mail servers (MX) having an IPv6 address can not be reached over IPv6

[Awd]

Hello,

I added an IPv6 to Directadmin, so all websites are reachable by IPv4 and IPv6. I followed this tutorial:
https://help.directadmin.com/item.php?id=353

When I check if everything works with IPv6 I get this for mail.

* all mail servers (MX) come with an IPv6 address. Mailservers: mail.example.com.
* some mail servers (MX) having an IPv6 address can not be reached over IPv6:
mail.example.com.
* A sufficient number of name servers (NS) come with an IPv6 address.
* Nameservers with an IPv6 address: nszero2.axc.nl., nszero1.axc.nl.
* Nameservers with an IPv4 address: nszero2.axc.nl., nszero1.axc.nl.
* all name servers (NS) having an IPv6 address are also reachable through IPv6

I can´t find what is wrong. Anyone an idea where to look?

Kind regards, Fred

 

[ikkeben]

How should someone support help you if you don't give domain/mailservername only

mail.example.com.

 

[Awd]

Sorry,
mailservername: mail.trails4fun.nl.

 

[Active8]

Fix your rDNS for ipv6:

Reverse Entries for MX records
WARNING: Found mail servers with inconsistent reverse DNS entries. You should fix them if you are using those servers to send email.
Server IP PTR (Reverse) IPs
mail.trails4fun.nl. 185.133.73.8 server.alentejohosting.nl. 185.133.73.8
mail.trails4fun.nl. 2a06:7a03:2:123:ffff:1284:17cb:2 ? ?

More Test:
Mail server IPv6 connectivity
Connecting to mail.trails4fun.nl [2a06:7a03:2:123:ffff:1284:17cb:2]...
Failed to connect

Reverse DNS for mail server IPv6 addresses
Checking reverse DNS for mail.trails4fun.nl...
Checking 2a06:7a03:2:123:ffff:1284:17cb:2...
No reverse DNS for mail.trails4fun.nl

 

[zEitEr]

Hello,

pings go fine:

# ping6 2a06:7a03:2:123:ffff:1284:17cb:2
PING 2a06:7a03:2:123:ffff:1284:17cb:2(2a06:7a03:2:123:ffff:1284:17cb:2) 56 data bytes
64 bytes from 2a06:7a03:2:123:ffff:1284:17cb:2: icmp_seq=1 ttl=57 time=8.27 ms
64 bytes from 2a06:7a03:2:123:ffff:1284:17cb:2: icmp_seq=2 ttl=57 time=8.24 ms
^C
--- 2a06:7a03:2:123:ffff:1284:17cb:2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1615ms
rtt min/avg/max/mdev = 8.241/8.255/8.270/0.092 ms

telnet fails:

# telnet 2a06:7a03:2:123:ffff:1284:17cb:2 25
Trying 2a06:7a03:2:123:ffff:1284:17cb:2...
telnet: connect to address 2a06:7a03:2:123:ffff:1284:17cb:2: Connection refused

telnet to 80 ports succeed:

# telnet 2a06:7a03:2:123:ffff:1284:17cb:2 80
Trying 2a06:7a03:2:123:ffff:1284:17cb:2...
Connected to 2a06:7a03:2:123:ffff:1284:17cb:2.
Escape character is '^]'.
^CConnection closed by foreign host.

it would mean:

1. either firewall blocks connections to IPv6 on 25 port (disable firewall and check again)
2. or exim is running with disable_ipv6=true

check

grep ^disable_ipv6 /etc/exim*

and try to enable it with:

echo "disable_ipv6=true" >> /etc/exim.variables.conf.custom
cd /usr/local/directadmin/custombuild
./build update
./build set eximconf yes
./build eximconf

and check it once more again:

grep ^disable_ipv6 /etc/exim*

 

[Awd]

Hi Guys,

Many thanks for helping. I am aware that there is no rDNS yet, I asked my IP provider already, but now already waiting for a week...

Alex, your solution helped me, in these files I found and changed it to =false
/etc/exim.variables.conf:disable_ipv6=true
/etc/exim.variables.conf.custom:disable_ipv6=true

Now it works, everyone many thanks for helping me out. I appreciate this!

Have a nice day.
Kind regards, Fred

 

[zEitEr]

With IPv6 enabled in Exim you might have issues when sending emails to Gmail/Hotmail/Yahoo if you have no valid rDNS for IPv6 as it was mentioned by user Active8.

Thus if you see errors in exim logs related to IPv6 then you will probably need disable IPv6 exim until you get rDNS ready.

 

[Awd]

I still have another issue.

First, I disabled (temporary IPV6 in exim, as I am still waiting for a valid rDNS).
When I go to the website: internet.nl and I check my email I get a warning:
hostname of mail server does not match certificate:

hostname: trails4fun.nl 
domains on the certificate: server.alentejohosting.nl, ['ftp.server.alentejohosting.nl', 'mail.server.alentejohosting.nl', 'pop.server.alentejohosting.nl', 'server.alentejohosting.nl', 'smtp.server.alentejohosting.nl', 'www.server.alentejohosting.nl']

Is it possible to set automatic a correct hostname (for all domains?) in Exim?
Kind regards,
Fred

 

[zEitEr]

Yes and "No".

Yes, because it's technically possible: https://help.directadmin.com/item.php?id=675

NOTE: You need to use SNI with Dovecot and Exim. Directadmin started to support Dovecot SNI officialy, and Exim SNI is still beta in Directadmin and is not available by default.

And "No", because you need to control DNS for all existing domains and be sure that they point to your server, otherwise letsencrypt will fail to validate a domain.

 

[Awd]

Thanks Alex