SixXS::Sunset 2017-06-06

IPv6 SMTP to gmail
[dk] Shadow Hawkins on Monday, 22 April 2013 15:42:46
Last week gmail suddenly started bouncing emails because they are "likely unsolicited email". After much trail and error, and verification of my SPF record, and firewall, etc. the last-ditch attempt, using IPv4, worked. Has anyone experienced the same problem? Has Sixxs IPv6 addresses suddenly been blacklisted by gmail? Or does gmail has a bug regarding parsing IPv6 in SPF records?
IPv6 SMTP to gmail
[nl] Shadow Hawkins on Sunday, 06 October 2013 14:02:48
Just for reference; I've had the exact same issue with sending over IPv6 to gmail, and it turned out to be a problem with reverse DNS.
IPv6 SMTP to gmail
[ch] Jeroen Massar SixXS Staff on Monday, 22 April 2013 17:18:25
Can you provide the exact error messages and IP addresses involved, we might be able to follow up on this to the Gmail Team. Typically though there should not be any issues. You might want to check what kind of content you are sending and maybe even if your host is an open relay or not.
IPv6 SMTP to gmail
[dk] Shadow Hawkins on Monday, 22 April 2013 18:07:12
Last success: Apr 19 15:19:32 isjsys5 postfix/smtp[11106]: E3DB65C009D: to=<redacted@redacted.com>, relay=aspmx.l.google.com[2a00:1450:4013:c00::1a]:25, delay=2.2, delays=0.07/0.04/0.96/1.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1366377572 h7si19958127eex.57 - gsmtp) First failure: Apr 20 13:18:38 isjsys5 postfix/smtp[16996]: B86515C009C: to=<redacted@redacted.com>, relay=aspmx.l.google.com[2a00:1450:4013:c01::1a]:25, delay=2.2, delays=0.07/0.04/1.1/1, dsn=5.7.1, status=bounced (host aspmx.l.google.com[2a00:1450:4013:c01::1a] said: 550-5.7.1 [2001:16d8:dd31:1:20d:93ff:fe73:ac12 7] Our system has detected 550-5.7.1 that this message is likely unsolicited mail. To reduce the amount of 550-5.7.1 spam sent to Gmail, this message has been blocked. Please visit 550-5.7.1 http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for 550 5.7.1 more information. x41si19567373eey.258 - gsmtp (in reply to end of DATA command)) Timestamps are CEST Sending host is: 2001:16d8:dd31:1:20d:93ff:fe73:ac12 Sending domain is i1.dk The SPF record (TXT) for i1.dk was: i1.dk text = "v=spf1 ip4:188.176.48.94 ip4:93.167.50.108 mx -all" I tried to change it to the below but to no avail: i1.dk text = "v=spf1 ip4:188.176.48.94 ip4:93.167.50.108 ip6:2001:16d8:dd31:1:20d:93ff:fe73:ac12 mx -all" The attempted email was text/plain and didn't contain any words usually found in spam. The host is not an open relay, and is the only host permitted to make outbound connections to port 25.
IPv6 SMTP to gmail
[pl] Shadow Hawkins on Friday, 26 April 2013 16:11:55
Started to have exactly the same problem.
IPv6 SMTP to gmail
[ch] Jeroen Massar SixXS Staff on Saturday, 27 April 2013 09:45:11
Please provide details so that we can relay these to the gmail team.
IPv6 SMTP to gmail
[be] Shadow Hawkins on Friday, 10 May 2013 11:51:58
Jeroen Massar wrote:
Please provide details so that we can relay these to the gmail team.
I don't think it's sixxs related. I'm having issues sending from tunnelbroker to.
IPv6 SMTP to gmail
[se] Shadow Hawkins on Monday, 27 May 2013 20:28:44
wim vinckier wrote:
Jeroen Massar wrote:
Please provide details so that we can relay these to the gmail team.
I don't think it's sixxs related. I'm having issues sending from tunnelbroker to.
I had the same issue from my native (Non Sixxs) IPv6 addresses despite having proper SPF and DKIM-entries (but no back resolve). The mails started to bounce about the same time , April 20. After making sure there was a working back/forward resolve for the IPv6 address on the mail server it started to work again. SMTP error from remote mail server after end of data: host gmail-smtp-in.l.google.com [2a00:1450:4010:c03::1b]: 550-5.7.1 [2001:16d8:X:XX::X 7] Our system has detected that this message 550-5.7.1 is likely unsolicited mail. To reduce the amount of spam sent to 550-5.7.1 Gmail, this message has been blocked. Please visit 550-5.7.1 http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for 550 5.7.1 more information. zr10si2111016lbb.177 - gsmtp //Erik
IPv6 SMTP to gmail
[dk] Shadow Hawkins on Saturday, 01 June 2013 17:03:55
Erik Ragnar Norell wrote:
After making sure there was a working back/forward resolve for the IPv6 address on the mail server it started to work again.
