> On Jul 30, 2019, at 11:13 AM, Randy Bush via Exim-users <exim-users@???> wrote:
>
> Google's reputation and hoops of fire for accepting smtp over ipv6 have
> become overly annoying. how can i disable ipv6 when delivering to
> google with out disabling for reasonable ipv6 enabled internet sites.
> or do i have to disable v6 delivery entirely?
FWIW, the Postfix approach to this is "smtp_dns_reply_filter". The documentation
includes:
Example: ignore Google AAAA records in Postfix SMTP client DNS lookups,
because Google sometimes hard−rejects mail from IPv6 clients with valid
PTR etc. records.
/etc/postfix/main.cf:
smtp_dns_reply_filter = pcre:/etc/postfix/smtp_dns_reply_filter
/etc/postfix/smtp_dns_reply_filter:
# /domain ttl IN AAAA address/ action, all case−insensitive.
# Note: the domain name ends in ".".
/^\S+\.google\.com\.\s+\S+\s+\S+\s+AAAA\s+/ IGNORE
This feature is available in Postfix 3.0 and later.
This avoids hardcoding the specific IPv6 addresses, but at the cost of
hardcoding the MX host DNS zone. Note that Google now also has
"mx[1-4].smtp.goog" (DNSSEC signed, used by a minority of customers),
so the pattern would also have to match those:
/^\S+\.(google\.com|smtp\.goog)\.\s+\S+\s+\S+\s+AAAA\s+/ IGNORE
Neither approach is perfect, and I don't think that either Postfix or
Exim support both.
--
Viktor.
