Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 1296 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[9.004-34] Email Protection and 6to4 support outbound?

rsc
I have set up 6to4 on our UTM 9.004-34 to test IPV6.

Inbound mail connections are now IPv6 capable, but outbound mail connections always use IPv4 even if the destination has IPv6 capable mail servers.

Here is an example sending mail from UTM with 6to4 enabled to a freenet.de Email address:

exim-out[25074]: 2012-12-26 13:02:31 1Tnpgs-0006WO-9M => ***@freenet.de P= R=dnslookup T=remote_smtp H=mx.freenet.de [195.4.92.9]:25 X=TLSv1:AES256-SHA:256 C="250 OK id=1Tnpgs-00087d-Vl"
exim-out[25074]: 2012-12-26 13:02:31 1Tnpgs-0006WO-9M Completed 

Thought freenet.de offers IPv& on their mailservers:

# dig freenet.de MX +short
1 mx.freenet.de.

# dig mx.freenet.de AAAA +short
2001:748:100:40::8:112
2001:748:100:40::8:110
2001:748:100:40::8:111


Is it possible to send via SMTP using 6to4?


This thread was automatically locked due to age.
  • 0
    I have found the reason in the meanwhile:

    exim on UTM 9 is configured to prefer IPv4 over IPv6.

    To send outbound mail over IPv6 you have to edit exim.conf.


    vi /var/storage/chroot-smtp/etc/exim.conf

    # search for the following line:
    prefer_ipv4 = IPV6_PREFER_IPV4

    # and replace with:
    prefer_ipv4 = false


    After restarting mail security, exim sends out mail to IPv6 capable MXs like gmail.com, frenet.de over IPv6[H]

    Of course this is not officially supported and changes will be lost with any update to the exim RPM package.
    I hope a guy from Astaro/Sophos reads this and addresses this improvement to the developpers [;)]
  • 0 in reply to rsc
    Might be a good idea for you to post this over on the Feature site (it does get checked regularly by Sophos folks)... UTM (Formerly ASG) Feature Requests: Hot (1148 ideas)

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Unfiltered HTML