date:20151008

Re: [mailop] Dual-stacked gov't MX records

2015-10-08 Thread Franck Martin

>From Terry's blog, each customer needs to enable IPv6. So whenever they
enabled IPv6...

And you may not have noticed that this mail was delivered to the spam
folder at GMail by default.

On Wed, Oct 7, 2015 at 10:06 PM, Frank Bulk  wrote:

> Thanks, but how long has ia.usda.gov been using an MX that is
> dual-stacked?  Or have all of MSFT’s hosts been dual-stacked since late
> last fall and this delivery delay has been happening all along, it’s just
> that we had nothing in our logs from mid-July to late September?
>
>
>
> Frank
>
>
>
> *From:* Franck Martin [mailto:fmar...@linkedin.com]
> *Sent:* Wednesday, October 07, 2015 1:05 PM
> *To:* Frank Bulk 
> *Cc:* mailop 
> *Subject:* Re: [mailop] Dual-stacked gov't MX records
>
>
>
> ia.usda.gov. 86400 IN MX 10 hi-usda-gov.mail.protection.outlook.com.
>
>
> http://blogs.msdn.com/b/tzink/archive/2014/10/28/support-for-anonymous-inbound-email-over-ipv6-in-office-365.aspx
>
>
>
> not new stuff:
>
>
> http://engineering.linkedin.com/email/sending-and-receiving-emails-over-ipv6
>
> http://www.slideshare.net/FranckMartin/linkedin-smtpi-pv6
>
>
>
> On Wed, Oct 7, 2015 at 10:17 AM, Frank Bulk  wrote:
>
> Anyone know when ia.usda.gov, ia.nacdnet.net, ams.usda.gov, fs.fed.us,
> aphis.usda.gov, usda.gov, and nist.gov started having a dual-stacked MX
> record?  Our monitoring system notified us this morning that a message from
> a customer couldn't deliver there:
> Site ia.usda.gov (2a01:111:f400:7c10::10) said after data sent:
> 450
> 4.7.26 Service does not accept messages sent over IPv6
> [2607:fe28:0:4000::10] unless they pass either SPF or DKIM validation
> (message not signed)
> Site ia.usda.gov (2a01:111:f400:7c0c::11) said after data sent:
> 450
> 4.7.26 Service does not accept messages sent over IPv6
> [2607:fe28:0:4000::10] unless they pass either SPF or DKIM validation
> (message not signed)
> Site ia.usda.gov (2a01:111:f400:7c10::1:10) said after data sent:
> 450 4.7.26 Service does not accept messages sent over IPv6
> [2607:fe28:0:4000::10] unless they pass either SPF or DKIM validation
> (message not signed)
> to=2a01:111:f400:7c09::11 TCPWrite failed 0/63998, tot=65608 upto=0
> 0 sec Err Code Zero write_timed3.1 0sec (450 4.7.26 Service does not accept
> messages sent over IPv6 [2607:fe28:0:4000::20] unless they pass e) 0 Err
> Code Zero write_timed1 104  r=0 r=0
>
> I've asked our customer's IT consultant to add our email servers to their
> existing SPF record, but this is the first time I've run into this.  Going
> back 30 days in my email servers logs it started September 24.
>
> Frank
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> http://chilli.nosignal.org/mailman/listinfo/mailop
>
>
>
___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Dual-stacked gov't MX records

2015-10-08 Thread Frank Bulk

Ok, so the federal gov’t could have turned it on in late September.  Well, at 
least this discovery highlights the deficiency of a few domains that host or 
smarthost through us.  In short, we likely need to audit the DNS of all those 
domains and check to see if they have an SPF and/or DKIM record.  If we manage 
their DNS, too, then it’s an easy fix, it not, requires customer involvement.

Frank

From: Franck Martin [mailto:fmar...@linkedin.com] 
Sent: Thursday, October 08, 2015 4:11 AM
To: Frank Bulk 
Cc: mailop 
Subject: Re: [mailop] Dual-stacked gov't MX records

>From Terry's blog, each customer needs to enable IPv6. So whenever they 
>enabled IPv6...

And you may not have noticed that this mail was delivered to the spam folder at 
GMail by default.

On Wed, Oct 7, 2015 at 10:06 PM, Frank Bulk  wrote:

Thanks, but how long has ia.usda.gov   been using an MX 
that is dual-stacked?  Or have all of MSFT’s hosts been dual-stacked since late 
last fall and this delivery delay has been happening all along, it’s just that 
we had nothing in our logs from mid-July to late September?

Frank

From: Franck Martin [mailto:fmar...@linkedin.com  
] 
Sent: Wednesday, October 07, 2015 1:05 PM
To: Frank Bulk  >
Cc: mailop  >
Subject: Re: [mailop] Dual-stacked gov't MX records

ia.usda.gov  . 86400 IN MX 10 
hi-usda-gov.mail.protection.outlook.com 
 .

http://blogs.msdn.com/b/tzink/archive/2014/10/28/support-for-anonymous-inbound-email-over-ipv6-in-office-365.aspx

not new stuff: 

http://engineering.linkedin.com/email/sending-and-receiving-emails-over-ipv6

http://www.slideshare.net/FranckMartin/linkedin-smtpi-pv6

On Wed, Oct 7, 2015 at 10:17 AM, Frank Bulk  > wrote:

Anyone know when ia.usda.gov  , ia.nacdnet.net 
 , ams.usda.gov  , fs.fed.us 
 ,
aphis.usda.gov  , usda.gov  , and 
nist.gov   started having a dual-stacked MX
record?  Our monitoring system notified us this morning that a message from
a customer couldn't deliver there:
Site ia.usda.gov   (2a01:111:f400:7c10::10) said 
after data sent: 450
4.7.26 Service does not accept messages sent over IPv6
[2607:fe28:0:4000::10] unless they pass either SPF or DKIM validation
(message not signed)
Site ia.usda.gov   (2a01:111:f400:7c0c::11) said 
after data sent: 450
4.7.26 Service does not accept messages sent over IPv6
[2607:fe28:0:4000::10] unless they pass either SPF or DKIM validation
(message not signed)
Site ia.usda.gov   (2a01:111:f400:7c10::1:10) said 
after data sent:
450 4.7.26 Service does not accept messages sent over IPv6
[2607:fe28:0:4000::10] unless they pass either SPF or DKIM validation
(message not signed)
to=2a01:111:f400:7c09::11 TCPWrite failed 0/63998, tot=65608 upto=0
0 sec Err Code Zero write_timed3.1 0sec (450 4.7.26 Service does not accept
messages sent over IPv6 [2607:fe28:0:4000::20] unless they pass e) 0 Err
Code Zero write_timed1 104  r=0 r=0

I've asked our customer's IT consultant to add our email servers to their
existing SPF record, but this is the first time I've run into this.  Going
back 30 days in my email servers logs it started September 24.

Frank

___
mailop mailing list
mailop@mailop.org  
http://chilli.nosignal.org/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Strange Gmail IPv6 rejects?

2015-10-08 Thread Hugo Slabbert


That's a decent chunk of redacted going on there...

What's in the smtp path after the message leaves mail.redacted.com?  Does
mail.redacted.com relay out directly?  Is it configured to smarthost
through something else?


Further more, The "From" address below (The 2602:306 one) isn't even in
our allocation space. But actually in ATT AS7018's allocation.


Something to consider about that:

$ whois 2602:306:2554:63c9:91c2:5c8a:ae39:ed80 | grep -i netname
NetName:ATT-6RD

Not sure exactly how that changes the picture for you, but the fact that
6RD is involved (at least if AT is accurate in that netname and set aside
a whole /24 for 6RD) might change the picture a bit...

--
Hugo

On Thu 2015-Oct-08 10:20:02 -0400, Nick Olsen  wrote:



Greetings all, Please see below.  Our parent office is having trouble
sending to all gmail accounts. They all get rejected with the below
message.  The strange part is, We don't have IPv6 enabled on the customers
exchange server. Nor on their router. Further more, The "From" address
below (The 2602:306 one) isn't even in our allocation space. But actually
in ATT AS7018's allocation. I'm not sure how google is seeing that as the
source address on this SMTP connection.  The below email was sent from OWA.
Which explains the local fe80 IPv6 address. But still once again, Not the
2602:306 address in the SMTP response from google. Anyone have any insight?
   Diagnostic information for administrators:  redac...@gmail.com
mx.google.com #550-5.7.1 [2602:306:2554:63c9:91c2:5c8a:ae39:ed80] Our
system has detected that 550-5.7.1 this message does not meet IPv6 sending
guidelines regarding PTR 550-5.7.1 records and authentication. Please
review 550-5.7.1
https://support.google.com/mail/?p=ipv6_authentication_error for more 550
5.7.1 information. y19si303834ywd.40 - gsmtp ##  Original message headers:
Received: from mail.redacted.com ([fe80::91c2:5c8a:ae39:ed80]) by
mail.redacted.com ([fe80::91c2:5c8a:ae39:ed80%13]) with mapi; Thu, 8 Oct
2015  10:01:50 -0400 From: Krisi  To:
"redac...@gmail.com"  Date: Thu, 8 Oct 2015 10:01:49
-0400 Subject: TEST Thread-Topic: TEST Thread-Index:
AQHRAdHgIYTSkNTvA0ip9Ycg6Q8Mrg== Message-ID:

Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach:
X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain;
charset="us-ascii" Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0

Nick Olsen
Network Operations  (855) FLSPEED  x106





___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Strange Gmail IPv6 rejects?

2015-10-08 Thread Frank Bulk

Interesting you mention that.  Yesterday, for the first time, a part-time IT
consultant (who serves customers in our area) asked about PTRs as some of
his clients (who are now getting an IPv6 address from us) are having email
delivery issues to Gmail..  Our IPv6 rollout is starting to get noticed!

