• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Is HE Blocking SMTP from the IPv6 Internet to HE Tunnel Clients?

Started by corndog, October 16, 2012, 12:50:33 PM

Previous topic - Next topic

corndog

Hello all,

I did the whole setup and passed sage a while ago.  All worked well - DNS, SMTP, etc etc. 

I made my dual-stack setup permanent, and configured main services (DNS, SMTP mostly) to always try IPv6 first, and fall back to v4 if it doesn't work.  As a result, I have been sending mail to gmail for months using IPv6. 

However, I have yet to receive a single IPv6 email from outside. 

I have my postfix server listening on IPv6, and my lowest number MX record for my domain points to this IPv6 mail server.  Furthermore my firewall allows traffic to that server on port 25.  I can run a portscan from HE's tunnelbroker site that shows port 25 is accessible.  I have also tested that I can reach my postfix server on IPv6 from inside my network, so it is tested and verified working.

However, when I try a check on my domain from dnsstuff.com it reports my IPv6 SMTP server as unreachable.  And I don't show evidence of having ever received an inbound SMTP connection on IPv6.

Why?

broquea

(pulled your email from your forum profile) Seems fine, dig +trace shows:
baystreetnetworks.com.  38400   IN      MX      20 smtp.8inchfloppy.com.
baystreetnetworks.com.  38400   IN      MX      30 smtp.corplogo.com.
baystreetnetworks.com.  38400   IN      MX      40 mail.uhs.on.ca.
baystreetnetworks.com.  38400   IN      MX      10 smtp6.8inchfloppy.com.
baystreetnetworks.com.  38400   IN      NS      ns9.8inchfloppy.com.
baystreetnetworks.com.  38400   IN      NS      ns8.8inchfloppy.com.
baystreetnetworks.com.  38400   IN      NS      ns7.8inchfloppy.com.
baystreetnetworks.com.  38400   IN      NS      ns6.8inchfloppy.com.
;; Received 362 bytes from 208.83.212.78#53(208.83.212.78) in 71 ms


;; ANSWER SECTION:
smtp6.8inchfloppy.com.  38400   IN      AAAA    2001:470:b161:45::2


~$ telnet 2001:470:b161:45::2 25
Trying 2001:470:b161:45::2...
Connected to 2001:470:b161:45::2.
Escape character is '^]'.
220 smtp6.8inchfloppy.com ESMTP Postfix


Sent you an email just now, see this in my logs...

QuoteOct 16 18:53:52 ipvsixme postfix/smtp[1366]: D36B02C14EA: host smtp6.8inchfloppy.com[2001:470:b161:45::2] said: 450 4.2.0 <dstubbs@baystreetnetworks.com>: Recipient address rejected: Greylisted for 300 seconds (in reply to RCPT TO command)
Oct 16 18:53:53 ipvsixme postfix/smtp[1366]: D36B02C14EA: to=<dstubbs@baystreetnetworks.com>, relay=smtp.8inchfloppy.com[208.83.212.78]:25, delay=7, delays=0.08/0.01/6.8/0.08, dsn=4.2.0, status=deferred (host smtp.8inchfloppy.com[208.83.212.78] said: 450 4.2.0 <dstubbs@baystreetnetworks.com>: Recipient address rejected: Greylisted for 300 seconds (in reply to RCPT TO command))

Guess we'll see in 5 minutes! Also why is an IPv4 smtp relay getting involved? Or maybe I'm reading the transaction incorrectly.

Edit - There we go, a bit longer than 300s:

QuoteOct 16 19:01:10 ipvsixme postfix/qmgr[25015]: D36B02C14EA: from=<broquea@ipvsix.me>, size=650, nrcpt=1 (queue active)
Oct 16 19:01:11 ipvsixme postfix/smtp[1514]: D36B02C14EA: to=<dstubbs@baystreetnetworks.com>, relay=smtp6.8inchfloppy.com[2001:470:b161:45::2]:25, delay=445, delays=443/0.02/1.4/0.16, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 30D952250C)
Oct 16 19:01:11 ipvsixme postfix/qmgr[25015]: D36B02C14EA: removed

Maybe the 300s throws off other mail systems? I thought grey listing was usually around 30s.

corndog

Yep,

That looks good - thanks for the test. 

Must be a problem with DNSStuff's IPv6 test suite then...

That apparent "ipv4 relay getting involved" is just an artefact of the fact that my ipv6 smtp host is dual-stack, and self-reporting its ipv4 hostname in the greeting, methinks.

snarked

Not blocked for me.  I have received mail delivered over my IPv6 tunnel.

kasperd

Quote from: corndog on October 16, 2012, 12:50:33 PMI have been sending mail to gmail for months using IPv6. 

However, I have yet to receive a single IPv6 email from outside.
Gmail only got the first experimental support for SMTP over IPv6 around 6th of June this year. And AFAIR that was only in the direction from the rest of the net to Gmail. I don't know if and when Gmail got support for sending email over SMTP to the rest of the net. It is easy to test though. Just create a domain where all MX records point to IPv6 only hostnames, and send an email from Gmail to it. It should be quite obvious from the result if Gmail supports sending over IPv6.

However even if Gmail supports outgoing SMTP connections over IPv6, it would not surprise me at all if Google has decided to use IPv4 by default for any domain, which has even a single MX record with an IPv4 address.

Quote from: broquea on October 16, 2012, 06:52:58 PMAlso why is an IPv4 smtp relay getting involved?
When the first relay fails with a temporary error, it is perfectly normal to try another of the MX records.

Quote from: broquea on October 16, 2012, 06:52:58 PMMaybe the 300s throws off other mail systems? I thought grey listing was usually around 30s.
The sender is just told that there was a temporary error. It doesn't know that the receiving end expects it to retry after some specific duration. And after a temporary error, the sending system should keep retrying for a few days before giving up. After a few attempts the delay between attempts may increase to a few hours.

Quote from: corndog on October 16, 2012, 08:35:13 PMMust be a problem with DNSStuff's IPv6 test suite then...
Does it report different results for IPv4 and IPv6? It might just be that it sees greylisting as a problem and reports that problem. After all greylisting does mean that the receiving server will report a temporary error on first attempt to deliver any email.

Most users of such a test suite probably do not have the patience to wait for the test suite to figure out if it is "just" greylisting or a real problem. As such it is correct for such a test suite to report any domain using greylisting as being broken, unless the test suite explicitly supports greylisting and the user has indicated, that he wants to test a domain with greylisting.

prietus

hi, i can send and receive emails throug my ipv6 tunnel. may be the dual stack is your problem. if your ipv4 ptr does not  resolve the proper way may be you will be blasklisted or blocked.