, status=deferred (host he.net[2001:470:0:76::2] said: 450 Mailbox temporarily unavailable, sorry (in reply to end of DATA command))
May 4 08:48:50 5103 postfix/smtp[4328]: 13EF59A038A: to=<ipv6@he.net>, relay=he.net[2001:470:0:76::2]:25, delay=0.61, delays=0.2/0.03/0.25/0.14, dsn=4.0.0, status=deferred (host he.net[2001:470:0:76::2] said: 450 Mailbox temporarily unavailable, sorry (in reply to end of DATA command))
May 4 08:57:25 5103 postfix/smtp[4539]: B6FAE9A03BF: to=<ipv6@he.net>, relay=he.net[2001:470:0:76::2]:25, delay=516, delays=514/0.04/0.24/1.1, dsn=2.0.0, status=sent (250 Email accepted)
May 4 08:57:30 5103 postfix/smtp[4540]: 13EF59A038A: to=<ipv6@he.net>, relay=he.net[2001:470:0:76::2]:25, delay=520, delays=514/0.04/5.2/1.1, dsn=2.0.0, status=sent (250 Email accepted)
Okay...had to make changes to resolv.conf and below is what I got. thx for all your help, johnpoz!! :)
s733l@5103:~$ dig 5103.jasc22.com AAAA +trace
; <<>> DiG 9.7.1-P2 <<>> 5103.jasc22.com AAAA +trace
;; global options: +cmd
. 476485 IN NS i.root-servers.net.
. 476485 IN NS d.root-servers.net.
. 476485 IN NS b.root-servers.net.
. 476485 IN NS e.root-servers.net.
. 476485 IN NS a.root-servers.net.
. 476485 IN NS c.root-servers.net.
. 476485 IN NS j.root-servers.net.
. 476485 IN NS m.root-servers.net.
. 476485 IN NS h.root-servers.net.
. 476485 IN NS l.root-servers.net.
. 476485 IN NS f.root-servers.net.
. 476485 IN NS g.root-servers.net.
. 476485 IN NS k.root-servers.net.
;; Received 228 bytes from 68.94.156.1#53(68.94.156.1) in 26 ms
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
;; Received 505 bytes from 2001:503:ba3e::2:30#53(a.root-servers.net) in 38 ms
jasc22.com. 172800 IN NS ns1.he.net.
jasc22.com. 172800 IN NS ns2.he.net.
jasc22.com. 172800 IN NS ns3.he.net.
jasc22.com. 172800 IN NS ns4.he.net.
jasc22.com. 172800 IN NS ns5.he.net.
jasc22.com. 172800 IN NS ns71.domaincontrol.com.
jasc22.com. 172800 IN NS ns72.domaincontrol.com.
;; Received 405 bytes from 2001:503:a83e::2:30#53(a.gtld-servers.net) in 36 ms
5103.jasc22.com. 300 IN AAAA 2001:470:d:ee7::2
;; Received 61 bytes from 2001:470:300::2#53(ns3.he.net) in 34 ms
I don't know how to say this any different..
Notice in your trace you hot that record from he.net server
5103.jasc22.com. 300 IN AAAA 2001:470:d:ee7::2
Received 61 bytes from 2001:470:300::2#53(ns3.he.net) in 34 ms
But if you ask
asc22.com. 172800 IN NS ns71.domaincontrol.com.
jasc22.com. 172800 IN NS ns72.domaincontrol.com.
You do NOT get a AAAA response -- all server listed as your NS should have ALL records, you really should pull the domaincontrol.com servers out if they are not going to have all the records in them.
Im not currently at a location where I can connect via IPv6 would have to vpn into my home network or wait til get home.. But the box last couple times I have checked was NOT listening on 25 on that address
thx johnpoz!!! that worked!! ;D
yeah much better
;; Received 493 bytes from 2001:500:2f::f#53(f.root-servers.net) in 44 ms
jasc22.com. 172800 IN NS ns1.he.net.
jasc22.com. 172800 IN NS ns2.he.net.
jasc22.com. 172800 IN NS ns3.he.net.
jasc22.com. 172800 IN NS ns4.he.net.
jasc22.com. 172800 IN NS ns5.he.net.
;; Received 321 bytes from 192.12.94.30#53(e.gtld-servers.net) in 128 ms
5103.jasc22.com. 300 IN AAAA 2001:470:d:ee7::2
;; Received 61 bytes from 216.218.130.2#53(ns1.he.net) in 88 ms
Still not showing your server listening on 25 on ipv6, did you turn it off already?
So I can telnet to the he.net mx server on ipv6
telnet 2001:470:0:76::2 25
Trying 2001:470:0:76::2...
Connected to 2001:470:0:76::2.
Escape character is '^]'.
220 he.net ESMTP Ready
see
http://www.subnetonline.com/pages/ipv6-network-tools/online-ipv6-port-scanner.php
Checked port 25 on Host/IP 2001:470:0:76::2...
The checked port (25) is online/reachable!
Completed portscan in 0.162 seconds
But yours just sits there and port shows close on a port scan
Yours fails
Checked port 25 on Host/IP 2001:470:d:ee7::2...
The checked port (25) is offline/unreachable
Reason: Connection timed out (110)
Portscan ran for 9.9877 seconds
Hey johnpoz, thx for checking! I got to Sage yesterday and the Administrator was the only test holding me up. The reason why you were unable to telnet was because l shutdown my machine. Great learning experience and appreciate your help!! ;D