Hurricane Electric's IPv6 Tunnel Broker Forums
IPv6 Certification Program Topics => General Discussion => Topic started by: snarked on September 09, 2008, 02:12:40 PM
-
Test: An IPv6 enabled mail system
Problem - e-mail rejected. Reason:
550 5.4.3 DNS reverse lookup failed. (IPv6:2001:470:0:aa::1e)
I run a strict anti-spam system, and that includes that hosts sending mail to me must be properly configured with a reverse DNS lookup that does not indicate a dial-up or dynamic assignment (and no reverse lookup also fails). This failure has nothing to do with MY IPv6 setup.
-
Whoops, thanks for pointing that out. rDNS should be pushed out shortly.
-
Thank you. However, as your "minimum TTL" field from your SOA record says 1 day, I'll have to check again tomorrow - for it will take that long for the "nxdomain" cached answer to time out.
-
The NXDOMAIN response should not be cached for that long, most servers that actually cache that response usually expire it after 2 hours.
-
Next problem. I now see the reverse entry, but it doesn't map back to a corresponding forward entry.
My error message: 550 5.4.8 DNS PTR mismatch. (IPv6:2001:470:0:aa::1e)
!dig -x 2001:470:0:aa::1e
...
;; QUESTION SECTION:
;e.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.a.0.0.0.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa. IN PTR
;; ANSWER SECTION:
e.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.a.0.0.0.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa. 210 IN PTR arc.he.net.
However, the forward lookup maps to a different address:
;; QUESTION SECTION:
;arc.he.net. IN AAAA
;; ANSWER SECTION:
arc.he.net. 2946 IN AAAA 2001:470:0:aa::2
"2001:470:0:aa::2" not included in "2001:470:0:aa::1e" - so mail still rejected by my anti-spam system. :o
-
Actually it's kinda odd that arc.he.net had extra ipv6 addresses configured on it out of the "aa" range. We've fixed this, and should only have 2001:470:0:aa::2 from that range now.
-
OK. It works now - at least for my system, so perhaps for others too (if they also have similar strict rules).
-
We also fixed it so if you simply don't have an MX entry in DNS, it should default to the provided site's AAAA record.
-
I was trying to do the email test today and got an error from qmail in my logs when the message was delivered.
SMTP Response: 451 See http://pobox.com/~djb/docs/smtplf.html.
-
I was trying to do the email test today and got an error from qmail in my logs when the message was delivered.
SMTP Response: 451 See http://pobox.com/~djb/docs/smtplf.html.
I'll have to set up qmail somewhere to test, however we do send \r\n (<CRLF>) after every command sent.