Re: [exim] wanna turn off ipv6 when sending to gmail

Pàgina inicial
Delete this message
Reply to this message
Autor: Phil Pennock
Data:  
A: Randy Bush
CC: exim users
Assumpte: Re: [exim] wanna turn off ipv6 when sending to gmail
On 2015-08-27 at 11:23 +0900, Randy Bush wrote:
> so the gmail ipv6 anti-spam nazis are discused endlessly. i want to
> turn off ipv6 when sending to gmail/google. but how?


Two approaches; the second approach is simpler and covers other domains
hosted by gmail, but requires dynamic list maintenance over time (a la
bogons).

Honestly, I haven't seen issues with IPv6 to Google MX, but I use DKIM
and some time back relented and published SPF too. That's all it's
taken.


Approach 1
----------

Two routers for remote delivery. The second router is your usual
dnslookup outbound mail router.

The first one is almost identical, but has a `domains = +ipv6_only`
restriction to use an `ipv6_only` domainlist which you define in the
first section of the config. You can feed that via external files, or
just hardcode gmail.com, or whatever.

On this first router, specify:

ignore_target_hosts = <; ::/0

(Change list separator to semi-colon, then exclude all IPv6 addresses).


Approach 2
----------

Keep one router. Have all outbound messages go through that. But use:

ignore_target_hosts = +blacklisted_ipv6_space

Define `domainlist blacklisted_ipv6_space = /etc/mail/ipv6-blacklist` or
whatever, to reference a list of addresses. Optionally use a fancier
lookup type, if you're going to have more than a few entries which fit
in a single page of cache RAM and for which a linear search is faster
than a fancy search.

Put all of Google's IPv6 space into that file. Track changes and update
accordingly.

For you, I suspect it'll be simplest to find out which IPv6 blocks are
originating from Google's AS by querying your router, and put it on a
periodic maintenance tasklist to refresh it.


-Phil