On 10/8/2013 6:26 AM, Wietse Venema wrote: > Wietse Venema: >> postfix: >>> Mail from our system wasn't accepted oftentimes by Google either. >>> I discovered the following solution: Our mail server has got two IPv6 >>> addresses in the open Internet, one is specific, the other one >>> automatically created. The first one was in the DNS, the second one not. >>> I noticed that many times messages where sent using the automatically >>> generated IPv6 address, which were the mails Google rejected. Since I >>> introduced the automatically generated IPv6 address into the DNS, Google >>> accepts all mail from our server. >> >> Solutions other than turning off IPv6 autoconfiguration on servers: > > That remains my preferred solution, but it may not be possible if > you don't control the infrastructure. > >> - Specify all Postfix IP addresses in main.cf:inet_interfaces. >> >> /etc/postfix/main.cf: >> inet_interfaces = 1.2.3.4 127.0.0.1 1:2:3:4:5:6:7:8 ::1 > > That example is wrong. inet_interfaces does not restrict the SMTP > client IP address when there more than one. > >> - Specify the Postfix IPv6 address in master.cf: >> >> /etc/postfix/master.cf: >> relay ... smtp -o smtp_bind_address6=1:2:3:4:5:6:7:8 >> smtp ... smtp -o smtp_bind_address6=1:2:3:4:5:6:7:8 > > That example is good. It uses master.cf instead of main.cf, to avoid > conflicts with content filters. > > Wietse >
This sounds an awful lot like privacy extensions are enabled for the interface. If you disable privacy extensions, even with stateless autoconfiguration enabled, the address should be the same unless the MAC changes on the nic. Since this is a server privacy extensions should be disabled. cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr use_tempaddr - INTEGER Preference for Privacy Extensions (RFC3041). <= 0 : disable Privacy Extensions == 1 : enable Privacy Extensions, but prefer public addresses over temporary addresses. > 1 : enable Privacy Extensions and prefer temporary addresses over public addresses. Default: 0 (for most devices) -1 (for point-to-point devices and loopback devices) -Erinn
signature.asc
Description: OpenPGP digital signature