New problem solver
•
20 Messages
Google mail requires IPv6 PTR record but Comcast does not supply one
Troubleshooting an email problem, I found this in our logs (after some cleaning):
550-5.7.1 [2601:647:4900:8d00:d830:edff:feb2:8d1f] Our system has detected that 550-5.7.1 this message does not meet IPv6 sending guidelines regarding PTR 550-5.7.1 records and authentication. Please review 550-5.7.1 https://support.google.com/mail/?p=ipv6_authentication_error for more 550 5.7.1 information. mp9si75365pbc.76 - gsmtp (in reply to end of DATA command))
I followed the link in that message, which tells the Google requirements. One thing it says is:
Additional guidelines for IPv6
- The sending IP must have a PTR record (i.e., a reverse DNS of the sending IP) and it should match the IP obtained via the forward DNS resolution of the hostname specified in the PTR record. Otherwise, mail will be marked as spam or possibly rejected.
- The sending domain should pass either SPF check or DKIM check. Otherwise, mail might be marked as spam.
I have solved the SPF check by adding a TXT record to our DNS, but I can't add the PTR record because only Comcast can do that. The current IPv6 address for our system that sends mail (above) does not have a PTR record.
Is there any chance tha Comcast will put dummy IPv6 PTR records, or am I going to have to wait until the static IPv6 addresses happen?
Accepted Solution
train_wreck
Gold Problem solver
•
610 Messages
9 years ago
I imagine you will have to wait for static 6. Right now, all IPv6 addresses are being assigned dynamically, and I don't think that Comcast will assign PTRs to dynamic addresses (for somewhat obvious reasons). I have heard that static v6 will begin deployment late this year, but don't quote me on that.
0
0
Accepted Solution
FeldmanLaw
Visitor
•
3 Messages
9 years ago
This was working a few weeks ago, why all of a sudden would this come up? According to things I've found on Google is that Google started this IPv6 rDNS lookup at least as far back as 2013.
Did Comcast have some generic rDNS setup for IPv6 before and recenlty removed that and that is why it's causing issues now?
So the only fix for this is to comlpetely disable IPv6 on your Exchange server so that it forces it to communicate with Gmail on IPv4?
0
0
VBSSP-RICH
Advocate
•
1.4K Messages
9 years ago
Hello FeldmanLaw and welcome,
Well, it appears that Google has had a restriction to IPV6 with no Reversed DNS PTR since about 9/2013 , according to this one Tanguy Ortolo message board . As train_wreck again on the money indicated, when Comcast starts doling out IPV6 Static IPs then email servers using these IPV6 addresses will be able to obtain reversed DNSs/PTRs.
0
0
FeldmanLaw
Visitor
•
3 Messages
9 years ago
Yeah, so you found the same as me in 2013. So it seems strange that all of a sudden it would stop working.
Either way, I've setup a smart host for exchange for the time being going through a server that has a static IPv6 until Comcast adds this feature.
Thanks for the info,
Justin
0
0
train_wreck
Gold Problem solver
•
610 Messages
9 years ago
It does not even seem to be consistent in how Google is handling this; below is the syslog output of a successfully received email message from Google's IPv6 mail servers to my Linux mail server, hosted on a Comcast business connection and receving a dynamic IPv6 address from my modem (Cisco DPC3939B).
0
0
dano2004
Occasional Visitor
•
7 Messages
9 years ago
so question for you...how would one go about forcing exchange to only use IPv4 because if I turn off IPv6 on this server it goes all bonkers.
0
0
StarNet
New problem solver
•
20 Messages
9 years ago
If you're unfortunate enough to run Exchange, then that may be your best solution.
If, however, you're running Postfix, you can follow this workaround to force IPv4 connections to specific domains (e.g. gmail.com).
0
FeldmanLaw
Visitor
•
3 Messages
9 years ago
Yeah, it's an exchange server. But I just setup Exchange to send to a Linux Qmail server I have as well which has IPv6 rDNS setup and that will be my work around until Comcast gets this static IPv6 rolled out.
0
0
rodr
New Contributor
•
4 Messages
9 years ago
This is to add myself to the list of Comcast users having this problem with google and other mail servers and waiting for ipv6 reverse DNS. Why the big delay?
0
0
JimD
Recognized Contributor
•
29 Messages
9 years ago
I can say I've run into the same problem as this. And the problem is with my SMC modem. It is handing out IPV6 DHCP addresses even with IPV6 DHCP turned off. So, a server will pick up the IPV6 and use that to send mail in preference over IPV4.
If you're using Postfix, part of the solution was mentioned above to force IPV4 use.
But, I also disabled IPV6 on my servers to be safe.
In sysctl.conf add
0
SwampFox75
New Member
•
1 Message
9 years ago
We Kudo JimD's response as we did this as well, works great. Until Comcast fully supports this and IPv6 is forced to become a standard. Just keep your eye on it and ensure you are ready for when the light switch flips (dpending on how it is fully implimented) Without IPv6 you may also be limited on the resources your connection/server can communicate with just be aware.
0
0
JimD
Recognized Contributor
•
29 Messages
9 years ago
I can understand why there's a slow rollout of IPV6 on Comcast's part. There's some logistics that would need to be worked out. Not the least of which is IP network subnet changes. Which I'll outline using one of my connections...
I have a 5 IPV4 static block. That's /29 network bits, and a 255.255.255.248 subnet mask. That's 1 IP for the gateway and 5 IPs for me.
Now with IPV6 that would all have to change. The sizing is different. Comcast would have to allocate an 8 IPV6 block with /125 network bits. That should equate to 1 IP for the gatway and 7 IPs for me. If they didn't do that the next block is a 4 IP block which would mean I would lose one IP address.
Then of course there's the pricing structure for the new addressing. I would hope the 7 IP IPV6 would be the same as the 5 IPV4 block. But I highly doubt that will be the case. I would image charging for static IPs is a cash cow and that wouldn't be easy to give up. After all, the /13 range I'm on costs a whopping 3 cents per IP (cost info is available on the ARIN site). 😉
0
0
esj
New Contributor
•
1 Message
9 years ago
So I gather from reading this forum that Comcast is unable to have DNS "..ip6.arpa" handoffs to match the DHCP-PD. That is a shame. Had been sending mail from our ipv6 address for a couple weeks now before I got hit with the google block. Having appropriate SPF records for it does not seem to appease the google either. SIgh. I wound up having to tell my MTA (postfix) to only send from my Hurricane Electric tunnel address (HE has web page to configure your reverse DNS zone handoffs)....
So close we are, but yet so far...
E
0
0
tmittelstaedt
Problem solver
•
326 Messages
9 years ago
Requiring a valid PTR is a RFC violation anyway.
I also use an HE tunnel for outbound IPv6 mail. Inbound mail via IPv6 works perfectly, though.
0
0