[conspire] missing rDNS for (intentionally missing) IPv6
Rick Moen
rick at linuxmafia.com
Wed Feb 24 15:44:38 PST 2021
Quoting Rick Moen (rick at linuxmafia.com):
> Oh, for crissakes. What _now_? I don't even have IPv6 on
> linuxmafia.com at the PTR stuff is all IPV4.
>
> $ dig linuxmafia.com +short
> 96.95.217.99
> $ dig -x 96.95.217.99 +short
> linuxmafia.com.
> $
Confirmed.
[rick at linuxmafia]
~ $ telnet aspmx.l.google.com 25
Trying 2607:f8b0:4023:c03::1b...
Connected to aspmx.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP 69si3339110pla.92 - gsmtp
HELO linuxmafia.com
250 mx.google.com at your service
MAIL FROM: <rick at linuxmafia.com>
250 2.1.0 OK 69si3339110pla.92 - gsmtp
RCPT TO: <rossbernheim at gmail.com>
250 2.1.5 OK 69si3339110pla.92 - gsmtp
DATA
354 Go ahead 69si3339110pla.92 - gsmtp
From: Rick Moen <rick at linuxmafia.com>
To: Ross Bernheim <rossbernheim at gmail.com>
Subject: Test message #1
Sorry about the intrusion. Sending you a test message to
test a possible problem with GMail suddenly getting really
picky about my rDNS lacking something for IPv6.
.
550-5.7.1 [2603:3024:182f:d100:220:edff:fe13:ba89] Our system has detected that
550-5.7.1 this message does not meet IPv6 sending guidelines regarding PTR
550-5.7.1 records and authentication. Please review
550-5.7.1 https://support.google.com/mail/?p=IPv6AuthError for more information
550 5.7.1 . 69si3339110pla.92 - gsmtp
Connection closed by foreign host.
[rick at linuxmafia]
~ $
What the 550 perm-reject message says is: "We detect that your
SMTP stream is currently coming from IPv6 address
2603:3024:182f:d100:220:edff:fe13:ba89 , but there is no reverse-DNS
PTR-type record for that IPV6 address, and we at GMail now refuse to
accept your SMTP mail if (1) we detect your IPv6 address and (2) no RDNS
exists for that."
I've actually tried pretty hard to _not_ have an IPv6 address associated
with my server, because it wasn't obligatory and my life was kept
simpler. Except, now somehow...
linuxmafia:~# ifconfig eth2
eth2 Link encap:Ethernet HWaddr 00:20:ed:13:ba:89
inet addr:96.95.217.99 Bcast:96.95.217.103 Mask:255.255.255.248
inet6 addr: 2603:3024:182f:d100:220:edff:fe13:ba89/64 Scope:Global
inet6 addr: fe80::220:edff:fe13:ba89/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:543847 errors:0 dropped:0 overruns:0 frame:0
TX packets:540860 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:88174897 (84.0 MiB) TX bytes:211598341 (201.7 MiB)
linuxmafia:~#
Which implies that Comcast Business needs to add this to its rDNS:
9.8.a.b.3.1.e.f.f.f.d.e.0.2.2.0.0.0.1.d.f.2.8.1.4.2.0.3.3.0.6.2.ip6.arpa. 1h IN PTR linuxmafia.com.
(Ten minutes later:)
Talked to Comcast Business Support, and they created an escalated
trouble ticket to create the PTR record.
As it happens, a houseguest did something yesterday that brought down
power to my server (plugging a high-amperage device into the 1956
AC feed in the garage), ergo linuxmafia.com's host had an unplanned
restart. I _thought_ I had disabled IPv6 in the config. Is it
possible I was so frazzled that I didn't add
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
...to /etc/sysctl.conf?
(RM checks /etc/sysctl.conf.)
Nothing in there to de-IPv6 the server. I _vaguely_ recall that
I just manually re-IPed the machine from the command line when Raw Bandwidth
went away and then checked /etc/network/interfaces and /etc/hosts to
reflect the re-IPing. And put only IPv4 into those.
Oh-kay. For _now_, I have amended sysctl.conf to do that, and
re-run "sysctl -p" to implement. Now:
linuxmafia:/etc/network# ifconfig eth2
eth2 Link encap:Ethernet HWaddr 00:20:ed:13:ba:89
inet addr:96.95.217.99 Bcast:96.95.217.103 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:558520 errors:0 dropped:0 overruns:0 frame:0
TX packets:553725 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:90248416 (86.0 MiB) TX bytes:215188899 (205.2 MiB)
linuxmafia:/etc/network#
Now:
$ telnet aspmx.l.google.com 25
Trying 74.125.137.26...