Frank

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Nick Olsen
Sent: Thursday, October 08, 2015 10:14 AM
To: Hugo Slabbert 
Cc: mailop@mailop.org
Subject: Re: [mailop] Strange Gmail IPv6 rejects?

Hugo, Thanks for the reply.

This one's solved.

There's an ATT DSL modem on-site that is used for OOB. Someone had
interfaced it with the internal switch. And the server got an IPv6 auto
discovery address. So it Really had an IPv6 address. And it really was
sending mail outbound with it. What is it, Monday?

Nick Olsen
Network Operations 

(855) FLSPEED  x106

  _  

From: "Hugo Slabbert" 
>
Sent: Thursday, October 08, 2015 11:11 AM
To: "Nick Olsen"  >
Cc: mailop@mailop.org  
Subject: Re: [mailop] Strange Gmail IPv6 rejects? 

That's a decent chunk of redacted going on there...

What's in the smtp path after the message leaves mail.redacted.com? Does
mail.redacted.com relay out directly? Is it configured to smarthost
through something else?

>Further more, The "From" address below (The 2602:306 one) isn't even in
>our allocation space. But actually in ATT AS7018's allocation.

Something to consider about that:

$ whois 2602:306:2554:63c9:91c2:5c8a:ae39:ed80 | grep -i netname
NetName: ATT-6RD

Not sure exactly how that changes the picture for you, but the fact that
6RD is involved (at least if AT is accurate in that netname and set aside
a whole /24 for 6RD) might change the picture a bit...

--
Hugo

On Thu 2015-Oct-08 10:20:02 -0400, Nick Olsen  > wrote:
>
>
> Greetings all, Please see below. Our parent office is having trouble
>sending to all gmail accounts. They all get rejected with the below
>message. The strange part is, We don't have IPv6 enabled on the customers
>exchange server. Nor on their router. Further more, The "From" address
>below (The 2602:306 one) isn't even in our allocation space. But actually
>in ATT AS7018's allocation. I'm not sure how google is seeing that as the
>source address on this SMTP connection. The below email was sent from OWA.
>Which explains the local fe80 IPv6 address. But still once again, Not the
>2602:306 address in the SMTP response from google. Anyone have any insight?
> Diagnostic information for administrators: redac...@gmail.com

>mx.google.com #550-5.7.1 [2602:306:2554:63c9:91c2:5c8a:ae39:ed80] Our
>system has detected that 550-5.7.1 this message does not meet IPv6 sending
>guidelines regarding PTR 550-5.7.1 records and authentication. Please
>review 550-5.7.1
>https://support.google.com/mail/?p=ipv6_authentication_error for more 550
>5.7.1 information. y19si303834ywd.40 - gsmtp ## Original message headers:
>Received: from mail.redacted.com ([fe80::91c2:5c8a:ae39:ed80]) by
>mail.redacted.com ([fe80::91c2:5c8a:ae39:ed80%13]) with mapi; Thu, 8 Oct
>2015 10:01:50 -0400 From: Krisi  > To:
>"redac...@gmail.com  "  > Date: Thu, 8 Oct 2015 10:01:49
>-0400 Subject: TEST Thread-Topic: TEST Thread-Index:
>AQHRAdHgIYTSkNTvA0ip9Ycg6Q8Mrg== Message-ID:
> >
>Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach:
>X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain;
>charset="us-ascii" Content-Transfer-Encoding: quoted-printable
>MIME-Version: 1.0
>
> Nick Olsen
>Network Operations (855) FLSPEED x106
>
>

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Strange Gmail IPv6 rejects?

2015-10-08 Thread Franck Martin

If you do email over IPv6, all your emails must be authenticated (SPF or
DKIM) and with a sending IP with a rDNS entry (M3AAWG recommendation
implemented by the big emailers). Otherwise you will feel the pain very
quickly. See other thread on gov't MX records.

