4

I'm trying to send email to a domain that has two MX records. The higher priority record is IPv4 and the 2nd is IPv6.

Exchange gives me a delivery is delayed message in my inbox after I've tried to send the email.

A look at the connectivity logs shows

Established connection to XXXXX (the correct IPv4 IP)
Failed connection to XXXX (the correct IPv6 IP)
Retry

Despite establishing the connection to the IPv4 address it doesn't start the message delivery. If I send the email via telnet from the transport server to the IPv4 address it is successful.

With other domains it would just deliver the email over the IPv4 IP. I'm sending to many other domains with a similar MX configuration without a problem.

My firewall is an ASA and my public IPs are IPv4. The transport server is Win 2008 x64.

kasperd
  • 30,455
  • 17
  • 76
  • 124
PHLiGHT
  • 1,041
  • 11
  • 25
  • Maybe the other machine has greylisting in action? – Marc Stürmer Aug 12 '14 at 19:42
  • 1
    Two things come to mind...first is "Use the External DNS Lookup on the transport server” checked on the Send Connector? Second, is ipv6 disabled on your Exchange 2007 server or enabled? I ask because it sounds like IPv6 is enabled and will take precedence over an IPv4 connection in Exchange if it's available. You can create a specific send connector for this IPv4 address and domain if you wish and that would work too and prove the issue. – TheCleaner Aug 12 '14 at 21:17
  • Wouldn't it be better to have just one MX record and point to a host which has IPv4 + IPv6? This sounds like an off configuration. – MichelZ Aug 13 '14 at 05:30
  • I reviewed the mx records for the domain in question. I see that the IPv6 and IPv4 both have a priority of 5. I don't have much of an understanding of IPv6. My ISP has only given me IPv4 addresses. How would my IPv4 public addresses connect to a IPv6 SMTP server? – PHLiGHT Aug 15 '14 at 13:17
  • 2
    That leads to the question: If you don't have IPv6, why does your Exchange server think you do? Has IPv6 been _partially_ configured on your network? – Michael Hampton Aug 15 '14 at 19:39
  • My DNS server is a Windows 2008 r2 server with IPv6 enabled. If I only have IPv4 IPs from my ISP should I be disabling AAAA records on my DNS server? – PHLiGHT Aug 18 '14 at 20:22
  • No, you shouldn't disable recursion on AAAA. That said, please dont create AAAA records for hosts that dont have IPv6 addresses..... – Joe Sniderman Aug 28 '14 at 13:39
  • @JoeSniderman It doesn't sound like that is the case here. The receiving server has an AAAA record, the sending server is IPv4 only. – kasperd Aug 28 '14 at 16:03
  • @MichelZ I don't see a problem with the primary MX being IPv4 only. If the administrator of the domain is worried about IPv6 breaking delivery, then setting the primary MX to be IPv4 only is the approach which would best minimize risk. – kasperd Aug 28 '14 at 16:06
  • @kasperd Except the IPv4 only MX isnt so much the primary as it has an equal priority to the IPv6 only MX. IMHO a single dualstacked MX would be "better" – Joe Sniderman Aug 28 '14 at 16:09
  • @MichaelHampton That is a valid point. It may turn out that it is trying IPv6 because it is trying to access a hostname, which is IPv6 only. Had the MX record pointed to a dual stack hostname, it might only have tried IPv4. – kasperd Aug 28 '14 at 16:11
  • @JoeSniderman Conflicting information. The question says the IPv4 hostname has higher priority, one of the comments says they have equal priority. Creating two separate MX records may still be due to worry that there exist some clients, which will only try one IP address per MX record. – kasperd Aug 28 '14 at 16:15
  • 1
    @PHLiGHT I don't think your problem is related to IPv6 connectivity. I think your problem is related to the IPv4 communication between you and that server. You need to look at a packet capture to see what is the difference between the failed attempt to deliver over IPv4 by the mail server and the successful attempt at doing the same with telnet. – kasperd Aug 28 '14 at 16:17
  • @kasperd My understanding of the comment that the MXen had the same priority was that the OP noticed this fact after initially posting the question with erroneous information that the v4-only MX was primary – Joe Sniderman Aug 28 '14 at 16:18
  • Start Wireshark, capture the packets from both IPv4/IPv6 address and discover what's happening :) – gtirloni Aug 28 '14 at 18:04
  • See if changing the IPv4/IPv6 preference works: http://support.microsoft.com/kb/929852 – gtirloni Aug 28 '14 at 18:09
  • Since telnet works after a failure does the retry work? – Jim B Aug 28 '14 at 18:10
  • 1
    I would not recommend changing the v4/v6 preference since you already show that you are trying v4 first. There are VERY few circumstances that will be solved by changing that and this should not have that effect. – Jim B Aug 28 '14 at 18:14
  • You don't want to use separate IP stacks for your MX. Please provide some insight into how you've set up the MX records. – Tim Armstrong-Ooi Aug 30 '14 at 00:17
  • @TimArmstrong-Ooi These aren't my MX records. They are for a domain I'm trying to send to. – PHLiGHT Sep 04 '14 at 12:44
  • @PHLiGHT You could try setting your exchange to IPv4 only as a test. It could be that either their IPv6 (or your IPv6) isn't set up correctly. – Tim Armstrong-Ooi Sep 04 '14 at 18:29

0 Answers0