Auteur: Phil Pennock Date: À: Randy Bush CC: exim users Sujet: Re: [exim] wanna turn off ipv6 when sending to gmail
On 2015-08-27 at 11:23 +0900, Randy Bush wrote: > so the gmail ipv6 anti-spam nazis are discused endlessly. i want to
> turn off ipv6 when sending to gmail/google. but how?
Two approaches; the second approach is simpler and covers other domains
hosted by gmail, but requires dynamic list maintenance over time (a la
bogons).
Honestly, I haven't seen issues with IPv6 to Google MX, but I use DKIM
and some time back relented and published SPF too. That's all it's
taken.
Approach 1
----------
Two routers for remote delivery. The second router is your usual
dnslookup outbound mail router.
The first one is almost identical, but has a `domains = +ipv6_only`
restriction to use an `ipv6_only` domainlist which you define in the
first section of the config. You can feed that via external files, or
just hardcode gmail.com, or whatever.
On this first router, specify:
ignore_target_hosts = <; ::/0
(Change list separator to semi-colon, then exclude all IPv6 addresses).
Approach 2
----------
Keep one router. Have all outbound messages go through that. But use:
ignore_target_hosts = +blacklisted_ipv6_space
Define `domainlist blacklisted_ipv6_space = /etc/mail/ipv6-blacklist` or
whatever, to reference a list of addresses. Optionally use a fancier
lookup type, if you're going to have more than a few entries which fit
in a single page of cache RAM and for which a linear search is faster
than a fancy search.
Put all of Google's IPv6 space into that file. Track changes and update
accordingly.
For you, I suspect it'll be simplest to find out which IPv6 blocks are
originating from Google's AS by querying your router, and put it on a
periodic maintenance tasklist to refresh it.