SPF Gmail Fail ipv6

I have mail successfully working using postfix/dovecot. However, I realized that when mailing to GMAIL and connecting via ipv6 address for my linode, gmail SPF headers show that it is a softfail. It works perfectly when it connects via ipv4, my standard linode address. I have set up SPF records, trying numerous combinations. The only way I could squelch this for now was to completely disable ipv6. Does anyone know if there is a solution or if I am just doing something wrong? Any help is greatly appreciated. DNS is syntactically OK and so is the SPF txt record according to tools i have used.

I set reverse dns in linode for the ip4 and ip6 pointing to my main host dags.io

DNS Zone File, including TXT record.

; dags.io [570724]

$TTL 86400

@ IN SOA ns1.linode.com. dave.dags.io. 2014050849 14400 14400 1209600 86400

@ NS ns1.linode.com.

@ NS ns2.linode.com.

@ NS ns3.linode.com.

@ NS ns4.linode.com.

@ NS ns5.linode.com.

@ MX 1 dags.io.

@ MX 1 iver.dags.io.

@ TXT "v=spf1 a mx ip4:50.116.36.39 ip6:2600:3c02::f03c:91ff:fe6e:3d73 ~all"

@ A 50.116.36.39

iver A 50.116.36.39

mail A 50.116.36.39

www A 50.116.36.39

yum A 50.116.36.39

@ AAAA 2600:3c02::f03c:91ff:fe6e:3d73

iver AAAA 2600:3c02::f03c:91ff:fe6e:3d73

mail AAAA 2600:3c02::f03c:91ff:fe6e:3d73

www AAAA 2600:3c02::f03c:91ff:fe6e:3d73

yum AAAA 2600:3c02::f03c:91ff:fe6e:3d73

IPv6 Failed SPF GMAIL Header

Return-Path: <[email protected]>

Received: from iver (dags.io. [2600:3c02::f03c:91ff:fe6e:3d73])

by mx.google.com with ESMTP id z46si2526127yhl.4.2014.05.08.11.02.07

for <[email protected]>;

Thu, 08 May 2014 11:02:07 -0700 (PDT)

Received-SPF: softfail (google.com: domain of transitioning [email protected] does not designate 2600:3c02::f03c:91ff:fe6e:3d73 as permitted sender) client-ip=2600:3c02::f03c:91ff:fe6e:3d73;

IPv4 WORKING SPF GMAIL Header

Received: from iver (dags.io. [50.116.36.39])

by mx.google.com with ESMTP id t64si2495603yhd.78.2014.05.08.11.01.20

for <[email protected]>;

Thu, 08 May 2014 11:01:20 -0700 (PDT)

Received-SPF: pass (google.com: domain of [email protected] designates 50.116.36.39 as permitted sender) client-ip=50.116.36.39;

6 Replies

ok - well, i just checked and with no other changes, it suddenly is working! I did add reverse DNS for my ip6 address this morning so maybe it just took longer to get through to googs.

either way, seems it is working now!

DNS records have a TTL associated with them. If a client (eg google) has looked up a record (eg your TXT record) then it'll cache the result for the duration of the TTL. I think linode TTLs are 1 day, so any DNS change you make might take up to 24 hours to propagate fully.

(Also google doesn't strictly follow DNS semantics, but it's close enough).

How did you set a reverse DNS for your IP6 address?

Cheers

Nap

@Napoleon:

How did you set a reverse DNS for your IP6 address?

You can set RDNS for IPv6 the same as you do IPv4. Create forward AAAA records first, go to Remote Access tab for your Linode, enter the name and click Look Up. We'll check to make sure there's an AAAA record pointing to your Linode's IPv6 address and if there is, you'll be asked to confirm you want to set your reverse record.

@JCurry Ok, thanks.

I had to setup the AAAA records first (which is what I did wrong when I tried it earlier). Then, after waiting for the propagation, the Look Up button asked me if I wanted to use the IP6 address. 8)

While on the subject of DNS setup; If I have an entry with a wildcard hostname, should I still add specific hostnames?

@Napoleon:

While on the subject of DNS setup; If I have an entry with a wildcard hostname, should I still add specific hostnames?

If you have a wildcard record then you only need to set records up for records which differ. Just be careful in the future if you decide to change what the wildcard points to while relying on a specific name that isn't in your zone which you might not want to change with your wildcard.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct