On 2018-01-20 12:34, Karol Augustin wrote:
Hi,
Until recently I was using HE tunnel as IPv6 provider until AWS enabled native IPv6 support in my region and everything was working without problems. Since I have enabled native IPv6 on my mail server and have problem with DANE tester site https://dane.sys4.de/smtp/augustin.pl
It always times out on IPv6 address and I am confident that everything is configured properly as I receive lots of connections by IPv6 including gmail, Debian and Postfix mailing lists etc.
Ok, it looks like I am hitting firewall on mail.sys4.de:
Jan 20 12:35:00 mail postfix/smtp[29506]: connect to mail.sys4.de[2001:1578:400:111::7]:25: Permission denied Jan 20 12:35:06 mail postfix/smtp[29506]: Verified TLS connection established to mail.sys4.de[194.126.158.132]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
ping 2001:1578:400:111::7 PING 2001:1578:400:111::7(2001:1578:400:111::7) 56 data bytes
From 2001:1578:0:ff::1:2 icmp_seq=2 Destination unreachable:
Administratively prohibited
From 2001:1578:0:ff::1:2 icmp_seq=3 Destination unreachable:
Administratively prohibited
From 2001:1578:0:ff::1:2 icmp_seq=8 Destination unreachable:
Administratively prohibited
Is there any reason for blocking AWS IPv6?
Jan 20 06:32:38 mail postfix/postscreen[17537]: CONNECT from [2604:8d00:0:1::4]:54406 to [2a05:d018:76d:5af6:d050:9b30:6bf7:df98]:25 Jan 20 06:32:38 mail postfix/postscreen[17537]: WHITELISTED [2604:8d00:0:1::4]:54406 Jan 20 06:32:38 mail postfix/smtpd[17538]: connect from russian-caravan.cloud9.net[2604:8d00:0:1::4] Jan 20 06:32:39 mail postfix/smtpd[17538]: Trusted TLS connection established from russian-caravan.cloud9.net[2604:8d00:0:1::4]: TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)
You can see test results here: https://network-tools.webwiz.net/email-test.htm?email=augustin%2Epl&conn...
Is there any known problem with DANE tester IPv6 configuration?
I appreciate your help.
Karol