Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: E-mail test.  (Read 11311 times)

snarked

  • Hero Member
  • *****
  • Posts: 758
E-mail test.
« on: September 09, 2008, 02:12:40 PM »

Test:  An IPv6 enabled mail system

Problem - e-mail rejected.  Reason:

     550 5.4.3 DNS reverse lookup failed. (IPv6:2001:470:0:aa::1e)

I run a strict anti-spam system, and that includes that hosts sending mail to me must be properly configured with a reverse DNS lookup that does not indicate a dial-up or dynamic assignment (and no reverse lookup also fails).  This failure has nothing to do with MY IPv6 setup.
Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1718
Re: E-mail test.
« Reply #1 on: September 09, 2008, 03:03:54 PM »

Whoops, thanks for pointing that out. rDNS should be pushed out shortly.
Logged

snarked

  • Hero Member
  • *****
  • Posts: 758
Re: E-mail test.
« Reply #2 on: September 09, 2008, 05:18:45 PM »

Thank you.  However, as your "minimum TTL" field from your SOA record says 1 day, I'll have to check again tomorrow - for it will take that long for the "nxdomain" cached answer to time out.
Logged

avongauss

  • Newbie
  • *
  • Posts: 14
    • Home Page
Re: E-mail test.
« Reply #3 on: September 09, 2008, 06:42:52 PM »

The NXDOMAIN response should not be cached for that long, most servers that actually cache that response usually expire it after 2 hours.
Logged

snarked

  • Hero Member
  • *****
  • Posts: 758
Re: E-mail test.
« Reply #4 on: September 10, 2008, 12:35:10 PM »

Next problem.  I now see the reverse entry, but it doesn't map back to a corresponding forward entry.

My error message:  550 5.4.8 DNS PTR mismatch. (IPv6:2001:470:0:aa::1e)

!dig -x 2001:470:0:aa::1e
...
;; QUESTION SECTION:
;e.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.a.0.0.0.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa. IN PTR

;; ANSWER SECTION:
e.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.a.0.0.0.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa. 210 IN PTR arc.he.net.

However, the forward lookup maps to a different address:

;; QUESTION SECTION:
;arc.he.net.                    IN      AAAA

;; ANSWER SECTION:
arc.he.net.             2946    IN      AAAA    2001:470:0:aa::2

"2001:470:0:aa::2" not included in "2001:470:0:aa::1e" - so mail still rejected by my anti-spam system.  :o
Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1718
Re: E-mail test.
« Reply #5 on: September 10, 2008, 12:53:33 PM »

Actually it's kinda odd that arc.he.net had extra ipv6 addresses configured on it out of the "aa" range. We've fixed this, and should only have 2001:470:0:aa::2 from that range now.
Logged

snarked

  • Hero Member
  • *****
  • Posts: 758
Re: E-mail test.
« Reply #6 on: September 10, 2008, 07:54:01 PM »

OK.  It works now - at least for my system, so perhaps for others too (if they also have similar strict rules).
Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1718
Re: E-mail test.
« Reply #7 on: September 10, 2008, 08:01:09 PM »

We also fixed it so if you simply don't have an MX entry in DNS, it should default to the provided site's AAAA record.
Logged

tatsuling

  • Newbie
  • *
  • Posts: 2
Re: E-mail test.
« Reply #8 on: September 17, 2008, 03:27:12 PM »

I was trying to do the email test today and got an error from qmail in my logs when the message was delivered.
Code: [Select]
SMTP Response: 451 See http://pobox.com/~djb/docs/smtplf.html.
Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1718
Re: E-mail test.
« Reply #9 on: September 17, 2008, 06:29:40 PM »

I was trying to do the email test today and got an error from qmail in my logs when the message was delivered.
Code: [Select]
SMTP Response: 451 See http://pobox.com/~djb/docs/smtplf.html.

I'll have to set up qmail somewhere to test, however we do send \r\n (<CRLF>) after every command sent.
Logged