Hello,
just as a FYI, heads up.
We did wind up using the hostlist/ignore_target_hosts bit in the end,
since google in their infinite wisdom also reject anything not
DMARC/SPF/DKIM "authenticated" via v6. It works just fine via v4.
https://www.spamresource.com/2020/11/honestly-dont-send-to-gmail-over-ipv6.html
Christian
On Wed, 16 Feb 2022 21:45:31 +0000 Jeremy Harris via Exim-users wrote:
> On 16/02/2022 07:17, Christian Balzer via Exim-users wrote:
> > Now the reason this happens is that the local iptables
> > (Established, Related is set) is starting to reject packets coming back
> > from google to here after about 2 seconds. (dump attached)
>
> That's... cute. I take it the sample packet content of
> the ICMPs shows nothing objectionable?
>
> You could turn on iptables (or whatever *tables it is these days)
> logging, that might give a hint on why the reject.
>
> I can't see right away why this would affect *only* TCP/25
> unless you have some odd rules in there.
>
>
> As to why retry always goes to ipv4, hmm.
> Does anything end up for the ipv6 addr in question in a hints DB?
>
>
> You could always just punt on trying to talk ipv6 to G :-
>
> hostlist google_ipv6 = <; 2001:4860::/32 ; 2401:fa00::/32 ; 2404:6800::/32 ; 2600:1900::/28 \
> ; 2605:ef80::/32 ; 2607:f8b0::/32 ; 2620:0:1000::/40 ; 2620:120:e000::/40 ; 2620:15c::/36 \
> ; 2800:3f0::/32 ; 2a00:1450::/32 ; 2a00:79e0::/32 ; 2a03:ace0::/32 ; 2c0f:fb50::/32
>
> # dnslookup router
> ignore_target_hosts = +google_ipv6
> --
> Cheers,
> Jeremy
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>
--
Christian Balzer Network/Systems Engineer
chibi@??? Rakuten Communications
