Hi,
since around 13:00 UTC today all of the sudden we see massive rejects of mails towards Google when delivering on IPv6Jun 9 15:12:07 lxmhs52 postfix-postout/smtp[50664]: 3rQQgp3VQTzyWn: to=<x...@gmail.com>, relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b]:25, delay=0.7, delays=0.01/0/0.16 /0.53, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b] said: 550-5.7.1 This message does not have authentication information or fails to pass 550-5.7.1 authentication checks. To best protect our users from spam, the 550-5.7.1 message has been blocked. Please visit 550-5.7.1 https://support.google.com/mail/answer/81126#authentication for m ore 550 5.7.1 information. d7si7802319wjc.145 - gsmtp (in reply to end of DATA command)) Header-From and Envelope-From are aligned, the sending domain does not have any DKIM/SPF/DMARC published. We're working on DKIM, but this is not rolled out for all domains yet. The hosts in question do have proper FCrDNS, i.e. http://multirbl.valli.org/fcrdns-test/2001%3A4ca0%3A0%3A103%3A%3A81bb%3Af f89.html Anyone seeing the same? From outside it looks like Google has implemented the "all mail delivered over IPv6 has to be DKIM/SPF authenticated" previously done by Microsoft, but without the softfail.
FWIW: we deliver via IPv6 to Google, and we are currently not affected. We don't yet use DKIM, but we do have an SPF record that advertises both our IPv4 and our IPv6 subnets. Of course I don't know if that's the reason our mails are accepted.
Cheers Sebastian -- Sebastian Hagedorn - Postmaster - Weyertal 121, Zimmer 2.02 Regionales Rechenzentrum (RRZK) Universität zu Köln / Cologne University - Tel. +49-221-470-89578
pgpiY09z_WZZe.pgp
Description: PGP signature
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
