Google mail and IPv6

Running IPv6 fully, means your systems attempt to connect over IPv6 first. Normally, when I’m browsing a site, that is not a problem.

When sending mail, however, the receiving mailserver wants to be able to identify the sending server. This server says ‘hi, i’m mailserver’ so the receiving side does a verify to check to see if mailserver corresponds with the ip address this server is coming from.

Big companies own their own address space and are able to set the address=name (A (IPv4) or AAAA (IPv6) records) and name=address (PTR records) in DNS.

Using an ISP address, this is not common – at least I’m not aware which provider allows their customers to set these records.

Then, sending email directly to google from your own mailserver, results in the following look-alike-error-message:

Oct 27 14:35:12 mailserver postfix/smtp[2594]: EF382806B7: to=,[2a00:1450:4013:c00::1a]:25, delay=0.31, delays=0.18/0/0.03/0.1, dsn=5.7.1, status=bounced (host[2a00:1450:4013:c00::1a] said: 550-5.7.1 [some:ipv6:ip:address:: 16] Our system has detected 550-5.7.1 that this message does not meet IPv6 sending guidelines regarding PTR 550-5.7.1 records and authentication. Please review 550-5.7.1 for more 550 5.7.1 information. x45si11657943eey.6 – gsmtp (in reply to end of DATA command))
Oct 27 14:35:12 mailserver postfix/bounce[2844]: EF382806B7: sender non-delivery notification: 9C998806C5

So what can you do to fix this. Call google? right. They will not change their systems for a single customer.

Disable IPv6? No way. Too good to have it running. Let the IPv4 address depletion come in 🙂

No, I bumped into a suggestion from Wietse, which works wonderfully well.

In /etc/postfix/, add smtp_reply_filter = pcre:/etc/postfix/smtp_reply_filter

In /etc/postfix/smtp_reply_filter, add the following text:

# Postfix uses the last reply code in a multi-line reply.
/^5(\d\d .*your:ipV6:ip:address:goes:here.*)/ 4$1

This changes the 5xx message from google into a 4xx message, meaning postfix will attempt to deliver mail using other addresses. In my case, the IPv4 address.

Thanks Wietse!

Comments are closed.