Hello,
just as a FYI, heads up. We did wind up using the hostlist/ignore_target_hosts bit in the end, since google in their infinite wisdom also reject anything not DMARC/SPF/DKIM "authenticated" via v6. It works just fine via v4. https://www.spamresource.com/2020/11/honestly-dont-send-to-gmail-over-ipv6.html Christian On Wed, 16 Feb 2022 21:45:31 +0000 Jeremy Harris via Exim-users wrote: > On 16/02/2022 07:17, Christian Balzer via Exim-users wrote: > > Now the reason this happens is that the local iptables > > (Established, Related is set) is starting to reject packets coming back > > from google to here after about 2 seconds. (dump attached) > > That's... cute. I take it the sample packet content of > the ICMPs shows nothing objectionable? > > You could turn on iptables (or whatever *tables it is these days) > logging, that might give a hint on why the reject. > > I can't see right away why this would affect *only* TCP/25 > unless you have some odd rules in there. > > > As to why retry always goes to ipv4, hmm. > Does anything end up for the ipv6 addr in question in a hints DB? > > > You could always just punt on trying to talk ipv6 to G :- > > hostlist google_ipv6 = <; 2001:4860::/32 ; 2401:fa00::/32 ; 2404:6800::/32 ; > 2600:1900::/28 \ > ; 2605:ef80::/32 ; 2607:f8b0::/32 ; 2620:0:1000::/40 ; > 2620:120:e000::/40 ; 2620:15c::/36 \ > ; 2800:3f0::/32 ; 2a00:1450::/32 ; 2a00:79e0::/32 ; 2a03:ace0::/32 ; > 2c0f:fb50::/32 > > # dnslookup router > ignore_target_hosts = +google_ipv6 > -- > Cheers, > Jeremy > > -- > ## List details at https://lists.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ > -- Christian Balzer Network/Systems Engineer ch...@gol.com Rakuten Communications -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/