Connected to aspmx.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP t1si2346812pgu.251 - gsmtp
HELO linuxmafia.com
250 mx.google.com at your service
MAIL FROM: <rick at linuxmafia.com>
250 2.1.0 OK t1si2346812pgu.251 - gsmtp
RCPT TO: <rossbernheim at gmail.com>
250 2.1.5 OK t1si2346812pgu.251 - gsmtp
DATA
354 Go ahead t1si2346812pgu.251 - gsmtp
From: Rick Moen <rick at linuxmafia.com>
To: Ross Bernheim <rossbernheim at gmail.com>
Subject: Test message #2
Sorry about the intrusion. Sending you a test message to
test a possible problem with GMail suddenly getting really
picky about my rDNS lacking something for IPv6.
.
250 2.0.0 OK 1614210025 t1si2346812pgu.251 - gsmtp
quit
221 2.0.0 closing connection t1si2346812pgu.251 - gsmtp
Connection closed by foreign host.
$
That's better.
Yes, I _will_ consider lightening up on IPv6, after I've verified
that Comcast Business implemented that DNS addition, and after
I've amended my own SPF record to add the IPv6. For now, I am
just stopping at the point where the dominant SMTP player in the
entire world was suddenly rejecting everything from my domain/server,
and count my blessings.
> ----- Forwarded message from Mail Delivery System <Mailer-Daemon at linuxmafia.com> -----
>
> Date: Wed, 24 Feb 2021 13:24:42 -0800
> From: Mail Delivery System <Mailer-Daemon at linuxmafia.com>
> To: rick at linuxmafia.com
> Subject: Mail delivery failed: returning message to sender
>
> This message was created automatically by mail delivery software.
>
> A message that you sent could not be delivered to one or more of its
> recipients. This is a permanent error. The following address(es) failed:
>
> rossbernheim at gmail.com
> SMTP error from remote mail server after end of data:
> host gmail-smtp-in.l.google.com [2607:f8b0:4023:c03::1a]:
> 550-5.7.1 [2603:3024:182f:d100:220:edff:fe13:ba89] Our system has detected that
> 550-5.7.1 this message does not meet IPv6 sending guidelines regarding PTR
> 550-5.7.1 records and authentication. Please review
> 550-5.7.1 https://support.google.com/mail/?p=IPv6AuthError for more information
> 550 5.7.1 . x8si3597028pfq.57 - gsmtp
> yaconsult at gmail.com
> SMTP error from remote mail server after end of data:
> host gmail-smtp-in.l.google.com [2607:f8b0:4023:c03::1a]:
> 550-5.7.1 [2603:3024:182f:d100:220:edff:fe13:ba89] Our system has detected that
> 550-5.7.1 this message does not meet IPv6 sending guidelines regarding PTR
> 550-5.7.1 records and authentication. Please review
> 550-5.7.1 https://support.google.com/mail/?p=IPv6AuthError for more information
> 550 5.7.1 . x8si3597028pfq.57 - gsmtp
>
> ------ This is a copy of the message, including all the headers. ------
>
> Return-path: <rick at linuxmafia.com>
> Received: from rick by linuxmafia.com with local (Exim 4.72)
> (envelope-from <rick at linuxmafia.com>)
> id 1lF1eD-00056L-FL; Wed, 24 Feb 2021 13:24:41 -0800
> Date: Wed, 24 Feb 2021 13:24:41 -0800
> From: Rick Moen <rick at linuxmafia.com>
> To: Leo <yaconsult at gmail.com>
> Cc: Ross Bernheim <rossbernheim at gmail.com>
> Subject: Re: Report: Fry???s Electronics going out of business, shutting
> down all stores | Ars Technica
> Message-ID: <20210224212441.GA2978 at linuxmafia.com>
> References: <CACHkUw6Ki7dNg5Te44Q+QNCuR5NBB_Rz3L=HBAS9FNvJK5G-RA at mail.gmail.com>
> MIME-Version: 1.0
> Content-Type: text/plain; charset=utf-8
> Content-Disposition: inline
> In-Reply-To: <CACHkUw6Ki7dNg5Te44Q+QNCuR5NBB_Rz3L=HBAS9FNvJK5G-RA at mail.gmail.com>
> Organization: If you lived here, you'd be $HOME already.
> X-Mas: Bah humbug.
> X-Clacks-Overhead: GNU Terry Pratchett
> User-Agent: Mutt/1.5.20 (2009-06-14)
> X-SA-Exim-Connect-IP: <locally generated>
> X-SA-Exim-Mail-From: rick at linuxmafia.com
> X-SA-Exim-Scanned: No (on linuxmafia.com); SAEximRunCond expanded to false
>
> Quoting Leo (yaconsult at gmail.com):
>
> > https://arstechnica.com/information-technology/2021/02/frys-electronics-is-no-more-and-all-30-stores-will-soon-close/
>
> Thanks, Leo. I independently stumbled across that article, and included
> the link in a posting to CABAL's mailing list (which, if you aren't on
> it, you might want to join).
>
>
> ----- End forwarded message -----
>
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire
More information about the conspire
mailing list