On 2015-08-27 at 11:23 +0900, Randy Bush wrote: > so the gmail ipv6 anti-spam nazis are discused endlessly. i want to > turn off ipv6 when sending to gmail/google. but how?
Two approaches; the second approach is simpler and covers other domains hosted by gmail, but requires dynamic list maintenance over time (a la bogons). Honestly, I haven't seen issues with IPv6 to Google MX, but I use DKIM and some time back relented and published SPF too. That's all it's taken. Approach 1 ---------- Two routers for remote delivery. The second router is your usual dnslookup outbound mail router. The first one is almost identical, but has a `domains = +ipv6_only` restriction to use an `ipv6_only` domainlist which you define in the first section of the config. You can feed that via external files, or just hardcode gmail.com, or whatever. On this first router, specify: ignore_target_hosts = <; ::/0 (Change list separator to semi-colon, then exclude all IPv6 addresses). Approach 2 ---------- Keep one router. Have all outbound messages go through that. But use: ignore_target_hosts = +blacklisted_ipv6_space Define `domainlist blacklisted_ipv6_space = /etc/mail/ipv6-blacklist` or whatever, to reference a list of addresses. Optionally use a fancier lookup type, if you're going to have more than a few entries which fit in a single page of cache RAM and for which a linear search is faster than a fancy search. Put all of Google's IPv6 space into that file. Track changes and update accordingly. For you, I suspect it'll be simplest to find out which IPv6 blocks are originating from Google's AS by querying your router, and put it on a periodic maintenance tasklist to refresh it. -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