On Thu, Oct 8, 2015 at 9:36 AM, Frank Bulk  wrote:

> Interesting you mention that.  Yesterday, for the first time, a part-time
> IT consultant (who serves customers in our area) asked about PTRs as some
> of his clients (who are now getting an IPv6 address from us) are having
> email delivery issues to Gmail..  Our IPv6 rollout is starting to get
> noticed!
>
>
>
> Frank
>
>
>
> *From:* mailop [mailto:mailop-boun...@mailop.org] *On Behalf Of *Nick
> Olsen
> *Sent:* Thursday, October 08, 2015 10:14 AM
> *To:* Hugo Slabbert 
>
> *Cc:* mailop@mailop.org
> *Subject:* Re: [mailop] Strange Gmail IPv6 rejects?
>
>
>
> Hugo, Thanks for the reply.
>
>
>
> This one's solved.
>
>
> There's an ATT DSL modem on-site that is used for OOB. Someone had
> interfaced it with the internal switch. And the server got an IPv6 auto
> discovery address. So it Really had an IPv6 address. And it really was
> sending mail outbound with it. What is it, Monday?
>
>
>
> Nick Olsen
> Network Operations
>
> (855) FLSPEED  x106
>
>
> --
>
> *From*: "Hugo Slabbert" 
> *Sent*: Thursday, October 08, 2015 11:11 AM
> *To*: "Nick Olsen" 
> *Cc*: mailop@mailop.org
> *Subject*: Re: [mailop] Strange Gmail IPv6 rejects?
>
>
>
> That's a decent chunk of redacted going on there...
>
> What's in the smtp path after the message leaves mail.redacted.com? Does
> mail.redacted.com relay out directly? Is it configured to smarthost
> through something else?
>
> >Further more, The "From" address below (The 2602:306 one) isn't even in
> >our allocation space. But actually in ATT AS7018's allocation.
>
> Something to consider about that:
>
> $ whois 2602:306:2554:63c9:91c2:5c8a:ae39:ed80 | grep -i netname
> NetName: ATT-6RD
>
> Not sure exactly how that changes the picture for you, but the fact that
> 6RD is involved (at least if AT is accurate in that netname and set aside
> a whole /24 for 6RD) might change the picture a bit...
>
> --
> Hugo
>
> On Thu 2015-Oct-08 10:20:02 -0400, Nick Olsen  wrote:
> >
> >
> > Greetings all, Please see below. Our parent office is having trouble
> >sending to all gmail accounts. They all get rejected with the below
> >message. The strange part is, We don't have IPv6 enabled on the customers
> >exchange server. Nor on their router. Further more, The "From" address
> >below (The 2602:306 one) isn't even in our allocation space. But actually
> >in ATT AS7018's allocation. I'm not sure how google is seeing that as the
> >source address on this SMTP connection. The below email was sent from OWA.
> >Which explains the local fe80 IPv6 address. But still once again, Not the
> >2602:306 address in the SMTP response from google. Anyone have any
> insight?
> > Diagnostic information for administrators: redac...@gmail.com
> >mx.google.com #550-5.7.1 [2602:306:2554:63c9:91c2:5c8a:ae39:ed80] Our
> >system has detected that 550-5.7.1 this message does not meet IPv6 sending
> >guidelines regarding PTR 550-5.7.1 records and authentication. Please
> >review 550-5.7.1
> >https://support.google.com/mail/?p=ipv6_authentication_error for more 550
> >5.7.1 information. y19si303834ywd.40 - gsmtp ## Original message headers:
> >Received: from mail.redacted.com ([fe80::91c2:5c8a:ae39:ed80]) by
> >mail.redacted.com ([fe80::91c2:5c8a:ae39:ed80%13]) with mapi; Thu, 8 Oct
> >2015 10:01:50 -0400 From: Krisi  To:
> >"redac...@gmail.com"  Date: Thu, 8 Oct 2015 10:01:49
> >-0400 Subject: TEST Thread-Topic: TEST Thread-Index:
> >AQHRAdHgIYTSkNTvA0ip9Ycg6Q8Mrg== Message-ID:
> >
> >Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach:
> >X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain;
> >charset="us-ascii" Content-Transfer-Encoding: quoted-printable
> >MIME-Version: 1.0
> >
> > Nick Olsen
> >Network Operations (855) FLSPEED x106
> >
> >
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> http://chilli.nosignal.org/mailman/listinfo/mailop
>
>
___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Dual-stacked gov't MX records

Re: [mailop] Dual-stacked gov't MX records

Re: [mailop] Strange Gmail IPv6 rejects?

Re: [mailop] Strange Gmail IPv6 rejects?

Re: [mailop] Strange Gmail IPv6 rejects?

5 matches

Site Navigation

Mail list logo

Footer information