A while I ago my server at hetzner started having trouble sending mail to gmail accounts so I asked the world if there was someone out there with the same problem. Someone told me gmail has some random problems using ipv6 but mine didn’t looked very random.
The message I got in return said:
gmail-smtp-in.l.google.com[2a00:1450:4001:c02::1b] said: 550-5.7.1 [2a01:4f8:d13:3c03::C0:FF:EE] Our system has detected an unusual rate 550-5.7.1 of unsolicited mail originating from your IP address. To protect our 550-5.7.1 users from spam, mail sent from your IP address has been blocked. 550-5.7.1 Please visit http://www.google.com/mail/help/bulk_mail.html to review 550 5.7.1 our Bulk Email Senders Guidelines. v46si12358een.61 - gsmtp (in reply to end of DATA command)
So I started searching to find out what went wrong. First I expected to find some strange processes on my system but I couldn’t find any I didn’t wanted to start. Even my postfix logging didn’t showed anything unusual so I started wondering if gmail wasn’t wrong about their message. But even the click here for more help brought me back to the startpage.
To be really really sure their wasn’t anything wrong, I did two thing:
- I started tcpdump to log all traffic going out on ipv6 on smtp
- I waited, expecting gmail to finally allow my server sending mail to their server
But it didn’t help: there was no strange traffic and gmail still didn’t allow me. On the page gmail was pointing to in their error message they give you some hints when sending out bulk mail. Although I wasn’t doing naughty stuff, I checked their points.
One of the things they tell is Keep valid reverse DNS records so I verified mine. Finally I discovered my AAAA record wasn’t correct (anymore?). After correcting this and waiting for DNS propagation, I could finally send messages again to gmail accounts. So I’m a happy penguin again.
Yesterday I discoverd my ipv6 wasn’t working anymore. My outgoing ipv6 connections got blocked when sending a sync so we needed some fixing. I’m really a big wizard in reading iptables but a nerd has to do what a nerd has to do.
Searching on what was going wrong with my ipv6 firewall, I noticed that only the SYN packets passed through the firewall. All responses and other related messages got blocket. While googling around to find more about ip6tables, I arrived back at the tunnelbroker website.
I dicided to check out if I didn’t made any mistakes on the addresses. There wasn’t any but when clicking on “example configuration” I found out there also was an example for openwrt backfire 10.03.1. Horay!
The only issue I had concerned the firewall setting. Earlier I removed the ‘wan’ section from the firewall as it wasn’t needed for ipv4. Missing that section, the command
uci set firewall.@zone.network='wan henet' failed. Adding the wan zone again from
/rom/etc/config/firewall it worked like a charm. Configuring the firewall using the webinterface and testing it using the tunnelbroker tools make me happy again.
Thanks again openwrt and tunnelbroker for the nice work!