I have trouble sending email to GMail addresses using IPv6 from my domain camgirltools.net
If IPv4 is used, everything works as intended, the mail is delivered. When using IPv6 to send mail to GMail (other parties work) I get a bounce mail back:
host ASPMX.L.GOOGLE.COM[2607:f8b0:4003:c08::1a] said:
550-5.7.1 [2a02:748:a800:ca7:ea75:b12d:f:20 12] Our system has detected that this message is likely unsolicited mail. To reduce the amount of spam sent to Gmail, this message has been blocked.
Please visit http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for more information.j124si9092437oia.0 – gsmtp (in reply to end of DATA command)
(removed unnecessary repetitions of the error code mid-message for better readability)
I do NOT send bulk messages, I get the same error for every individual (and unique) message I send. The same message (headers, data) works over IPv4.
Google states in the documents linked at the help page given in the error message, that:
To ensure that Gmail can identify you:
- Use a consistent IP address to send bulk mail.
- Keep valid reverse DNS records for the IP address(es) from which you send mail, pointing to your domain.
Use the same address in the 'From:' header on every bulk mail you send.We also recommend the following:
- Sign messages with DKIM. We do not authenticate messages signed with keys using fewer than 1024 bits.
- Publish an SPF record.
- Publish a DMARC policy.
Additional guidelines for IPv6
- The sending IP must have a PTR record (i.e., a reverse DNS of the sending IP) and it should match the IP obtained via the forward DNS resolution of the hostname specified in the PTR record. Otherwise, mail will be marked as spam or possibly rejected.
- The sending domain should pass either SPF check or DKIM check. Otherwise, mail might be marked as spam.
From what I can tell, my server and DNS configuration fulfills all these requirements:
- Consistent IPs are used (Postfix settings below)
- Reverse DNS is there, equally for IPv4 and IPv6 (DNS Records below)
- I use DKIM and it's confirmed working for IPv4, there should be no differences to IPv6. Also, DMARC specifies "none".
- SPF is used and valid, confirmed working for IPv4, there should be no difference to IPv6 besides the IP used (and IPv6 is present in the SPF record). Also, DMARC specifies "none".
-
DMARC is present and confirmed working
-
Sending IP has PTR, matches the IP obtained via forward DNS (DNS entries see below, Postfix config for IP used see below, also the bounce mail states clearly that the correct IP has been used)
- Sending domain passes SPF and DKIM, confirmed working for IPv4 and for other targets but GMail.
Neither my domain nor any of my IP addresses can be found on any blacklist (feel free to check: domain, IPv4, IPv6), and they haven't been blacklisted by Google either (error message for that states "IP has been blacklisted" instead of "message has been blocked".
My DNS records look like this (roughly sorted by relevance for this question):
$ dig -tany camgirltools.net
camgirltools.net. 3599 IN A 162.252.175.125
camgirltools.net. 3599 IN AAAA 2a02:748:a800:ca7:ea75:b12d:f:20
camgirltools.net. 3599 IN MX 0 camgirltools.net.
camgirltools.net. 3599 IN TXT "v=spf1 ip4:162.252.175.125 ip6:2a02:748:a800:ca7:ea75:b12d:f:20 mx include:_spf.google.com -all"
camgirltools.net. 21599 IN NS ns1.camgirltools.net.
camgirltools.net. 21599 IN NS ns2.camgirltools.net.
camgirltools.net. 21599 IN NS ns3.camgirltools.net.
camgirltools.net. 21599 IN NS ns4.camgirltools.net.
camgirltools.net. 21599 IN NS ns5.camgirltools.net.
camgirltools.net. 21599 IN SOA ns1.camgirltools.net. hostmaster.camgirltools.net. 2014121507 10800 3600 604800 3600
$ dig -tany mail._domainkey.camgirltools.net
mail._domainkey.camgirltools.net. 3599 IN TXT "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyohctAU5fDdWFEtbVNny85RCMVXZLto01bWc3adSQMVJ9w7HQXaTuq/j10Fip70VxqeyL2bXsz8yg9Xb3NQ6yGqPINBqSKG2pduDNahsjXj/y/nstXiXXkXMEH8JLlBEwNM//GWgjHkL/2B75hTx+7j5sh010qhv6vyHkTEFDgwIDAQAB"
$ dig -tany _dmarc.camgirltools.net
_dmarc.camgirltools.net. 3599 IN TXT "v=DMARC1\; p=none\; sp=none\; aspf=r\; adkim=r\; rua=mailto:postmaster@camgirltools.net\;"
$ dig -x 162.252.175.125
125.175.252.162.in-addr.arpa. 14399 IN PTR camgirltools.net.
$ dig -x 2a02:748:a800:ca7:ea75:b12d:f:20
0.2.0.0.f.0.0.0.d.2.1.b.5.7.a.e.7.a.c.0.0.0.8.a.8.4.7.0.2.0.a.2.ip6.arpa.
14399 IN PTR camgirltools.net.
DKIM and SPF have been tested and work for IPv4, glue records for DNS are all fine.
Relevant parts from Postfix config (feel free to ask for more parameters if needed):
mydomain = camgirltools.net
myhostname = $mydomain
inet_interfaces = all
inet_protocols = all
smtp_bind_address6 = 2a02:748:a800:ca7:ea75:b12d:f:20
Skipped DKIM config as it's working for IPv4, but I can provide it if needed.
So – what do I miss here?
Best Answer
I have no problems sending email to GMail over IPv6. However, I have a dedicated sub-domain for my mail server. (In my experience and research, I have found second level domains are most likely spammers.)
IPv6 tends to be much easier to configure correctly for email serves (rDNS) etc. You might be flagged as the address you are using looks like it may be based on the MAC address. Try configuring the address so that you can use "::" in it.
The MX in your SPF record is redundant as the IP specification already specify the addresses. Also, including Google's SPF record if you aren't using them as an MX may be a flag. I believe their
~allpolicy will trump your-allpolicy.MX priorities are usually non-zero, you may want to try 10 instead.