Hi everyone,
I am trying to pass the administrator certification, I have successfully setup the MX ( you can check by yourself: dig mx mail.ipv6.forbidden-access.org )
When I ask for sending me the HE mail to get the code, it takes too long and no mail is received in my mail server ...
Has anyone experienced something similar ?
Your mailserver appears to be down.traceroute to mail.ipv6.forbidden-access.org (2001:470:28:f0a:95f0:1a5b:6b47:2265), 30 hops max, 80 byte packets
1 2a01:d0:839a:babe:735d:77a7:990d:702c 0.130 ms 0.168 ms 0.209 ms
2 2001:470:0:11e::2 40.965 ms 47.021 ms 47.911 ms
3 2001:470:27:f0a::2 158.772 ms 146.462 ms 153.476 ms
4 * * *
5 * * *
6 * * *
7 * * *
8 2001:470:27:f0a::2 285.995 ms !H 171.668 ms !H *
what was the specific email addy you submitted, because everything left of @ including the @ gets stripped, and the test works with what remains.
@kasperd Yes when you did the test, the mailserver was rebooting :P now he is up and still waiting for mails :(
@broquea I am trying to test with sigmoun@mail.ipv6.forbidden-access.org
Thanks !
I have change the AAAA and so the MX to zied.forbidden-access.org
But it's still sending ...
Quote from: sigmoun on May 25, 2013, 02:47:25 AMnow he is up and still waiting for mails
Nope. Still down. The traceroute output looks the same as before. Your router responds with no route to host, after three seconds. This almost certainly means your router is sending a neighbor discovery and getting no reply back from the mail server, so after three seconds the router times out and send an error back.
Quote from: kasperd on May 25, 2013, 04:27:55 AM
Quote from: sigmoun on May 25, 2013, 02:47:25 AMnow he is up and still waiting for mails
Nope. Still down. The traceroute output looks the same as before. Your router responds with no route to host, after three seconds. This almost certainly means your router is sending a neighbor discovery and getting no reply back from the mail server, so after three seconds the router times out and send an error back.
I have changed the AAAA (and so the MX) to :
zied.forbidden-access.org, I think you made the test with mail.ipv6.forbidden-access.org that's why you have no route to host.
Quote from: sigmoun on May 25, 2013, 04:59:13 AMI have changed the AAAA (and so the MX) to :
zied.forbidden-access.org,
That host is responding, but HE have packet filters in place preventing others from connecting to your mailserver. That means either the issue need to be debugged using only information available from your end of the connection, or you need to email ipv6@he.net and ask them to help you.
If you install a Teredo relay on your router, I would be able to find out a bit more about what your problem is. And installing such a Teredo relay is a good idea anyway, as it will give you a more reliable communication, when communicating with Teredo users. What OS are you running on the router? I know how to install and configure a Teredo relay on an Ubuntu system, and it is really easy.
Thanks for these information,
As router I am using Vyatta ...
Quote from: sigmoun on May 25, 2013, 06:21:35 AMAs router I am using Vyatta ...
According to Wikipedia it is based on Debian just like Ubuntu is, and it is specialized for networking. With those properties it definitely should support running a Teredo relay. So how about you try out the steps that works on Ubuntu and let us know, if they work on Vyatta as well.
First of all install the software with
apt-get install miredo. Secondly edit the
/etc/miredo.conf configuration file. The default configuration file on installation is for a Teredo client, and what you want is not a client, but a relay. Here is the configuration file, I use on one of my machines
# Please refer to the miredo.conf(5) man page for details.
InterfaceName teredo
RelayType relay
# Pick a Teredo server:
#ServerAddress teredo.ipv6.microsoft.com
#ServerAddress teredo-debian.remlab.net
# Some firewall/NAT setups require a specific UDP port number:
#BindPort 3545
BindPort 64646I made three changes. I changed the RelayType, I commented out the ServerAddress, and I added a BindPort. I picked a static port number between 61000 and 65535, just for convenience. It is easier to recognize in packet dumps that way. Finally run
service miredo restart which will stop the Teredo client (which may have been started automatically by apt-get install) and then start the relay.
Looks like you got the Teredo relay up, as I can see when I now ping zied.forbidden-access.org from a Teredo client, the Teredo server gives me a different Teredo relay address.
But packets send from my Teredo client to your Teredo relay appear to get lost on the route. Is there a firewall or a NAT device between your Vyatta router and the Internet preventing packets from me making it to the Vyatta router? Or could there be a firewall rule on the Vyatta router blocking packets to the Teredo relay?
yes I have installed Terodo as you asked and forward the port from my router...
What should I do now ?
by the way, the he support answer was
SMTP is not filtered to/from the system that performs the administrator
test.