Interesting. I will give that a shot when I have time to configure it. Also interesting is that my IPv4 doesn't have a proper reverse DNS, but mails from that go through fine. /Ivan
IPv6 SMTP to gmail
[dk] Shadow Hawkins on Saturday, 22 June 2013 16:14:12
Ivan Skytte Joergensen wrote:
Erik Ragnar Norell wrote:
After making sure there was a working back/forward resolve for the IPv6 address on the mail server it started to work again.
Interesting. I will give that a shot when I have time to configure it. Also interesting is that my IPv4 doesn't have a proper reverse DNS, but mails from that go through fine. /Ivan
Hi Ivan, did you manage to get gmail to accept your mail? Currently I have the same problem, using a server at a hosting provider with native ipv6 connection. Discussing the problem with a friend he noticed that gmail might not be parsing ipv6 correctly. From the reject message: Diagnostic-Code: smtp; 550-5.7.1 [2001:1448:202::4 1] Our system ... I dont think the " 1" should be there This, combined with a server at a neighbor address [2001:1448:202::3] (but on another domain) was compromised a week ago and used to send spam, might be a problem. I was sort of thinking that if Google dont parse addresses correctly then a blacklisting might hit several servers. Just guessing :-) -- Klaus
IPv6 SMTP to gmail
[ch] Jeroen Massar SixXS Staff on Monday, 01 July 2013 13:27:56
It seems the primary thing to make sure of that the IP you connect from has a proper reverse DNS setup, that matches a forward and back again. It is then advised that this hostname is also used in the HELO/EHLO message to identify that host. 2001:1448:202::3 does not have a reverse for instance, thus check your reverses.
IPv6 SMTP to gmail
[dk] Shadow Hawkins on Monday, 02 September 2013 18:54:10
Jeroen Massar wrote:
It seems the primary thing to make sure of that the IP you connect from has a proper reverse DNS setup, that matches a forward and back again. It is then advised that this hostname is also used in the HELO/EHLO message to identify that host. 2001:1448:202::3 does not have a reverse for instance, thus check your reverses.
Sorry I forgot to check back on this forum as was forced to attended attend to other matters for a while. Thank for your input but I do think that my setup is correct. 2001:1448:202::4 has a proper reverse record and is the server in from which I try to send mail. The story about 2001:1448:202::3 was just a side note. It should never have been able to send mail (but was hacked)
IPv6 SMTP to gmail
[dk] Shadow Hawkins on Saturday, 06 July 2013 10:51:04
Klaus Vink Slott wrote:
Ivan Skytte Joergensen wrote:
Erik Ragnar Norell wrote:
After making sure there was a working back/forward resolve for the IPv6 address on the mail server it started to work again.
Interesting. I will give that a shot when I have time to configure it. Also interesting is that my IPv4 doesn't have a proper reverse DNS, but mails from that go through fine. /Ivan
Hi Ivan, did you manage to get gmail to accept your mail?
Yes, although I'm not 100% finished with tinkering with it. I had in my postfix main.cf: myhostname = i1.dk i1.dk has AAAA record 2001:16d8:dd31:1:20d:93ff:fe73:ac12 Reverse-DNS for 2001:16d8:dd31:1:20d:93ff:fe73:ac12 is isjsys5-i0.int.i1.dk And that caused emails to bounce a month ago. I started tinkering with it today, reverted my workaround in 'transport' (forcing IPv4 for gmail.com). I changed postfix main.cf to use myhostname=isjsys5.int.i1.dk which has CNAME to isjsys5-i0.int.i1.dk, which has AAAA 2001:16d8:dd31:1:20d:93ff:fe73:ac12, which has reverse-DNS to isjsys5-i0.int.i1.dk That worked. I then changed myhostname back to i1.dk. That worked too (?) So I'm now back to the configuration I had before emails started bouncing. I'm confused. The only thing I'm not 100% sure of is whether reverse-DNS delegation for IPv6 was working a few months ago. Furthermore: I opened my firewall for another internal host to send email. I then let it send an email to gmail. That worked to. So gmail is currently ignoring my SPF record. /Ivan
IPv6 SMTP to gmail
[ch] Jeroen Massar SixXS Staff on Saturday, 06 July 2013 15:14:20
I changed postfix main.cf to use myhostname=isjsys5.int.i1.dk which has CNAME to isjsys5-i0.int.i1.dk,
You should avoid any use of CNAME where possible, especially when they are in-zone; yes they are useful, but they cause all kind of non-expected side-effects. As such, try just using A/AAAA records. Generating any items that should be an alias is the better way to go.
