• If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Announcement

Collapse
No announcement yet.

Multiple Domains - IPv6 SMTP Routing Issues

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Multiple Domains - IPv6 SMTP Routing Issues

    Hi,

    I recently configured my Axigen 10.1.5 server to work in IPv4 mode and IPv6 mode. Everything works great.

    However, I ran into a problem when I added a second domain. I tried setting up some email routing policies in the advanced tab so that the second domain would use a different IPv4 interface address and a different IPv6 interface address. The reason for this is due to the PTR records that are set up in DNS records.

    When sending email, the log files say ?IPv4 interface address set for domain two,? then subsequently say ?IPv6 interface address set for domain 2.? The problem arises when Axigen then attempts to deliver mail from the IPv6 interface address on my server to the recipient email servers IPv4 address and thus fails. It then tries connecting to the recipient email server's IPv6 address on port 25 and then the connection just hangs.

    I think additional rules need to be added such as STARTTLS and such for the second domain but I?m not sure how to add them properly.

    Any help would be greatly appreciated.

    Thanks in advance!

  • #2
    Hello,

    Please share your smtpFilters.script file (which could be found into the filters sub-directory of the working directory).

    BR,
    Ioan

    Comment


    • #3
      event onConnect {
      set (allowedCountries_0, " ");
      set (bannedCountries_0, "");
      set (isGeoIPBanned_0, "%isGeoIPBanned%");
      set (GeoIPResult_0, "%GeoIPResult%");
      call (WA_Acceptance_basic_banner);
      call (smtpbanner1);
      call (smtpbanner2);
      call (smtpbanner1v6);
      call (smtpbanner2v6);
      }

      event onEhlo {
      call (WA_Routing_basic_delivery);
      call (WA_Greylisting);
      call (WA_Acceptance_basic);
      call (checkSPF);
      call (WA_AntiSpam_SPF_OnEhlo_Fail);
      call (WA_AntiSpam_SPF_OnEhlo_Err);
      call (WA_AntiSpam_SPF_OnEhlo_None);
      call (wizard_generated_relay);
      }

      event onMailFrom {
      call (checkSPF);
      call (WA_AntiSpam_SPF_Fail);
      call (WA_AntiSpam_SPF_Err);
      call (WA_AntiSpam_SPF_None);
      call (Exceptions_Greylisting);
      call (Exceptions_SPF);
      }

      event onRcptTo {
      }

      event onHeadersReceived {
      }

      event onBodyChunk {
      }

      event onDataReceived {
      call (Check_DomainKeys_and_DKIM);
      }

      event onRelay {
      call (WA_Routing_basic);
      call (smtprelay2);
      }

      event onDeliveryFailure {
      }

      event onTemporaryDeliveryFailure {
      }

      event onProcessing {
      call (DomainSign-korkbrewhaus_com);
      call (DomainSign-cotekolpinwedding_com);
      }

      method WA_Acceptance_basic_banner {
      }

      method WA_GeoIP {
      if (
      anyOf (
      isCase (isGeoIPBanned_0, "no")
      )
      ) {
      }
      }

      method smtpbanner1 {
      if (
      anyOf (
      ipRange (smtpIP, "X.X.X.1-X.X.X.1")
      )
      ) {
      set (smtpGreeting, "mail.korkbrewhaus.com");
      }
      }

      method smtpbanner2 {
      if (
      anyOf (
      ipRange (smtpIP, "X.X.X.2-X.X.X.2")
      )
      ) {
      set (smtpGreeting, "mail.cotekolpinwedding.com");
      }
      }

      method smtpbanner1v6 {
      if (
      anyOf (
      ipRange (smtpIP, "2001:X:X:X:X:X:X:1-2001:X:X:X:X:X:X:1")
      )
      ) {
      set (smtpGreeting, "mail.korkbrewhaus.com");
      }
      }

      method smtpbanner2v6 {
      if (
      anyOf (
      ipRange (smtpIP, "2001:X:X:X:X:X:X:2-2001:X:X:X:X:X:X:2")
      )
      ) {
      set (smtpGreeting, "mail.cotekolpinwedding.com");
      }
      }

      method WA_Routing_basic_delivery {
      set (remoteDelivery, "auth");
      }

      method WA_Greylisting {
      set (activateGreylisting, "yes");
      }

      method WA_Acceptance_basic {
      set (maxDataSize, "10240");
      set (maxReceivedHeaders, "30");
      set (maxRcptCount, "1000");
      set (waitProcessingTimeout, "10");
      set (allowStartTLS, "yes");
      set (allow8bitMime, "yes");
      set (allowBinaryData, "yes");
      set (allowPipelining, "yes");
      set (localDelivery, "all");
      }

      method WA_AntiSpam_SPF_OnEhlo_Fail {
      if (
      anyOf (
      isCase (SPFResult, "fail")
      )
      ) {
      set (smtpAction, "reject");
      set (smtpExplanation, "SPF check failed for <%ehloHost%> with result <%SPFResult%>: <%SPFExplanation%>");
      }
      }

      method WA_AntiSpam_SPF_OnEhlo_Err {
      if (
      anyOf (
      isCase (SPFResult, "temperror"),
      isCase (SPFResult, "permerror")
      )
      ) {
      }
      }

      method WA_AntiSpam_SPF_OnEhlo_None {
      if (
      anyOf (
      isCase (SPFResult, "none")
      )
      ) {
      }
      }

      method wizard_generated_relay {
      if (
      anyOf (
      ipRange (remoteSmtpIp, "X.X.X.1/255.255.255.248"),
      ipRange (remoteSmtpIp, "127.0.0.1/255.0.0.0")
      )
      ) {
      set (remoteDelivery, "all");
      }
      }

      method WA_AntiSpam_SPF_Fail {
      if (
      anyOf (
      isCase (SPFResult, "fail")
      )
      ) {
      set (smtpAction, "reject");
      set (smtpExplanation, "SPF check failed for <%ehloHost%> with result <%SPFResult%>: <%SPFExplanation%>");
      }
      }

      method WA_AntiSpam_SPF_Err {
      if (
      anyOf (
      isCase (SPFResult, "temperror"),
      isCase (SPFResult, "permerror")
      )
      ) {
      }
      }

      method WA_AntiSpam_SPF_None {
      if (
      anyOf (
      isCase (SPFResult, "none")
      )
      ) {
      }
      }

      method WA_DNS_Checks_RDNS {
      if (
      anyOf (
      isCase (ReverseDNSResult, "neutral"),
      isCase (ReverseDNSResult, "fail")
      )
      ) {
      set (smtpAction, "reject");
      set (smtpExplanation, "Reverse DNS check failed for <%ehloHost%> connected from <%remoteSmtpIp%>");
      }
      }

      method WA_DNS_Checks_MX {
      if (
      anyOf (
      isCase (SenderMXCheckResult, "fail")
      )
      ) {
      set (smtpAction, "reject");
      set (smtpExplanation, "Sender domain <%mailFromDomain%> has no DNS MX entry");
      }
      }

      method Exceptions_Greylisting {
      if (
      anyOf (
      ipRange (remoteSmtpIP, "127.0.0.1-127.0.0.1"),
      isCase (mailFromDomain, "gmail.com"),
      isCase (mailFromDomain, "yahoo.com")
      )
      ) {
      set (activateGreylisting, "no");
      }
      }

      method Exceptions_SPF {
      if (
      anyOf (
      isCase (mailFromDomain, "domain1.tld"),
      isCase (mailFromDomain, "domain2.tld")
      )
      ) {
      set (smtpAction, "accept");
      set (smtpExplanation, "Accepted due to requested SPF exception");
      }
      }

      method Check_DomainKeys_and_DKIM {
      call (checkDomainKeys);
      call (checkDKIM);
      }

      method WA_Routing_basic {
      set (sslEnabled, "no");
      set (localInterface, "0.0.0.0");
      set (allowStartTLS, "yes");
      set (allowedSSLVersions, "ssl3 tls1 tls11 tls12 ");
      }

      method smtprelay2 {
      if (
      allOf (
      isCase (mailFromDomain, "cotekolpinwedding.com")
      )
      ) {
      set (localInterface, "X.X.X.2");
      set (allowStartTLS, "yes");
      }
      }

      method DomainSign-korkbrewhaus_com {
      if (
      allOf (
      isCase (mailFromDomain, "korkbrewhaus.com"),
      not (
      is (authUser, "")
      )
      )
      ) {
      set (DKSignerSelector, "2016");
      set (DKIMSignerSelector, "2016");
      set (DKSignerKey, "/var/opt/axigen/dkim.privkey.korkbrewhaus_com.pem");
      set (DKIMSignerKey, "/var/opt/axigen/dkim.privkey.korkbrewhaus_com.pem");
      call (signDomainKeys);
      call (signDKIM);
      }
      }

      method DomainSign-cotekolpinwedding_com {
      if (
      allOf (
      isCase (mailFromDomain, "cotekolpinwedding.com"),
      not (
      is (authUser, "")
      )
      )
      ) {
      set (DKSignerSelector, "2018");
      set (DKIMSignerSelector, "2018");
      set (DKSignerKey, "/var/opt/axigen/dkim.privkey.cotekolpinwedding_com.pem");
      set (DKIMSignerKey, "/var/opt/axigen/dkim.privkey.cotekolpinwedding_com.pem");
      call (signDomainKeys);
      call (signDKIM);
      }
      }

      event onConnect {
      set (allowedCountries_0, " ");
      set (bannedCountries_0, "");
      set (isGeoIPBanned_0, "%isGeoIPBanned%");
      set (GeoIPResult_0, "%GeoIPResult%");
      call (WA_Acceptance_basic_banner);
      }

      event onEhlo {
      call (WA_Greylisting);
      call (WA_Acceptance_basic);
      }

      event onMailFrom {
      call (checkSPF);
      call (WA_AntiSpam_SPF_Fail);
      call (WA_AntiSpam_SPF_Err);
      call (WA_AntiSpam_SPF_None);
      call (Exceptions_Greylisting);
      call (Exceptions_SPF);
      }

      event onRcptTo {
      }

      event onHeadersReceived {
      }

      event onBodyChunk {
      }

      event onDataReceived {
      call (Check_DomainKeys_and_DKIM);
      }

      event onRelay {
      }

      event onDeliveryFailure {
      }

      event onTemporaryDeliveryFailure {
      }

      event onProcessing {
      }

      method WA_GeoIP {
      if (
      anyOf (
      isCase (isGeoIPBanned_0, "no")
      )
      ) {
      }
      }

      method WA_Acceptance_basic_banner {
      }

      method WA_AntiSpam_SPF_Fail {
      if (
      anyOf (
      isCase (SPFResult, "fail")
      )
      ) {
      set (smtpAction, "reject");
      set (smtpExplanation, "SPF check failed for <%ehloHost%> with result <%SPFResult%>: <%SPFExplanation%>");
      }
      }

      method WA_AntiSpam_SPF_Err {
      if (
      anyOf (
      isCase (SPFResult, "temperror"),
      isCase (SPFResult, "permerror")
      )
      ) {
      }
      }

      method WA_AntiSpam_SPF_None {
      if (
      anyOf (
      isCase (SPFResult, "none")
      )
      ) {
      }
      }

      method WA_AntiSpam_SPF_OnEhlo_Fail {
      if (
      anyOf (
      isCase (SPFResult, "fail")
      )
      ) {
      set (smtpAction, "reject");
      set (smtpExplanation, "SPF check failed for <%ehloHost%> with result <%SPFResult%>: <%SPFExplanation%>");
      }
      }

      method WA_AntiSpam_SPF_OnEhlo_Err {
      if (
      anyOf (
      isCase (SPFResult, "temperror"),
      isCase (SPFResult, "permerror")
      )
      ) {
      }
      }

      method WA_AntiSpam_SPF_OnEhlo_None {
      if (
      anyOf (
      isCase (SPFResult, "none")
      )
      ) {
      }
      }

      method WA_Greylisting {
      set (activateGreylisting, "yes");
      }

      method WA_Acceptance_basic {
      set (maxDataSize, "10240");
      set (maxReceivedHeaders, "30");
      set (maxRcptCount, "1000");
      set (waitProcessingTimeout, "10");
      set (allowStartTLS, "yes");
      set (allow8bitMime, "yes");
      set (allowBinaryData, "yes");
      set (allowPipelining, "yes");
      set (localDelivery, "all");
      }

      method WA_DNS_Checks_RDNS {
      if (
      anyOf (
      isCase (ReverseDNSResult, "neutral"),
      isCase (ReverseDNSResult, "fail")
      )
      ) {
      set (smtpAction, "reject");
      set (smtpExplanation, "Reverse DNS check failed for <%ehloHost%> connected from <%remoteSmtpIp%>");
      }
      }

      method WA_DNS_Checks_MX {
      if (
      anyOf (
      isCase (SenderMXCheckResult, "fail")
      )
      ) {
      set (smtpAction, "reject");
      set (smtpExplanation, "Sender domain <%mailFromDomain%> has no DNS MX entry");
      }
      }

      method Exceptions_Greylisting {
      if (
      anyOf (
      ipRange (remoteSmtpIP, "127.0.0.1-127.0.0.1"),
      isCase (mailFromDomain, "gmail.com"),
      isCase (mailFromDomain, "yahoo.com")
      )
      ) {
      set (activateGreylisting, "no");
      }
      }

      method Exceptions_SPF {
      if (
      anyOf (
      isCase (mailFromDomain, "domain1.tld"),
      isCase (mailFromDomain, "domain2.tld")
      )
      ) {
      set (smtpAction, "accept");
      set (smtpExplanation, "Accepted due to requested SPF exception");
      }
      }

      method Check_DomainKeys_and_DKIM {
      call (checkDomainKeys);
      call (checkDKIM);
      }

      Comment


      • #4
        Hello,

        Could you confirm if both IPv4 and IPv6 addresses intended to be used for domain2 are sharing the same network interface?

        Basically, by using the action set (localInterface, "X.X.X.2") you are configuring Axigen to select the network interface on which address X.X.X.2 is defined and use it when initiating the SMTP-OUT session.

        If you still are facing problems, could you share a fresh Axigen log (please set before DNR, PROCESSING and SMTP-OUT log level to Protocol Communication) in order to be checked by our dev team?

        BR,
        Ioan

        Comment

        Working...
        X