They have been doing this for ages (maybe 6 months at least). We had to disable IPv6 on our mail server as we were struggling to get rDNS delegation from Orcon. Got too busy to follow up on it but will do so when I get a minute.
Jonathan Spence
Chief Executive Officer
Fixed: +64 9 9510448
Mobile: +64211055634
From: nznog-request@list.waikato.ac.nz
Sent: Sunday, January 26, 2014 12:01 PM
To: nznog@list.waikato.ac.nz
Subject: NZNOG Digest, Vol 133, Issue 14
Send NZNOG mailing list submissions to
nznog@list.waikato.ac.nz
To subscribe or unsubscribe via the World Wide Web, visit
http://list.waikato.ac.nz/mailman/listinfo/nznog
or, via email, send a message with subject or body 'help' to
nznog-request@list.waikato.ac.nz
You can reach the person managing the list at
nznog-owner@list.waikato.ac.nz
When replying, please edit your Subject line so it is more specific
than "Re: Contents of NZNOG digest..."
Today's Topics:
1. heads up.. gmail now checking ipv6 rdns (Blair Harrison)
2. Re: heads up.. gmail now checking ipv6 rdns (Scott Howard)
3. Re: heads up.. gmail now checking ipv6 rdns (Michael Fincham)
4. Re: heads up.. gmail now checking ipv6 rdns (Phil Regnauld)
----------------------------------------------------------------------
Message: 1
Date: Sat, 25 Jan 2014 13:43:28 +1300
From: Blair Harrison <nznog@jedi.school.nz>
To: NZNOG <nznog@list.waikato.ac.nz>
Subject: [nznog] heads up.. gmail now checking ipv6 rdns
Message-ID:
<CAHn0gTveE=Nh-jp9Lfdw67UDAy=4Y-rgi-4h7t8zr1R_4p73zg@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Hi Folks,
Just got caught out with this on my personal box today. It looks as if
Gmail is now checking RDNS on any inbound ipv6 smtp connections and
rejecting with 500 error if it doesn't match.
example fail -
SMTP error from remote mail server after end of data:
host gmail-smtp-in.l.google.com [2a00:1450:4008:c01::1a]:
550-5.7.1 [2402:6000:1000:x::x] Our system has detected that this
message does
550-5.7.1 not meet IPv6 sending guidelines regarding PTR records and
550-5.7.1 authentication. Please review
550-5.7.1 https://support.google.com/mail/?p=ipv6_authentication_errorfor
more
550 5.7.1 information. oq6si4802967bkb.182 - gsmtp
So if you have ipv6 enabled on your mail servers and haven't yet set some
RDNS for them.. now is the time.
Cheers,
Blair
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.waikato.ac.nz/pipermail/nznog/attachments/20140125/62a16907/attachment-0001.html>
------------------------------
Message: 2
Date: Fri, 24 Jan 2014 20:06:47 -0500
From: Scott Howard <scott@doc.net.au>
To: Blair Harrison <nznog@jedi.school.nz>
Cc: nznog <nznog@list.waikato.ac.nz>
Subject: Re: [nznog] heads up.. gmail now checking ipv6 rdns
Message-ID:
<CACnPsNUpB+jFrseBgUW62QU6rej1DXTNdU7r67dfcWsFGJKkkA@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Can you clarify what you mean by "doesn't match"? Just the usual
forward-must-match-reverse, or something else like EHLO matching?
Scott
On Jan 24, 2014 4:43 PM, "Blair Harrison" <nznog@jedi.school.nz> wrote:
> Hi Folks,
>
> Just got caught out with this on my personal box today. It looks as if
> Gmail is now checking RDNS on any inbound ipv6 smtp connections and
> rejecting with 500 error if it doesn't match.
>
>
> example fail -
>
> SMTP error from remote mail server after end of data:
> host gmail-smtp-in.l.google.com [2a00:1450:4008:c01::1a]:
> 550-5.7.1 [2402:6000:1000:x::x] Our system has detected that this
> message does
> 550-5.7.1 not meet IPv6 sending guidelines regarding PTR records and
> 550-5.7.1 authentication. Please review
> 550-5.7.1 https://support.google.com/mail/?p=ipv6_authentication_errorfor more
> 550 5.7.1 information. oq6si4802967bkb.182 - gsmtp
>
> So if you have ipv6 enabled on your mail servers and haven't yet set some
> RDNS for them.. now is the time.
>
> Cheers,
> Blair
>
>
> _______________________________________________
> NZNOG mailing list
> NZNOG@list.waikato.ac.nz
> http://list.waikato.ac.nz/mailman/listinfo/nznog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.waikato.ac.nz/pipermail/nznog/attachments/20140124/475ff282/attachment-0001.html>
------------------------------
Message: 3
Date: Sat, 25 Jan 2014 16:40:29 +1300
From: Michael Fincham <michael@unleash.co.nz>
To: Scott Howard <scott@doc.net.au>
Cc: nznog <nznog@list.waikato.ac.nz>
Subject: Re: [nznog] heads up.. gmail now checking ipv6 rdns
Message-ID: <20140125164029.fe259d2bc7c5834cd36ba731@unleash.co.nz>
Content-Type: text/plain; charset="us-ascii"
On Fri, 24 Jan 2014 20:06:47 -0500, Scott Howard wrote:
> Can you clarify what you mean by "doesn't match"? Just the usual
> forward-must-match-reverse, or something else like EHLO matching?
I asked Blair about this and he has clarified by pointing to the
official docs on the matter:
"The sending IP must have a PTR record (i.e., a reverse DNS of the
sending IP) and it should match the IP obtained via the forward DNS
resolution of the hostname specified in the PTR record. Otherwise, mail
will be marked as spam or possibly rejected."
From <https://support.google.com/mail/answer/81126?p=ipv6_authentication_error&rd=1#authentication>
--
Michael Fincham
System Administrator, Unleash
Office: 0800 750 250
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://list.waikato.ac.nz/pipermail/nznog/attachments/20140125/95faafbb/attachment-0001.bin>
------------------------------
Message: 4
Date: Sat, 25 Jan 2014 11:38:52 -0800
From: Phil Regnauld <regnauld@nsrc.org>
To: Michael Fincham <michael@unleash.co.nz>
Cc: nznog <nznog@list.waikato.ac.nz>
Subject: Re: [nznog] heads up.. gmail now checking ipv6 rdns
Message-ID: <20140125193852.GH12870@macbook.bluepipe.net>
Content-Type: text/plain; charset="us-ascii"
Michael Fincham (michael) writes:
>
> "The sending IP must have a PTR record (i.e., a reverse DNS of the
> sending IP) and it should match the IP obtained via the forward DNS
> resolution of the hostname specified in the PTR record. Otherwise, mail
> will be marked as spam or possibly rejected."
>
> From <https://support.google.com/mail/answer/81126?p=ipv6_authentication_error&rd=1#authentication>
They've been doing this for a while now, but must have only been
enabling it region by region at a time. Note this is only for v6.
Maybe there's some del^H^H^illusion it will help with spam (fat good
it did in v4).
Cheers,
Phil
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 535 bytes
Desc: not available
URL: <http://list.waikato.ac.nz/pipermail/nznog/attachments/20140125/e7866c56/attachment-0001.bin>
------------------------------
_______________________________________________
NZNOG mailing list
NZNOG@list.waikato.ac.nz
http://list.waikato.ac.nz/mailman/listinfo/nznog
End of NZNOG Digest, Vol 133, Issue 14
**************************************