Hello, I have now for some time Postfix listening on IPv6 on my server. When I send for example emails to boun...@freenet6.net or i...@test-ipv6.veznat.com I receive them via IPv6, all is good. I also (very rarely though) receive "normal" emails via IPv6. So far so good.
Basically when more and more email servers got IPv6 enabled, I sometimes saw Jun 14 19:20:02 dumbledor postfix/smtpd[1472]: NOQUEUE: reject: RCPT from unknown[2002:XXXX:XXX::XXXX:XXX]: 554 5.7.1 Service unavailable; Client host [2002:XXXX:XXX::4d49:4f1] blocked using bl.spamcop.net; from=<XXXXXXXXXXXXXXXXXXXXXXXXXXXX> to=<tho...@preissler.co.uk> proto=ESMTP helo=<XXXXXXXXXXXXXXXXXXXXXXXXX> Long story short: * Some IPv6 addreses are DNSBL blocked, some or not. When they are blocked, they stay blocked and same for when they are not blocked (like the test IPv6 emailaddresses above). * They always get blocked by the first DNSBL entry - obviously. * Querying the DNSBL via their webinterface doesnt work for IPv6 addresses, doing the same via the equivalent nslookup or dig command gives me NXDOMAIN. * No IPv6 firewall enabled, but I run a local only bind. Did anybody experience the same? The odd thing is, and I cannot get my head around that, is that it works for some, for others it never worked. Cheers Thomas => 2.7.1-1+squeeze1 => main.cf inet_interfaces = 127.0.0.1, 94.229.77.82, ::1, 2a01:348:226:dead:beef:dead:beef:dead, 2a01:348:226::21 inet_protocols = ipv4, ipv6 [..] smtpd_client_restrictions = check_client_access hash:/etc/postfix/blackwhite.map, check_client_access pcre:/etc/postfix/blackwhite.regex, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_unknown_sender_domain, permit_mynetworks, permit_sasl_authenticated, # reject_rbl_client list.dsbl.org, # reject_rbl_client sbl.spamhaus.org, # reject_rbl_client relays.ordb.org, # reject_rbl_client bl.spamcop.net, # reject_rbl_client dun.dnsrbl.net, # cn. is blocking opendns emails, as they are using ipv6 nowadays # reject_rbl_client cn.countries.nerd.dk, # reject_rbl_client vn.countries.nerd.dk, # reject_rbl_client kr.countries.nerd.dk, # reject_rbl_client ru.countries.nerd.dk, # reject_rbl_client tr.countries.nerd.dk, # reject_rbl_client au.countries.nerd.dk, # reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client zen.spamhaus.org, permit -- www.preissler.co.uk | Twitter: @module0x90 | PGP-Key: 75889415 GPG Fingerprint: CCBD 153A D257 CA7E A217 FDF7 5928 03D1 7588 9415
