Exim refuses IPv6 connections

[Panormitis]

When doing a "telnet localhost 25" Exim accepts connections just fine.
However, when doing "telnet localhost6 25" or "telnet ::1 25" I get a "Connection Refused" error.
It seems Exim listens to ports 25, 587 & 465, but only for IPv4 addresses.

The ports are open in ip6tables and Exim is compiled with IPv6 support (verified by "exim -bV | grep Support"), but Exim refuses IPv6 connections.

Any ideas?
Should I change something in exim.conf to allow IPv6 connections?
In case it matters, it's a CentOS 6 system.

 

[SeLLeRoNe]

Check if you have in /etc/exim.conf this line:

disable_ipv6=true

If yes, set it to false.

If this didnt help, please provide your exim.conf version (and also consider to update it to latest from CB)

Regards

 

[LawsHosting]

By the way, IPv6 might break SPF checks - it did for me even though all the rDNS were set, so be warned

 

[Panormitis]

SeLLeRoNe, I haven't set disable_ipv6=true in exim.conf (this was one of the things I checked too).
But your advise got me wondering what would happen if I set it as disable_ipv6=false.
Then Exim complained: disable_ipv6 option set for the second time.
So I did a grep -r "disable_ipv6" /etc and it appears disable_ipv6=true is set in /etc/exim.variables.conf.
I changed it and I added disable_ipv6=false to /etc/exim.variables.conf.custom.
Exim accepts IPv6 connections now. Thanks for the advice.

Peter thanks for the warning, I'll check about SPF.
I was thinking to create a script to add the IPv6 address to the SPF record automatically, when a domain/account is created.

 

[Petertjuh360]

Peter thanks for the warning, I'll check about SPF.
I was thinking to create a script to add the IPv6 address to the SPF record automatically, when a domain/account is created.

See http://www.directadmin.com/features.php?id=1549

 

[Panormitis]

See http://www.directadmin.com/features.php?id=1549

Thanks for the link.
However I have set Exim to send e-mails from the user's IP address, so I would prefer something like: |DOMAIN|.="v=spf1 a mx ip4:|IP4| ip6:|IP6| ~all"
Where |IP4| & |IP6| would be substituted with the user's IPs, but unfortunately something like that is not supported by DirectAdmin.

In my opinion, it would be a nice feature to have.
For now, I might be able to create a shell script, to manipulate the SPF record accordingly.

 

[LawsHosting]

See http://www.directadmin.com/features.php?id=1549

Even that will break IPv4 SPF checks (I assume it'll break), if you use this http://www.directadmin.com/features.php?id=1692 (like I do)
|SERVER_IP| should be the actual IP of the domains.

I'm still waiting for John to comment.

 

[Panormitis]

I'm testing Exim with IPv6 and so far I found out the following:

The ifcfg-ethX file must have "IPV6_AUTOCONF=no" to prevent the network interface from getting link-local addresses, because Exim tends to use it as an outgoing address.

If an e-mail is sent to a GMail address, it would be rejected because the IPv6 address is not included in the SPF record.
Since Exim is configured to send e-mails from each user's IP, I had to either and the appropriate IPv6 address to the SPF record of each domain/user or just add a range of addresses on all SPF records.
So I decided to add to directadmin.conf something like "extra_spf_value= ip6:1234:1234:1234:58::1/112", and edited the SPF records of the zone files.
Well, it's not a very elegant solution (each SPF record now allows an IPv6 address range from 1234:1234:1234:58::1 to 1234:1234:1234:58::ffff and not just one address), but it works.
Google is happy now and accepts the SPF.

However when Exim contacts Google's server to send e-mail, it doesn't use the IPv6 address of the domain or the default IPv6 address of the server.
It uses the last IPv6 address configured on the ifcfg-ethX interface.
This looks strange to me, perhaps it's a bug.
How could I prevent this behavior and make Exim use the appropriate IPv6 address of the user to send e-mail?
Any ideas?

 

[Panormitis]

Even that will break IPv4 SPF checks (I assume it'll break), if you use this http://www.directadmin.com/features.php?id=1692 (like I do)
|SERVER_IP| should be the actual IP of the domains.

I'm still waiting for John to comment.

Peter, I'm already using http://www.directadmin.com/features.php?id=1692

 

[zEitEr]

It uses the last IPv6 address configured on the ifcfg-ethX interface.
This looks strange to me, perhaps it's a bug.
How could I prevent this behavior and make Exim use the appropriate IPv6 address of the user to send e-mail?
Any ideas?

Hello,

Yes, that's true. And you can see an output of ifconfig and that IPv6 addresses are not sorted the traditional way. It was already discussed here a number of times, and still I have not found a solution for this. Unless to configure exim to choose IPv6 on a specified criteria.

 

[Panormitis]

Perhaps Exim's behavior is related to this bug: https://bugs.exim.org/show_bug.cgi?id=1141
I even tried "connection_max_messages = 1" as suggested in comment #6 of the bug, but it didn't help.

Since I'm using http://www.directadmin.com/features.php?id=1692 I thought that Exim would pick the correct IP based on /etc/virtual/domainips & /etc/virtual/helo_data

 

[Erulezz]

Sorry for the bump but i have the same problem. Did you find a solution?

Emails are send with the default IPv6 address, not the address of the user.