• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

E-mail test.

Started by snarked, September 09, 2008, 02:12:40 PM

Previous topic - Next topic

snarked

Test:  An IPv6 enabled mail system

Problem - e-mail rejected.  Reason:

     550 5.4.3 DNS reverse lookup failed. (IPv6:2001:470:0:aa::1e)

I run a strict anti-spam system, and that includes that hosts sending mail to me must be properly configured with a reverse DNS lookup that does not indicate a dial-up or dynamic assignment (and no reverse lookup also fails).  This failure has nothing to do with MY IPv6 setup.

broquea

Whoops, thanks for pointing that out. rDNS should be pushed out shortly.

snarked

Thank you.  However, as your "minimum TTL" field from your SOA record says 1 day, I'll have to check again tomorrow - for it will take that long for the "nxdomain" cached answer to time out.

avongauss

The NXDOMAIN response should not be cached for that long, most servers that actually cache that response usually expire it after 2 hours.

snarked

Next problem.  I now see the reverse entry, but it doesn't map back to a corresponding forward entry.

My error message:  550 5.4.8 DNS PTR mismatch. (IPv6:2001:470:0:aa::1e)

!dig -x 2001:470:0:aa::1e
...
;; QUESTION SECTION:
;e.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.a.0.0.0.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa. IN PTR

;; ANSWER SECTION:
e.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.a.0.0.0.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa. 210 IN PTR arc.he.net.

However, the forward lookup maps to a different address:

;; QUESTION SECTION:
;arc.he.net.                    IN      AAAA

;; ANSWER SECTION:
arc.he.net.             2946    IN      AAAA    2001:470:0:aa::2

"2001:470:0:aa::2" not included in "2001:470:0:aa::1e" - so mail still rejected by my anti-spam system.  :o

broquea

Actually it's kinda odd that arc.he.net had extra ipv6 addresses configured on it out of the "aa" range. We've fixed this, and should only have 2001:470:0:aa::2 from that range now.

snarked

OK.  It works now - at least for my system, so perhaps for others too (if they also have similar strict rules).

broquea

We also fixed it so if you simply don't have an MX entry in DNS, it should default to the provided site's AAAA record.

tatsuling

I was trying to do the email test today and got an error from qmail in my logs when the message was delivered.
SMTP Response: 451 See http://pobox.com/~djb/docs/smtplf.html.

broquea

Quote from: tatsuling on September 17, 2008, 03:27:12 PM
I was trying to do the email test today and got an error from qmail in my logs when the message was delivered.
SMTP Response: 451 See http://pobox.com/~djb/docs/smtplf.html.


I'll have to set up qmail somewhere to test, however we do send \r\n (<CRLF>) after every command sent.