On 2018-01-20 12:34, Karol Augustin wrote: > Hi, > > > Until recently I was using HE tunnel as IPv6 provider until AWS enabled > native IPv6 support in my region and everything was working without > problems. > Since I have enabled native IPv6 on my mail server and have problem with > DANE tester site https://dane.sys4.de/smtp/augustin.pl > > It always times out on IPv6 address and I am confident that everything > is configured properly as I receive lots of connections by IPv6 > including gmail, Debian and Postfix mailing lists etc.
Ok, it looks like I am hitting firewall on mail.sys4.de: Jan 20 12:35:00 mail postfix/smtp[29506]: connect to mail.sys4.de[2001:1578:400:111::7]:25: Permission denied Jan 20 12:35:06 mail postfix/smtp[29506]: Verified TLS connection established to mail.sys4.de[194.126.158.132]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) ping 2001:1578:400:111::7 PING 2001:1578:400:111::7(2001:1578:400:111::7) 56 data bytes >From 2001:1578:0:ff::1:2 icmp_seq=2 Destination unreachable: Administratively prohibited >From 2001:1578:0:ff::1:2 icmp_seq=3 Destination unreachable: Administratively prohibited >From 2001:1578:0:ff::1:2 icmp_seq=8 Destination unreachable: Administratively prohibited Is there any reason for blocking AWS IPv6? > > Jan 20 06:32:38 mail postfix/postscreen[17537]: CONNECT from > [2604:8d00:0:1::4]:54406 to [2a05:d018:76d:5af6:d050:9b30:6bf7:df98]:25 > Jan 20 06:32:38 mail postfix/postscreen[17537]: WHITELISTED > [2604:8d00:0:1::4]:54406 > Jan 20 06:32:38 mail postfix/smtpd[17538]: connect from > russian-caravan.cloud9.net[2604:8d00:0:1::4] > Jan 20 06:32:39 mail postfix/smtpd[17538]: Trusted TLS connection > established from russian-caravan.cloud9.net[2604:8d00:0:1::4]: TLSv1 > with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits) > > You can see test results here: > https://network-tools.webwiz.net/email-test.htm?email=augustin%2Epl&connectionType=sslexplicit25&TLSProtocol=tls1%2E2&allmx=true&rdns=true&IPv6=true > > Is there any known problem with DANE tester IPv6 configuration? > > I appreciate your help. > > Karol -- Karol Augustin [email protected] http://karolaugustin.pl/ +353 85 775 5312
