dane.sys4.net IPv6 problem

Karol Augustin karol at augustin.pl
Sat Jan 20 13:45:58 CET 2018 

On 2018-01-20 12:34, Karol Augustin wrote:
> Hi,
> 
> 
> Until recently I was using HE tunnel as IPv6 provider until AWS enabled
> native IPv6 support in my region and everything was working without
> problems.
> Since I have enabled native IPv6 on my mail server and have problem with
> DANE tester site https://dane.sys4.de/smtp/augustin.pl
> 
> It always times out on IPv6 address and I am confident that everything
> is configured properly as I receive lots of connections by IPv6
> including gmail, Debian and Postfix mailing lists etc.

Ok, it looks like I am hitting firewall on mail.sys4.de:

Jan 20 12:35:00 mail postfix/smtp[29506]: connect to
mail.sys4.de[2001:1578:400:111::7]:25: Permission denied
Jan 20 12:35:06 mail postfix/smtp[29506]: Verified TLS connection
established to mail.sys4.de[194.126.158.132]:25: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

ping 2001:1578:400:111::7
PING 2001:1578:400:111::7(2001:1578:400:111::7) 56 data bytes
>From 2001:1578:0:ff::1:2 icmp_seq=2 Destination unreachable:
Administratively prohibited
>From 2001:1578:0:ff::1:2 icmp_seq=3 Destination unreachable:
Administratively prohibited
>From 2001:1578:0:ff::1:2 icmp_seq=8 Destination unreachable:
Administratively prohibited

Is there any reason for blocking AWS IPv6?

> 
> Jan 20 06:32:38 mail postfix/postscreen[17537]: CONNECT from
> [2604:8d00:0:1::4]:54406 to [2a05:d018:76d:5af6:d050:9b30:6bf7:df98]:25
> Jan 20 06:32:38 mail postfix/postscreen[17537]: WHITELISTED
> [2604:8d00:0:1::4]:54406
> Jan 20 06:32:38 mail postfix/smtpd[17538]: connect from
> russian-caravan.cloud9.net[2604:8d00:0:1::4]
> Jan 20 06:32:39 mail postfix/smtpd[17538]: Trusted TLS connection
> established from russian-caravan.cloud9.net[2604:8d00:0:1::4]: TLSv1
> with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)
> 
> You can see test results here:
> https://network-tools.webwiz.net/email-test.htm?email=augustin%2Epl&connectionType=sslexplicit25&TLSProtocol=tls1%2E2&allmx=true&rdns=true&IPv6=true
> 
> Is there any known problem with DANE tester IPv6 configuration?
> 
> I appreciate your help.
> 
> Karol

-- 
Karol Augustin
karol at augustin.pl
http://karolaugustin.pl/
+353 85 775 5312

More information about the dane-users mailing list