Re: opensmtpd: limit mta for mx
On 2018-03-05, Nickwrote: > Hi misc@, long time no see (and please CC me), > > In smtpd.conf, the "limit mta" line can be qualified like this: > > limit mta for domain gmail.com inet4 > > which I did because I recently started getting bounces from google saying > > 550-5.7.1 [2001:19f0:5001:2f5:5400:ff:fe77:861d] Our system has detected that > this message does not meet IPv6 sending guidelines regarding PTR records and > authentication. Please review > https://support.google.com/mail/?p=IPv6AuthError for more information . > d63si3145626edc.222 - gsmtp > > I think they started prioritizing their (IPv6) records over their A > (IPv4) DNS records, so now opensmtpd is preferring to use IPv6. I tried a bit > but I don't really know what they're mad about, and whatever, I don't want to > fight them, I just want my mail to get through. > > That limit line fixed it for gmail.com, but now I have a new problem: the > huge number of domains that are actually hosted on smtp.gmail.com. I am > wondering if there is some way to express "use IPv4 if the mail *server* is > gmail" instead of "if the mail *domain* is gmail". Something like: > > limit mta for mx smtp.gmail.com inet4 > > Right now I'm stuck enumerating all Google Apps for Business accounts I know > of and adding a line for each. > >= Nick > > For your situation, can't you just add an record for comms.kousu.ca pointing at 2001:19f0:5001:2f5:5400:ff:fe77:861d? That will fix the things that google are complaining about on your system. Otherwise... It doesn't help you directly with smtpd, but Postfix has a way to filter out DNS records, added exactly for this situation: smtp_dns_reply_filter = pcre:/etc/postfix/smtp_dns_reply_filter $ cat /etc/postfix/smtp_dns_reply_filter # /domain ttl IN address/ action, all case-insensitive. # Note: the domain name ends in ".". /^\S+\.google.com\.\s+\S+\s+\S+\s+\s+/ IGNORE Perhaps it would make sense for smtpd to support something like "limit mta for mx XXX inet4" (i.e. match on hostnames rather than domain names, and limit address family in a similar way). It would seem more useful to match on hostnames than email domains for that.
Re: opensmtpd: limit mta for mx
On 4 March 2018 at 23:11, Nickwrote: > In smtpd.conf, the "limit mta" line can be qualified like this: > > limit mta for domain gmail.com inet4 > > which I did because I recently started getting bounces from google saying > > 550-5.7.1 [2001:19f0:5001:2f5:5400:ff:fe77:861d] Our system has detected that > this message does not meet IPv6 sending guidelines regarding PTR records and > authentication. Please review > https://support.google.com/mail/?p=IPv6AuthError for more information . > d63si3145626edc.222 - gsmtp Whilst this is a valid question for OpenSMTPD, from the sysadmin side, the solution is much simpler. Your reverse name is fake, as it does not resolve forward: % host 2001:19f0:5001:2f5:5400:ff:fe77:861d d.1.6.8.7.7.e.f.f.f.0.0.0.0.4.5.5.f.2.0.1.0.0.5.0.f.9.1.1.0.0.2.ip6.arpa domain name pointer comms.kousu.ca. % host comms.kousu.ca. comms.kousu.ca has address 108.61.165.176 % I'm surprised you don't get other hosts rejecting your mail, too; I suspect it may have to do simply with gmail being the monoculture of mail nowadays. My suggestion would be to fix the forward name, else, fix the reverse name to point to something like IPv6.example.org, which you should ensure exists and points back. Sometime ago, making the reverse point back to itself (e.g., a PTR with the value of the IPv6 address itself) also made gmail happy to accept the mail as well, but I'm not too sure if that's still the case. Cheers, Constantine. http://cm.su/
opensmtpd: limit mta for mx
Hi misc@, long time no see (and please CC me), In smtpd.conf, the "limit mta" line can be qualified like this: limit mta for domain gmail.com inet4 which I did because I recently started getting bounces from google saying 550-5.7.1 [2001:19f0:5001:2f5:5400:ff:fe77:861d] Our system has detected that this message does not meet IPv6 sending guidelines regarding PTR records and authentication. Please review https://support.google.com/mail/?p=IPv6AuthError for more information . d63si3145626edc.222 - gsmtp I think they started prioritizing their (IPv6) records over their A (IPv4) DNS records, so now opensmtpd is preferring to use IPv6. I tried a bit but I don't really know what they're mad about, and whatever, I don't want to fight them, I just want my mail to get through. That limit line fixed it for gmail.com, but now I have a new problem: the huge number of domains that are actually hosted on smtp.gmail.com. I am wondering if there is some way to express "use IPv4 if the mail *server* is gmail" instead of "if the mail *domain* is gmail". Something like: limit mta for mx smtp.gmail.com inet4 Right now I'm stuck enumerating all Google Apps for Business accounts I know of and adding a line for each. = Nick