Hurricane Electric's IPv6 Tunnel Broker Forums

IPv6 Certification Program Topics => General Discussion => Topic started by: snarked on September 09, 2008, 02:12:40 PM

Title: E-mail test.
Post by: snarked on September 09, 2008, 02:12:40 PM
Test:  An IPv6 enabled mail system

Problem - e-mail rejected.  Reason:

     550 5.4.3 DNS reverse lookup failed. (IPv6:2001:470:0:aa::1e)

I run a strict anti-spam system, and that includes that hosts sending mail to me must be properly configured with a reverse DNS lookup that does not indicate a dial-up or dynamic assignment (and no reverse lookup also fails).  This failure has nothing to do with MY IPv6 setup.
Title: Re: E-mail test.
Post by: broquea on September 09, 2008, 03:03:54 PM
Whoops, thanks for pointing that out. rDNS should be pushed out shortly.
Title: Re: E-mail test.
Post by: snarked on September 09, 2008, 05:18:45 PM
Thank you.  However, as your "minimum TTL" field from your SOA record says 1 day, I'll have to check again tomorrow - for it will take that long for the "nxdomain" cached answer to time out.
Title: Re: E-mail test.
Post by: avongauss on September 09, 2008, 06:42:52 PM
The NXDOMAIN response should not be cached for that long, most servers that actually cache that response usually expire it after 2 hours.
Title: Re: E-mail test.
Post by: snarked on September 10, 2008, 12:35:10 PM
Next problem.  I now see the reverse entry, but it doesn't map back to a corresponding forward entry.

My error message:  550 5.4.8 DNS PTR mismatch. (IPv6:2001:470:0:aa::1e)

!dig -x 2001:470:0:aa::1e
...
;; QUESTION SECTION:
;e.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.a.0.0.0.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa. IN PTR

;; ANSWER SECTION:
e.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.a.0.0.0.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa. 210 IN PTR arc.he.net.

However, the forward lookup maps to a different address:

;; QUESTION SECTION:
;arc.he.net.                    IN      AAAA

;; ANSWER SECTION:
arc.he.net.             2946    IN      AAAA    2001:470:0:aa::2

"2001:470:0:aa::2" not included in "2001:470:0:aa::1e" - so mail still rejected by my anti-spam system.  :o
Title: Re: E-mail test.
Post by: broquea on September 10, 2008, 12:53:33 PM
Actually it's kinda odd that arc.he.net had extra ipv6 addresses configured on it out of the "aa" range. We've fixed this, and should only have 2001:470:0:aa::2 from that range now.
Title: Re: E-mail test.
Post by: snarked on September 10, 2008, 07:54:01 PM
OK.  It works now - at least for my system, so perhaps for others too (if they also have similar strict rules).
Title: Re: E-mail test.
Post by: broquea on September 10, 2008, 08:01:09 PM
We also fixed it so if you simply don't have an MX entry in DNS, it should default to the provided site's AAAA record.
Title: Re: E-mail test.
Post by: tatsuling on September 17, 2008, 03:27:12 PM
I was trying to do the email test today and got an error from qmail in my logs when the message was delivered.
Code: [Select]
SMTP Response: 451 See http://pobox.com/~djb/docs/smtplf.html.
Title: Re: E-mail test.
Post by: broquea on September 17, 2008, 06:29:40 PM
I was trying to do the email test today and got an error from qmail in my logs when the message was delivered.
Code: [Select]
SMTP Response: 451 See http://pobox.com/~djb/docs/smtplf.html.

I'll have to set up qmail somewhere to test, however we do send \r\n (<CRLF>) after every command sent.