Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
IPV6 and SPF
589 views
Skip to first unread message
David Mehler
Oct 18, 2012, 4:21:31 AM10/18/12
to
Hello,
Does anyone publish SPF records for IPV6 in DNS? The reason I ask is
my mail server has both an IPV4 and an IPV6 address and when
connecting to it via webmail that goes to localhost, it seems as if
the outgoing connection is either IPV4 or IPV6 depending on whether
that localhost connection got the v4 or v6 address first. I've got an
IPV4 SPF record which works fine and validates. On the IPV6 side that
one doesn't and when reading headers it says so. I'd like to fix this.
Thanks.
Dave.
Does anyone publish SPF records for IPV6 in DNS? The reason I ask is
my mail server has both an IPV4 and an IPV6 address and when
connecting to it via webmail that goes to localhost, it seems as if
the outgoing connection is either IPV4 or IPV6 depending on whether
that localhost connection got the v4 or v6 address first. I've got an
IPV4 SPF record which works fine and validates. On the IPV6 side that
one doesn't and when reading headers it says so. I'd like to fix this.
Thanks.
Dave.
Nick Rosier
Oct 18, 2012, 5:20:32 AM10/18/12
to
bunbun.be. 86400 IN SPF "v=spf1 a mx ptr
ip6:xxxx:xxxx:xxxx/64 -all"
Haven't noticed any problems.
N.
DTNX Postmaster
Oct 18, 2012, 7:36:15 AM10/18/12
to
is set up correctly for both your IPv4 and IPv6 addresses.
From the example above;
==
$ dig +short mx bunbun.be
1000 mx.fakemx.net.
1 mail.rkfomh.net.
$ host mail.rkfomh.net
mail.rkfomh.net has address 87.98.252.31
mail.rkfomh.net has IPv6 address 2001:41d0:1:c831::1:1
==
If that's the IPv6 address Postfix uses to send mail, the simplest form
of SPF record would be;
"v=spf1 mx -all"
Provided it's the only source of mail for this domain etc.
David, please provide some data that documents your problem; what is
your SPF record, what are the headers that you are reading, and so on?
Nick, please validate your SPF record, because the published one for
that domain results in a Permerror.
Cya,
Jona
Nick Rosier
Oct 18, 2012, 8:01:47 AM10/18/12
to
It's not the only possible source of mail so I am/was playing safe.
David, please provide some data that documents your problem; what is your SPF record, what are the headers that you are reading, and so on? Nick, please validate your SPF record, because the published one for that domain results in a Permerror.
Can you indicate how to specify an IPv6 subnet? Not sure if I need it
but I have some other hosts which can send mail.
N.
N.
DTNX Postmaster
Oct 18, 2012, 9:05:25 AM10/18/12
to
that 'bunbun.be' seems to have no A record available;
"v=spf1 ip6:2001:41d0:1:c831::/64 mx ptr -all"
Note the double colon before the /64. The 'ip6' statement is listed
first because if that results in a 'Pass', no lookups are done for the
'mx' or 'ptr', IIRC.
I would suggest always validating your SPF record whenever you make a
change, especially with more complex setups, using a website like this
for example;
http://www.kitterman.com/spf/validate.html
Cya,
Jona
0 new messages