• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Administrator Certification Problem

Started by sigmoun, May 24, 2013, 09:48:48 AM

Previous topic - Next topic

sigmoun

Hi everyone,
I am trying to pass the administrator certification, I have successfully setup the MX ( you can check by yourself: dig mx mail.ipv6.forbidden-access.org )
When I ask for sending me the HE mail to get the code, it takes too long and no mail is received in my mail server ...
Has anyone experienced something similar ?
Visit my blog : www.forbidden-access.org

kasperd

Your mailserver appears to be down.traceroute to mail.ipv6.forbidden-access.org (2001:470:28:f0a:95f0:1a5b:6b47:2265), 30 hops max, 80 byte packets
1  2a01:d0:839a:babe:735d:77a7:990d:702c  0.130 ms  0.168 ms  0.209 ms
2  2001:470:0:11e::2  40.965 ms  47.021 ms  47.911 ms
3  2001:470:27:f0a::2  158.772 ms  146.462 ms  153.476 ms
4  *  *  *
5  *  *  *
6  *  *  *
7  *  *  *
8  2001:470:27:f0a::2  285.995 ms !H  171.668 ms !H  *

broquea

what was the specific email addy you submitted, because everything left of @ including the @ gets stripped, and the test works with what remains.

sigmoun

#3
@kasperd Yes when you did the test, the mailserver was rebooting  :P now he is up and still waiting for mails :(
@broquea I am trying to test with sigmoun@mail.ipv6.forbidden-access.org
Thanks !
Visit my blog : www.forbidden-access.org

sigmoun

I have change the AAAA and so the MX to zied.forbidden-access.org
But it's still sending ...
Visit my blog : www.forbidden-access.org

kasperd

Quote from: sigmoun on May 25, 2013, 02:47:25 AMnow he is up and still waiting for mails
Nope. Still down. The traceroute output looks the same as before. Your router responds with no route to host, after three seconds. This almost certainly means your router is sending a neighbor discovery and getting no reply back from the mail server, so after three seconds the router times out and send an error back.

sigmoun

Quote from: kasperd on May 25, 2013, 04:27:55 AM
Quote from: sigmoun on May 25, 2013, 02:47:25 AMnow he is up and still waiting for mails
Nope. Still down. The traceroute output looks the same as before. Your router responds with no route to host, after three seconds. This almost certainly means your router is sending a neighbor discovery and getting no reply back from the mail server, so after three seconds the router times out and send an error back.

I have changed the AAAA (and so the MX) to :
zied.forbidden-access.org,
I think you made the test with mail.ipv6.forbidden-access.org that's why you have no route to host.
Visit my blog : www.forbidden-access.org

kasperd

Quote from: sigmoun on May 25, 2013, 04:59:13 AMI have changed the AAAA (and so the MX) to :
zied.forbidden-access.org,
That host is responding, but HE have packet filters in place preventing others from connecting to your mailserver. That means either the issue need to be debugged using only information available from your end of the connection, or you need to email ipv6@he.net and ask them to help you.

If you install a Teredo relay on your router, I would be able to find out a bit more about what your problem is. And installing such a Teredo relay is a good idea anyway, as it will give you a more reliable communication, when communicating with Teredo users. What OS are you running on the router? I know how to install and configure a Teredo relay on an Ubuntu system, and it is really easy.

sigmoun

Thanks for these information,
As router I am using Vyatta ...
Visit my blog : www.forbidden-access.org

kasperd

Quote from: sigmoun on May 25, 2013, 06:21:35 AMAs router I am using Vyatta ...
According to Wikipedia it is based on Debian just like Ubuntu is, and it is specialized for networking. With those properties it definitely should support running a Teredo relay. So how about you try out the steps that works on Ubuntu and let us know, if they work on Vyatta as well.

First of all install the software with apt-get install miredo. Secondly edit the /etc/miredo.conf configuration file. The default configuration file on installation is for a Teredo client, and what you want is not a client, but a relay. Here is the configuration file, I use on one of my machines# Please refer to the miredo.conf(5) man page for details.
InterfaceName   teredo
RelayType relay

# Pick a Teredo server:
#ServerAddress  teredo.ipv6.microsoft.com
#ServerAddress  teredo-debian.remlab.net

# Some firewall/NAT setups require a specific UDP port number:
#BindPort       3545
BindPort        64646
I made three changes. I changed the RelayType, I commented out the ServerAddress, and I added a BindPort. I picked a static port number between 61000 and 65535, just for convenience. It is easier to recognize in packet dumps that way. Finally run service miredo restart which will stop the Teredo client (which may have been started automatically by apt-get install) and then start the relay.

kasperd

Looks like you got the Teredo relay up, as I can see when I now ping zied.forbidden-access.org from a Teredo client, the Teredo server gives me a different Teredo relay address.

But packets send from my Teredo client to your Teredo relay appear to get lost on the route. Is there a firewall or a NAT device between your Vyatta router and the Internet preventing packets from me making it to the Vyatta router? Or could there be a firewall rule on the Vyatta router blocking packets to the Teredo relay?

sigmoun

yes I have installed Terodo as you asked and forward the port from my router...
What should I do now ?
Visit my blog : www.forbidden-access.org

sigmoun

by the way, the he support answer was
SMTP is not filtered to/from the system that performs the administrator
test.
Visit my blog : www.forbidden-access.org

kasperd

Quote from: sigmoun on May 25, 2013, 07:23:09 AMWhat should I do now ?
I tried running an nmap against your IPv6 address, now that your Teredo relay is functional. This is what I got:nmap -6 zied.forbidden-access.org

Starting Nmap 5.21 ( http://nmap.org ) at 2013-05-25 16:31 CEST
Nmap scan report for 2001:470:28:f0a:6510:c8c3:a3cf:f911
Host is up (0.095s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 5.23 seconds
So it looks like nothing is listening on port 25 on that host. That would explain why no email can be delivered to it. So check again that the mailserver is indeed running on zied.forbidden-access.org, and check which IP it is listening on. Maybe it is listening only on ::1 or maybe it is listening only on IPv4.

kasperd

Quote from: sigmoun on May 25, 2013, 07:24:31 AMby the way, the he support answer was
SMTP is not filtered to/from the system that performs the administrator
test.
They may have misunderstood the question. But then again, I haven't seen the question you send to them.

I know the filters don't prevent going through the certification test, if you got the mailserver setup correctly. But the filter prevents anybody else from trying to connect to the server to find out, why it isn't working. That means you cannot just go to the forum and ask for help, because nobody on the forum can see what is happening behind the HE filters.

That is why I suggested that you go to ipv6@he.net and ask for the advice, you could previously have gotten from the forum. But they appear not to have understood that point.

I guess that just means whenever such question shows up, I'll advice people to setup a Teredo relay instead. No harm done, if many of the people going through the certification test learns to setup a Teredo relay. And now if you happen to want to ssh back home from your laptop, and you are somewhere with only IPv4 connectivity, then you can just use a Teredo client on your laptop. :-)