Hurricane Electric's IPv6 Tunnel Broker Forums

IPv6 Certification Program Topics => General Discussion => Topic started by: say1o on January 10, 2013, 11:10:58 PM

Title: Administrator Test
Post by: say1o on January 10, 2013, 11:10:58 PM
Ok, so I am running Postfix on a Centos machine.  No problems sending and receiving IPv4 mail through yahoo & gmail.  If I send an email to bouncer@freenet6.net it comes back successfully, and says the mail system is IPv6 enabled.  However when I try to click the "Send it" button in the certification page it just sits there for hours on end with a circular hour glass going around and around.

Dig MX output:
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> mx mhtg.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8876
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;mhtg.net.                      IN      MX

;; ANSWER SECTION:
mhtg.net.               900     IN      MX      10 mail.mhtg.net.

;; ADDITIONAL SECTION:
mail.mhtg.net.          900     IN      A       67.172.137.54
mail.mhtg.net.          900     IN      AAAA    2001:470:403a:1::1

;; Query time: 101 msec
;; SERVER: 2001:470:20::2#53(2001:470:20::2)
;; WHEN: Fri Jan 11 00:09:14 2013
;; MSG SIZE  rcvd: 91
Title: Re: Administrator Test
Post by: kasperd on January 11, 2013, 01:43:56 AM
Your mailserver is responding with ICMPv6 error code 1 (Administratively prohibited).

$ telnet 2001:470:403a:1::1 25
Trying 2001:470:403a:1::1...
telnet: Unable to connect to remote host: Permission denied
Title: Re: Administrator Test
Post by: say1o on January 11, 2013, 11:32:50 PM
weird....

[root@mhtg /]# telnet 2001:470:403a:1::1 25
Trying 2001:470:403a:1::1...
Connected to 2001:470:403a:1::1.
Escape character is '^]'.
220 mail.mhtg.net ESMTP Postfix
^]
telnet> close
Connection closed.


I have a router running dd-wrt, the centos machine I am trying to setup the mailserver on is in the DMZ list, and I dont have another ipv6 machine to test connections =(
Title: Re: Administrator Test
Post by: kasperd on January 12, 2013, 12:32:24 AM
Quote from: say1o on January 11, 2013, 11:32:50 PMI dont have another ipv6 machine to test connections =(
If you have another machine somewhere, which you can test from, then you can get IPv6 on that machine by using 6to4, Teredo, or a second HE tunnel.

But alternatively you can try to run a tcpdump command while trying to go through the administrator test again.
Title: Re: Administrator Test (SOLVED)
Post by: say1o on January 13, 2013, 12:24:32 AM
Thanks for the help, got everything all working correctly, passed my cert!!!  Problem turned out to be a bad proxy_interfaces directive in the Postfix config file. Just wanted to update this thread as solved and maybe it will help someone else down the road.

Thanks to everyone at HE, I've enjoyed the free certification program and learned a lot!