On 6/9/2016 11:21 AM, Sebastian Hagedorn wrote:
Hi,
since around 13:00 UTC today all of the sudden we see massive rejects of
mails towards Google when delivering on IPv6
Jun 9 15:12:07 lxmhs52 postfix-postout/smtp[50664]: 3rQQgp3VQTzyWn:
to=<x...@gmail.com>,
relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b]:25, delay=0.7,
delays=0.01/0/0.16
/0.53, dsn=5.7.1, status=bounced (host
gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b] said: 550-5.7.1 This
message does not have authentication information or fails to pass
550-5.7.1 authentication checks. To best protect our users from spam,
the 550-5.7.1 message has been blocked. Please visit 550-5.7.1
https://support.google.com/mail/answer/81126#authentication for m
ore 550 5.7.1 information. d7si7802319wjc.145 - gsmtp (in reply to end
of DATA command))
Header-From and Envelope-From are aligned, the sending domain does not
have any DKIM/SPF/DMARC published. We're working on DKIM, but this is
not rolled out for all domains yet. The hosts in question do have proper
FCrDNS, i.e.
http://multirbl.valli.org/fcrdns-test/2001%3A4ca0%3A0%3A103%3A%3A81bb%3Af
f89.html
Anyone seeing the same? From outside it looks like Google has
implemented the "all mail delivered over IPv6 has to be DKIM/SPF
authenticated" previously done by Microsoft, but without the softfail.
FWIW: we deliver via IPv6 to Google, and we are currently not
affected. We don't yet use DKIM, but we do have an SPF record that
advertises both our IPv4 and our IPv6 subnets. Of course I don't know
if that's the reason our mails are accepted.
Cheers
Sebastian
--
Sebastian Hagedorn - Postmaster - Weyertal 121, Zimmer 2.02
Regionales Rechenzentrum (RRZK)
Universität zu Köln / Cologne University - Tel. +49-221-470-89578
Here, we have always had proper reverse entries for IPv4 and IPv6 and
have been delivering to gmail for a couple of years over IPv6. And yes
today we are also effected. Looks like publishing an SPF record is
enough to clear this issue.
Lyle Giese
LCR Computer Services, Inc.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
