Gmail - ipv6. Anyone else with this experience?

avatar1024

I've also hit this on three of my servers! I've set-up the PTR record for the IPv6 (hopefully correctly) and waiting for it to propagate...let's hope it works.

girish

You don't have to configure anything in Cloudron as such. The PTR setup is completely in your VPS provider. Set it to the mail server name (just like IPv4). I have added the IPv6 RDNS check now for next release.

avatar1024

For one of my domain, even though the DNS has propagated and checks all fine on https://www.whatsmydns.net/#PTR and https://toolbox.googleapps.com/apps/dig/#PTR/ I'm still getting the bounce error....damn google!

On two other domains it now works well

andreasdueren

@avatar1024 Are the IPv6 reported by google and the one issued by your provider the same?

avatar1024

@andreasdueren As far as I can tell yes.

avatar1024

Also I spoke a bit too quickly I'm actually getting delivery issues on all domains, just on two of them, the emails do end up delivering after a couple of retry by the mail server (the retries are still because of the PTR record), whereas on the third one it's just a straight bounce.

andreasdueren

@avatar1024 I'd encourage you to double check. The IP without the 2 at the end is my actual IPv6. But google kept complaining that the one with the two didn't match. So I set a PTR record for it as well and now things seem to be fine.

Screenshot 2025-01-09 at 12.38.02.png

avatar1024

What I did is take the IPv6 google wrote in the bounce error message and added the mail serve name against that.

avatar1024

So the IP is much longer than yours:

As you can tell, I probably do not understand IPv6 very well...

From my provider my server IPv6 seem to be:

So a bit like yours and something much shorter that what Google write in the bounce error message. Bur I thought this was normal as elsewhere in the provider settings page for my server it says:

So putting top and bottom address together I get the long IP google is writing in the error message.

andreasdueren

Just to clarify: take the IPv6 that is written in the google mail and compare it to the PTR record. Are they identical?

avatar1024

@andreasdueren said in Gmail - ipv6. Anyone else with this experience?:

Just to clarify: take the IPv6 that is written in the google mail and compare it to the PTR record. Are they identical?

Yes they are!

avatar1024

I've now also set a PTR record against the short IPv6, it has propagated but I'm still getting the straight bounce.

avatar1024

@avatar1024 said in Gmail - ipv6. Anyone else with this experience?:

on two of them, the emails do end up delivering after a couple of retry by the mail server (the retries are still because of the PTR record)

Actually in some rare case, the server retries indefinitely and emails are never delivered. From the email event log:

Delivery failure. Will retry in Xs. Upstream error: 421 4.7.23 [2a03:xxxx:xx:xxx:xxxx:7fff:fe49:51af] The IP address sending this 4.7.23 message does not have a PTR record, or the corresponding forward DNS 4.7.23 entry does not match the sending IP. To protect our users from spam, 4.7.23 mail has been temporarily rate limited. To learn more about IP 4.7.23 address requirements for sending to Gmail, visit 4.7.23 https://support.google.com/a?p=sender-guidelines-ip 4.7.23 To learn more about Gmail requirements for bulk senders, visit 4.7.23 https://support.google.com/a?p=sender-guidelines. 4fb4d7f45d1cf-5d807030e25si25472762a12.537 - gsmtp",

Using the exact IPv6 in the error message on https://toolbox.googleapps.com/apps/dig/#PTR/ gives the correct PTR.

avatar1024

Until this is solved, is it possible to disable IPv6 completely from the mail service? This is affecting basically all of my servers.

joseph

You can just disable ipv6 on the server. It's the OS that decides IPv4/IPv6 for outbound connections. For example, sysctl -w net.ipv6.conf.ens18.disable_ipv6=1 (replace ens18) for specific interface.

avatar1024

@joseph Brill, that works, thank you!! All messages are now going through

Is there any big drawbacks in disabling IPv6? Also since it only happens with Gmail, is there a way to tell the system with IPv6 to only use IPv4 for google MX?

joseph

Can't think of a drawback of disabling IPv6 on the server. You should disable IPv6 on Cloudron side if this got auto-enabled Network -> IPv6 -> Diable. This way it won't configure AAAA records. You will have issues when installing new apps otherwise.

avatar1024

Right so we have a bunch of similar topics referencing the same problem.

Should they all be merged and/or marked as solved?

The solution is provided by @girish (here) and @jdaviescoates (here) which I'll compile and summarise here again:

Activate IPv6 on Cloudron via going to Network > IPv6 > Configure > Public IP
Check your IPv6 address either via reading the IPv6 address detected by Cloudron when doing 1. or via running curl https://ipv6.api.cloudron.io/api/v1/helper/public_ip on your server (via ssh).
Set an IPv6 PTR record on your VPS/server provider (not your domain provider) for the above IPv6 address. The next Cloudron release will implement a check on IPv6 PTR record like it currently does for IPv4.
If using Wildcard DNS then create a * AAAA record for the above IPv6 address.
If things still don't work, you can go to Cloudron -> Domains -> hit Sync DNS

If your VPS provider does not allow you to set IPv6 PTR, then disable IPv6 that way:

disable IPv6 in Cloudron (Network -> IPv6 -> Disable)
on your server via ssh run sysctl -w net.ipv6.conf.ens18.disable_ipv6=1 (replacing ens18 for your specific network interface, in my case eth0)
make it persistent by adding net.ipv6.conf.ens18.disable_ipv6=1 to /etc/sysctl.conf (replacing ens18 for your specific network interface, in my case eth0)

Update: I personally still faced issues with Gmail using IPv6 so I ended up disabling it persistently.

Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.

Cloudron Forum

Gmail - ipv6. Anyone else with this experience?