Quote from: sigmoun on May 25, 2013, 07:23:09 AMWhat should I do now ?
I tried running an nmap against your IPv6 address, now that your Teredo relay is functional. This is what I got:
nmap -6 zied.forbidden-access.org
Starting Nmap 5.21 ( http://nmap.org ) at 2013-05-25 16:31 CEST
Nmap scan report for 2001:470:28:f0a:6510:c8c3:a3cf:f911
Host is up (0.095s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 5.23 secondsSo it looks like nothing is listening on port 25 on that host. That would explain why no email can be delivered to it. So check again that the mailserver is indeed running on zied.forbidden-access.org, and check which IP it is listening on. Maybe it is listening only on ::1 or maybe it is listening only on IPv4.
Quote from: sigmoun on May 25, 2013, 07:24:31 AMby the way, the he support answer was
SMTP is not filtered to/from the system that performs the administrator
test.
They may have misunderstood the question. But then again, I haven't seen the question you send to them.
I know the filters don't prevent going through the certification test, if you got the mailserver setup correctly. But the filter prevents anybody else from trying to connect to the server to find out, why it isn't working. That means you cannot just go to the forum and ask for help, because nobody on the forum can see what is happening behind the HE filters.
That is why I suggested that you go to ipv6@he.net and ask for the advice, you could previously have gotten from the forum. But they appear not to have understood that point.
I guess that just means whenever such question shows up, I'll advice people to setup a Teredo relay instead. No harm done, if many of the people going through the certification test learns to setup a Teredo relay. And now if you happen to want to ssh back home from your laptop, and you are somewhere with only IPv4 connectivity, then you can just use a Teredo client on your laptop. :-)
Quote from: kasperd on May 25, 2013, 07:34:58 AMSo it looks like nothing is listening on port 25 on that host. That would explain why no email can be delivered to it. So check again that the mailserver is indeed running on zied.forbidden-access.org, and check which IP it is listening on. Maybe it is listening only on ::1 or maybe it is listening only on IPv4.
I see you got that working now:
# telnet -6 zied.forbidden-access.org 25
Trying 2001:470:28:f0a:6510:c8c3:a3cf:f911...
Connected to zied.forbidden-access.org.
Escape character is '^]'.
220 zied.forbidden-access.org ESMTP Postfix (Ubuntu)
QUIT
221 2.0.0 Bye
Connection closed by foreign host.I hope the certification test passes now.
I have [2001::]/16 to "mynetworks" in the /etc/postifix/main.cf
So that's why you can telnet it.
But still same problem...
Can you try to send mail to sigmoun@zied.forbidden-access.org through telnet ?
Thanks !
Quote from: sigmoun on May 25, 2013, 07:48:27 AMCan you try to send mail to sigmoun@zied.forbidden-access.org through telnet ?
$ telnet -6 zied.forbidden-access.org 25
Trying 2001:470:28:f0a:6510:c8c3:a3cf:f911...
Connected to zied.forbidden-access.org.
Escape character is '^]'.
220 zied.forbidden-access.org ESMTP Postfix (Ubuntu)
HELO bfbqv.25.may.2013v6.kasperd.net
250 zied.forbidden-access.org
MAIL From:<blackhole@bfbqv.25.may.2013v6.kasperd.net>
250 2.1.0 Ok
RCPT To:<sigmoun@zied.forbidden-access.org>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
From: blackhole@bfbqv.25.may.2013v6.kasperd.net
To: sigmoun@zied.forbidden-access.org
Subject: 2895
https://www.tunnelbroker.net/forums/index.php?topic=2895
.
250 2.0.0 Ok: queued as 0D52F1F16
QUIT
221 2.0.0 Bye
Connection closed by foreign host.
Yes I have received the mail ??? ??? ??? ??? ??? ??? ??? ???
So could'nt the administrator system send me mail ??? ??? ???
Quote from: sigmoun on May 25, 2013, 08:49:40 AMSo could'nt the administrator system send me mail
Time to fire up tcpdump. If you have tcpdump on the router, then running it on the router is the best option. Otherwise it could still be useful to run it on the mailserver.
I think the tunnel interface on the router is the best one to look at for debugging this issue. I imagine something like this
tcpdump -pni sit1 -s0 -Uw smtp.pcap which would dump all the traffic from the sit1 interface to the file smtp.pcap.
Then while the tcpdump command is running, you try the certification test again. Once it has produced an error, you can stop tcpdump and look at the result with something like
tcpdump -nr smtp.pcap
SOLVED !
I have send a mail to the support explaining them that a HE user (you) was able to send mail to my mailserver. This is their response:
Should be better at this time. Looks like a stale cache entry was the
issue.
Thank you for your help!!!!!!!!!