heads up.. gmail now checking ipv6 rdns
Hi Folks, Just got caught out with this on my personal box today. It looks as if Gmail is now checking RDNS on any inbound ipv6 smtp connections and rejecting with 500 error if it doesn't match. example fail - SMTP error from remote mail server after end of data: host gmail-smtp-in.l.google.com [2a00:1450:4008:c01::1a]: 550-5.7.1 [2402:6000:1000:x::x] Our system has detected that this message does 550-5.7.1 not meet IPv6 sending guidelines regarding PTR records and 550-5.7.1 authentication. Please review 550-5.7.1 https://support.google.com/mail/?p=ipv6_authentication_errorfor more 550 5.7.1 information. oq6si4802967bkb.182 - gsmtp So if you have ipv6 enabled on your mail servers and haven't yet set some RDNS for them.. now is the time. Cheers, Blair
Can you clarify what you mean by "doesn't match"? Just the usual forward-must-match-reverse, or something else like EHLO matching? Scott On Jan 24, 2014 4:43 PM, "Blair Harrison" <nznog(a)jedi.school.nz> wrote:
Hi Folks,
Just got caught out with this on my personal box today. It looks as if Gmail is now checking RDNS on any inbound ipv6 smtp connections and rejecting with 500 error if it doesn't match.
example fail -
SMTP error from remote mail server after end of data: host gmail-smtp-in.l.google.com [2a00:1450:4008:c01::1a]: 550-5.7.1 [2402:6000:1000:x::x] Our system has detected that this message does 550-5.7.1 not meet IPv6 sending guidelines regarding PTR records and 550-5.7.1 authentication. Please review 550-5.7.1 https://support.google.com/mail/?p=ipv6_authentication_errorfor more 550 5.7.1 information. oq6si4802967bkb.182 - gsmtp
So if you have ipv6 enabled on your mail servers and haven't yet set some RDNS for them.. now is the time.
Cheers, Blair
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
On Fri, 24 Jan 2014 20:06:47 -0500, Scott Howard wrote:
Can you clarify what you mean by "doesn't match"? Just the usual forward-must-match-reverse, or something else like EHLO matching?
I asked Blair about this and he has clarified by pointing to the official docs on the matter: "The sending IP must have a PTR record (i.e., a reverse DNS of the sending IP) and it should match the IP obtained via the forward DNS resolution of the hostname specified in the PTR record. Otherwise, mail will be marked as spam or possibly rejected."
From <https://support.google.com/mail/answer/81126?p=ipv6_authentication_error&rd=1#authentication>
-- Michael Fincham System Administrator, Unleash Office: 0800 750 250
Michael Fincham (michael) writes:
"The sending IP must have a PTR record (i.e., a reverse DNS of the sending IP) and it should match the IP obtained via the forward DNS resolution of the hostname specified in the PTR record. Otherwise, mail will be marked as spam or possibly rejected."
From <https://support.google.com/mail/answer/81126?p=ipv6_authentication_error&rd=1#authentication>
They've been doing this for a while now, but must have only been enabling it region by region at a time. Note this is only for v6. Maybe there's some del^H^H^illusion it will help with spam (fat good it did in v4). Cheers, Phil
participants (4)
-
Blair Harrison -
Michael Fincham -
Phil Regnauld -
Scott Howard