That worked too (?)
Could be coincidental but more likely: (DNS) cached details.
So gmail is currently ignoring my SPF record.
Or only using it for ranking. Did your outbound connection use IPv6 or IPv4 and was it maybe in any other way valid for your record?
IPv6 SMTP to gmail
[dk] Shadow Hawkins on Sunday, 07 July 2013 16:59:39
Jeroen Massar wrote:
> I changed postfix main.cf to use myhostname=isjsys5.int.i1.dk which has CNAME to isjsys5-i0.int.i1.dk, You should avoid any use of CNAME where possible, especially when they are in-zone;
I don't use CNAME for inbound email. The MX for my doamin is isjmx.i1.dk, which has A AAA records. I was just checking if the hostname presented in the SMTP initialization phase made any difference. Apparently it doesn't.
> That worked too (?) Could be coincidental but more likely: (DNS) cached details.
So gmail is currently ignoring my SPF record.
Or only using it for ranking. Did your outbound connection use IPv6 or IPv4 and was it maybe in any other way valid for your record?
It used IPv6. From my maillog of that test: 2013-07-04T13:30:36.985447+02:00 isjsys postfix/smtp[4562]: 277A82683B: to=<redacted@gmail.com>, relay=gmail-smtp-in.l.google.com[2a00:1450:4013:c00::1b]:25, delay=0.83, delays=0.01/0.01/0.17/0.63, dsn=2.0.0, status=sent (250 2.0.0 OK 1372937436 w7si2097216eeg.288 - gsmtp) I cannot see which source address it used, but it was likely a temporary one with no reverse-DNS. As I wrote earlier my SPF records was (and had been for years) "v=spf1 ip4:188.176.48.94 ip4:93.167.50.108 mx -all". When the emails started bouncing I changed it to "v=spf1 ip4:188.176.48.94 ip4:93.167.50.108 ip6:2001:16d8:dd31:1:20d:93ff:fe73:ac12 mx -all" just to see if an explicit IPv6 address made any difference and waited the TTL amount of time, and re-tried - no luck. So it shouldn't be a DNS cache issue. My current theory is that the reverse-DNS wasn't working when the trouble started.
IPv6 SMTP to gmail
[dk] Shadow Hawkins on Monday, 02 September 2013 19:03:11
Ivan Skytte Joergensen wrote:
Jeroen Massar wrote:
> I changed postfix main.cf to use myhostname=isjsys5.int.i1.dk which has CNAME to isjsys5-i0.int.i1.dk, You should avoid any use of CNAME where possible, especially when they are in-zone;
I don't use CNAME for inbound email. The MX for my doamin is isjmx.i1.dk, which has A AAA records. I was just checking if the hostname presented in the SMTP initialization phase made any difference. Apparently it doesn't.
> That worked too (?) Could be coincidental but more likely: (DNS) cached details.
So gmail is currently ignoring my SPF record.
Or only using it for ranking. Did your outbound connection use IPv6 or IPv4 and was it maybe in any other way valid for your record?
It used IPv6. From my maillog of that test: 2013-07-04T13:30:36.985447+02:00 isjsys postfix/smtp[4562]: 277A82683B: to=<redacted@gmail.com>, relay=gmail-smtp-in.l.google.com[2a00:1450:4013:c00::1b]:25, delay=0.83, delays=0.01/0.01/0.17/0.63, dsn=2.0.0, status=sent (250 2.0.0 OK 1372937436 w7si2097216eeg.288 - gsmtp) I cannot see which source address it used, but it was likely a temporary one with no reverse-DNS. As I wrote earlier my SPF records was (and had been for years) "v=spf1 ip4:188.176.48.94 ip4:93.167.50.108 mx -all". When the emails started bouncing I changed it to "v=spf1 ip4:188.176.48.94 ip4:93.167.50.108 ip6:2001:16d8:dd31:1:20d:93ff:fe73:ac12 mx -all" just to see if an explicit IPv6 address made any difference and waited the TTL amount of time, and re-tried - no luck. So it shouldn't be a DNS cache issue. My current theory is that the reverse-DNS wasn't working when the trouble started.
Hmm.. ok then your problem might not be related to mine. But I find it very difficult to make any sence out of this and I still suspect that gmail has some errors in handling ipv6 mail. But thank for for yor feedback. As soon as I get a little time over for playing with ipv6 i report back on my findings.

Please note Posting is only allowed when you are logged in.

Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker