11

Today I noticed that Gmail sends all messages received from my server to the Spam folder. I checked message header and found the following:

Authentication-Results: mx.google.com;
       spf=neutral (google.com: 2001:4ba0:cafe:........ is neither permitted nor denied by best guess record for domain of root@myserver.com) smtp.mail=root@myserver.com

So, it looks that Sendmail is sending mail from IP6 adress insrtead of IPv4 and there is no SPF and PTR records for IPv6. How do I force Sendmail to send mail from IPv4?

Thanks.

tfe
  • 127
  • 1
  • 1
  • 6
  • 5
    Since you HAVE v6 connectivity, it'd be better if you could add the reverse lookup and MX record for your v6-compatible mailer. But, that's not what you're asking. – sysadmin1138 Jun 02 '13 at 12:08

6 Answers6

13

In your sendmail.mc add:

CLIENT_OPTIONS(`Family=inet')dnl

Then rebuild sendmail.cf and restart sendmail. In Debian you do this by running >sendmailconfig. In CentOS you run /etc/mail/make followed by service sendmail restart. Other >systems have other ways to do this.

Thanks for posting this, and it definitely got me on the right track. However, I tried this, but it was still not working for me. As a side note, we were getting rejections from Google mail servers because we didn't have a reverse DNS entry for IPv6. This is definitely related to our VPS's configuration, and not our DNS configuration, because the numeric reverse DNS entry has to go to whoever owns the block of IP addresses, and that's my VPS.

Anyway, as far as I can see, there is no way to specifically turn off sendmail using IPv6 as the client. The slightly tricky resolution I came to was to specify the IPv6 options to use an IPv6 compatibility format of an IPv4 address.

e.g. if your IPv4 address is 1.2.3.4, specify:

CLIENT_OPTIONS(`Family=inet6,Addr=::ffff:1.2.3.4')dnl

Worked a charm for me, and as far as I can see, this hasn't been documented anywhere.

Community
  • 1
David
  • 131
  • 1
  • 2
  • Thanks a lot for your answer! It did the trick for me on a server where I had no access to IPv6 PTR and sendmail was stubborn to use it for Gmail. – Luxian Oct 22 '18 at 19:00
  • 1
    If you don't know the IP, or it change, you can simply use : CLIENT_OPTIONS(`Family=inet6,Addr=::ffff:0.0.0.0')dnl it works perfect, try it – YOGO Jun 18 '20 at 15:32
11

Don't disable IPv6. It is not optional anymore and you will not be able to communicate with some people without it.

Instead, fix your SPF record so that it passes mail originating from your IPv6 address.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • 1
    And what if you VPS provider don't want to set the SPF record for IPv6. :( – brodul Sep 09 '13 at 19:36
  • 2
    @brodul What does your VPS provider have to do with your DNS records? – Michael Hampton Sep 09 '13 at 19:37
  • Fixing my SPF record doesn't solve the problem - because I'm forwarding mail to GMail, so my forwarding server will never pass an SPF check. – James Roper Aug 04 '17 at 03:34
  • 4
    Gmail now also requires a working reverse for IPv6 senders. Having a working reverse address is *definitely* out of your hands and up to your server/network provider. – Vladimir Panteleev Jan 23 '18 at 11:56
  • 1
    Are you sure? If iI'm not mistaken, gmail only requires valid SPF record nowadays (and you must train their AI by clicking "Not Spam" a couple of time) – autra Feb 08 '20 at 14:20
  • I can confirm that it was necessary for me to configure reverse DNS for my IPv6 sender before Google would accept it -- even though the SPF was indicating that IPv6 address as valid. So yeah. You either need 100% support for IPv6, or no support for IPv6, if you want to talk to gmail. And even then, if they don't like your IP block, they'll spamfolder you even if recipients click NOT SPAM a couple zillion times. – Chris Nadovich Feb 27 '22 at 19:40
4

In your sendmail.mc add:

CLIENT_OPTIONS(`Family=inet')dnl

Then rebuild sendmail.cf and restart sendmail. In Debian you do this by running sendmailconfig. In CentOS you run /etc/mail/make followed by service sendmail restart. Other systems have other ways to do this.

adamo
  • 6,925
  • 3
  • 30
  • 58
  • 2
    This won't work, neither without giving the address nor with explicitly adding "Addr=0.0.0.0" or the real IPv4 address. Instead use the variant state above: `CLIENT_OPTIONS(\`Family=inet6,Addr=::ffff:0.0.0.0')dnl` – Johann Klasek Dec 28 '20 at 15:54
  • When I commented back in 2013, it worked. Thanks for updating. – adamo Jan 29 '21 at 14:47
  • ```CLIENT_OPTIONS(`Family=inet,Addr=0.0.0.0')dnl``` works for me, ipv6 is disabled now. – Jeremy John Jul 27 '23 at 14:26
1

Only this works:-

CLIENT_OPTIONS(`Family=inet6,Addr=::ffff:0.0.0.0')dnl

which forces sendmail to use your IPv6 when it wants to use inet6

add the above into /etc/mail/sendmail.mc below the existing CLIENT_OPTIONS line

Andrew Schulman
  • 8,811
  • 21
  • 32
  • 47
cnd
  • 169
  • 4
0

All you have to do is

  1. delete the ipv6 localhost/localdomain hostname
  2. Disable IPV6 in networking

Worked for us. Now we only send and receive IPV4 mail. No one blocks IPV4 but IPV6 is a freaking joke. Comcast and most other providers don't have a toold to do RDNS for IPV6 (and that has been an ongoing issue since 2013 ~ 10 years)

David Turner
  • 1
0

Just wanted to share that for me (now in 2018), what worked was specifying filter-aaaa-on-v4 yes; in my local bind's named.conf, per https://kb.isc.org/docs/aa-00576 (except the filter-aaaa-on-v6 directive mentioned there does not exist in my mind). Probably named -4 would have worked as well. This with sendmail and bind on centos7[.5.1804].

With everything else I tried, including the answer here, gmail bounced my mail with the dreaded "this message does not meet IPv6 sending guidelines", because, indeed, I don't have a reverse for my ipv6 address (isp is difficult).

Other things that did not work: define(confBIND_OPTS',-use_inet6') (aka ResolverOptions) in submit.mc and sendmail.mc, per https://lists.debian.org/debian-user/2004/09/msg01410.html. I don't know why not.

Changing /etc/gai.conf (per https://centosfaq.org/centos/etcgaiconf-fails-to-prefer-ipv4-over-ipv6-for-nfs/), presumably because sendmail uses gethostbyname/addr, not getaddrinfo, and gai.conf only affects the latter.

Oh, I did have one other solution: compile sendmail from source and disable v6 at that level. Unfortunately there seems to be no equivalent runtime directive.

karlb
  • 1