• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Configuring Mountain Lion Server, 10.8.4, POSTFIX to accept email

Started by derby, July 28, 2013, 12:06:03 PM

Previous topic - Next topic

derby

I have a tunnel set up between HE and my Cisco 1921 Router running CISCO IOS 15.1(4).  The tunnel seems to work just fine in that I have been able connect to IPV6 web sites from my iPhone, iPad and MacBook Pro running on the LAN for several years.  I can access a test web site at http://ipv6.pderby.com with no problems from my LAN.

Mountain Lion Server comes with POSTFIX Version 2.9.2 installed.  I've configured POSTFIX running Mountain Lion server 10.8.4 to listen on all interfaces and to accept email from the virtual domain ipv6.pderby.com and added the server's ip address

mynetworks = 96.231.165.212, [2001:470:8:444:226:b0ff:fef3:fe6c], 127.0.0.0/8, [::1]/128
inet_protocols = all
inet_interfaces = all


I use DNSMadeEasy for DNS and have added an MX record:  ipv6.pderby.com and an AAAA record of 2001:470:8:444:226:b0ff:fef3:fe6c as the IP address for ipv6.pderby.com

Using one of the IPV6 test web sites I can PING and TraceRoute to my ipv6.pderby.com server.

When I attempt to have Hurricane Electric send an email to the server nothing shows up in the log and HE doesn't report back failure of delivery.

Here is the output of ifconfig on my server:

red:~ pderby$ ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4>
ether 00:26:b0:f3:fe:6c
inet6 fe80::226:b0ff:fef3:fe6c%en0 prefixlen 64 scopeid 0x4
inet 10.6.18.7 netmask 0xffffff00 broadcast 10.6.18.255
inet6 2001:470:8:444:226:b0ff:fef3:fe6c prefixlen 64 autoconf
inet6 2001:470:8:444:bd0d:7f0d:c1ff:5da9 prefixlen 64 deprecated autoconf temporary
inet6 2001:470:8:444:d013:df18:607b:b3e3 prefixlen 64 deprecated autoconf temporary
inet6 2001:470:8:444:b57e:3852:e89d:e1db prefixlen 64 deprecated autoconf temporary
inet6 2001:470:8:444:3508:ee73:73cc:840f prefixlen 64 deprecated autoconf temporary
inet6 2001:470:8:444:6500:2461:1fc0:bb5d prefixlen 64 deprecated autoconf temporary
inet6 2001:470:8:444:30a5:ddd5:dd31:82f2 prefixlen 64 deprecated autoconf temporary
inet6 2001:470:8:444:2568:ea85:9cef:c0cd prefixlen 64 autoconf temporary
media: autoselect (1000baseT <full-duplex>)
status: active
en1: flags=8823<UP,BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
ether 00:26:b0:f7:f5:78
media: autoselect (<unknown type>)
status: inactive
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr 00:26:b0:ff:fe:f3:fe:6c
media: autoselect <full-duplex>
status: inactive
vlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=23<RXCSUM,TXCSUM,TSO4>
ether 00:26:b0:f3:fe:6c
inet6 fe80::226:b0ff:fef3:fe6c%vlan0 prefixlen 64 scopeid 0x7
inet 96.231.165.212 netmask 0xffff0000 broadcast 96.231.255.255
vlan: 2 parent interface: en0
media: autoselect (1000baseT <full-duplex>)
status: active
red:~ pderby$


I'm at a loss of how to go about solving this problem.  My command line skills are limited as is my knowledge of networks.  This is a learning exercise for me.

Any guidance on what to do to understand what is "broken" so that I can configure the router, server, DNS provider or POSTFIX to enable POSTFIX to receive ipv6 email addressed to pderby@ipv6.pderby.com  would be most welcomed.

kasperd

Quote from: derby on July 28, 2013, 12:06:03 PMI use DNSMadeEasy for DNS and have added an MX record:  ipv6.pderby.com and an AAAA record of 2001:470:8:444:226:b0ff:fef3:fe6c as the IP address for ipv6.pderby.com
You appear to have installed a firewall, which does not permit incoming email. When I try to contact the server, I get an error from 2001:470:7:444::2.

derby

Thank you kasperd,

I looked through my Cisco router config file and found the following:

ipv6 access-list tu1-in
permit icmp any any echo-request
permit icmp any any echo-reply
permit tcp 2001:4FFF::/32 any eq 22
evaluate reflectout
deny ipv6 any any log-input
!
ipv6 access-list tu1-out
permit icmp any any echo-reply
permit icmp any any echo-request
permit tcp any any reflect reflectout
permit udp any any reflect reflectout
deny ipv6 any any log-input


I forgot that I put these "rules" in the  router configuration for the HE Tunnel interface some time ago.

All is working fine now.