Thanks, Dick and Franck, that URL has some great information.
I'm 99% sure that neither Office365 customer turned IPv6 on and off, especially
in the same afternoon (that MSDN blog entry notes that the customer has to
specifically request it), so I'm guessing that something happened at MSFT that
it accidentally turned on for a while for some customers.
Frank
-Original Message-
From: Dick Visser [mailto:vis...@terena.org]
Sent: Thursday, November 27, 2014 1:02 PM
To: Frank Bulk
Cc: mai...@mailop.org; IPv6 operators forum
Subject: Re: IPv6 addresses for Microsoft Office 365 hosted domains?
On a related note, I'm in the process of setting up mail for our new
domain, and Office365 was one of the options.
I was surprised to see that Office 365 hosted domains have only one
MX, which resolves to only two IPv4 addresses:
visser@cajones:~$ host geant-org.mail.protection.outlook.com.
geant-org.mail.protection.outlook.com has address 213.199.154.87
geant-org.mail.protection.outlook.com has address 213.199.154.23
Both sit in the same network, which seems like a bad idea.
Unless this is anycast? Can't tell from here.
However, MS seems to have changed things recently:
http://blogs.msdn.com/b/tzink/archive/2014/10/28/support-for-anonymous-inbound-email-over-ipv6-in-office-365.aspx
Better late than never.
The alternative for e-mail is Google Apps, which has IPv6 for years.
Dick
On 27 November 2014 at 03:00, Frank Bulk frnk...@iname.com wrote:
This afternoon I saw several log messages in our email server's logs in
relation to emails our local business customer (who uses our ISP email
server) was trying to send to a Microsoft Office 365 hosted domain:
[:::12.43.166.xx] Site target domain redacted
(2a01:111:f400:7c0c::11) said after data sent: 554 5.7.1 Service
unavailable, message sent over IPv6 [2607:fe28:0:4000::10] must pass SPF or
DKIM validation (message not signed)
The PTR for 2a01:111:f400:7c0c::11 is
mail-by26c0c.inbound.protection.outlook.com.
But when I check the MX record of the target domain I see there's no
for the redacted.mail.eo.outlook.com, just three A's.
Fortunately we control our local business customer's DNS and I've added in
our email server's DKIM so that future emails, if they were sent over IPv6,
should be accepted by Microsoft. Our customer has no SPF record.
I also saw two log messages for two Microsoft Office 365 hosted domains:
26 13:30:59.00 [56882563] Failed :::199.120.69.25
notification+kyg2k...@facebookmail.com target domain1 email redacted
9259 1502549920004098-1497189607206...@groups.facebook.com
[:::199.120.69.25] ubad=0, Site (target domain1
redacted/2a01:111:f400:7c10::1:10) said: 550 5.2.1 Service Unavailable,
[target domain1 redacted] does not accept email over IPv6
26 19:04:52.00 [83985160] Failed :::12.43.166.20 from redacted target
domain2 email redacted 6546 0EBCBB96763E41B2A4CD9A4CD3DD94BE@sp.local
[:::12.43.166.20] ubad=1, Site (target domain2 email
redacted/2a01:111:f400:7c0c::11) said: 550 5.2.1 Service Unavailable,
[target domain2 email redacted] does not accept email over IPv6
There's no PTR for 2a01:111:f400:7c10::1:10. I checked the last 7 days of
logs I only saw these today.
It's like Microsoft published some 's for some MX records, but then
withdrew them, but not before there were a few failures.
Frank
--
Dick Visser
Sr. System Networking Engineer
GÉANT Association, Amsterdam Office (formerly TERENA)
Singel 468D, 1017 AW Amsterdam, the Netherlands
Tel: +31 (0) 20 530 4488
GÉANT Association
Networking. Services. People.
Learn more at: http://www.géant.org
