Spring naar het artikel
beantwoord

IPV6 SMTP server of telfort (smtp.telfortglasvezel.nl)

  • 24 oktober 2018
  • 21 reacties
  • 791 keer bekeken
O
Reputatie 1
Dear MAdam/Sir,

The default SMTP server of telfort relay=smtp.telfortglasvezel.nl is not having a PTR reverse DNS when checking with IPV6.

Therefore most of the e-mails I am sending from my private domains end-up in SPAM folder for gmail.

Can this be added?

Best regards,
Octavian

PS. 1. More details from auth-results@verifier.port25.com
----------------------------------------------------------
"iprev" check details:
----------------------------------------------------------
Result: fail (reverse lookup failed (NXDOMAIN))
ID(s) verified: policy.iprev="2001:838:2:1::30:127"

DNS record(s):
7.2.1.0.0.3.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.0.0.0.8.3.8.0.1.0.0.2.ip6.arpa. PTR (NXDOMAIN)


  1. I have a SPF,DKIM and DMARC set-up correctly but still due to missing PTR the mail is most of the time in the SPAM folder of the receiver.
icon

Beste antwoord door Natasja - Telfort 23 november 2018, 09:59

Hi @octavsly, can you let me know if the advice of @RS2000 to use OpenSSL has resolved the issue? Our SMTP experts told me that the issue between our outgoing smtp.telfortglasvezel.nl and Google has been resolved. However, please note that we have removed the AAAA records and that we don't support IPv6 yet (like @Kees-Jan mentioned earlier on), since abuse from IPv6 addresses is not properly captured. PTR entries are still there.
Bekijk reactie

21 reacties

O
Reputatie 1
code:
----------------------------------------------------------
"iprev" check details:
----------------------------------------------------------
Result:         fail (no matching DNS records found)
ID(s) verified: policy.iprev="2001:838:2:1::30:127"

DNS record(s):
    7.2.1.0.0.3.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.0.0.0.8.3.8.0.1.0.0.2.ip6.arpa. 60 IN PTR smtp-3.concepts.nl.
    smtp-3.concepts.nl. AAAA (no records)
O
Reputatie 1
code:
host -avt AAAA smtp-3.concepts.nl
Trying "smtp-3.concepts.nl"
;; HEADER opcode: QUERY, status: NOERROR, id: 31659
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;smtp-3.concepts.nl.           IN     AAAA

;; AUTHORITY SECTION:
concepts.nl.           3571   IN     SOA    ns1.concepts-ict.nl. postmaster.concepts.nl. 2018101502 21600 3600 604800 86400
Natasja - Telfort
Rank
Reputatie 6
Badge +9
Dear Octavian. Welcome to our Forum. Sorry to hear you're experiencing an email related issue. We are aware of the issues between the servers smtp.telfortglasvezel.nl/smtp.concepts.nl and Google and working to resolve this, but this is rather complicated. Unfortunately, Google marks e-mail sent from those outgoing SMTP servers as 'spam'. A faster solution is to use the smtp.telfort.nl sever in your email clients.

You could also consider using SPF or DKIM. SPF is an email-authentication technique which is used to prevent spammers from sending messages on behalf of your domain. DKIM is a digital signature which allows senders to associate a domain name with an email message, thus vouching for its authenticity.

Please let me know if you have any further questions 🙂.
Stuur je een privébericht? Dan ontvang je binnen 3 werkdagen een reactie.
O
Reputatie 1
I have started using DKIM, SPF and DMARC this week. Does not seem to make a difference yet.

So, should I change the relay from smtp.telfortglasvezel.nl to smtp.telfort.nl?

Best regards,
Octavian
Kees-Jan
Rank
Reputatie 8
Badge +17
All servers in the Telfort network are still IPv4 based. Telfort doesn't support IPv6 for their client network and probably not for their server network either...

Discussion for IPv6 support is already many years to find on this forum.

Full IPv6 support isn't here @ Telfort (yet); mayby experimental, but no support for customers...
Natasja - Telfort
Rank
Reputatie 6
Badge +9
I have started using DKIM, SPF and DMARC this week. Does not seem to make a difference yet.

So, should I change the relay from smtp.telfortglasvezel.nl to smtp.telfort.nl?

Best regards,
Octavian

Sorry to read using SPF and DKIM doesn't make a difference. In that case, I'd advise you to change the relay from smtp.telfortglasvezel.nl to smtp.telfort.nl. That should do the trick 🙂.
Stuur je een privébericht? Dan ontvang je binnen 3 werkdagen een reactie.
Natasja - Telfort
Rank
Reputatie 6
Badge +9
Hi Octavian, since I haven't received a reply anymore, I expect changing the relay from smtp.telfortglasvezel.nl to smtp.telfort.nl has done the trick. If you have any further questions, please feel free to contact us again.
Stuur je een privébericht? Dan ontvang je binnen 3 werkdagen een reactie.
O
Reputatie 1
code:
Nov 11 08:50:26 weurope postfix/smtp: 827861C5A5108: to=octavsly@gmail.com, relay=none, delay=30, delays=0.12/0.03/30/0, dsn=4.4.1, status=deferred (connect to smtp.telfort.nlundefined.75.63.9]:25: Connection timed out)



It appears that I cannot connect to port 25 of that server....
Source address is 128.127.40.94

code:
telnet smtp.telfort.nl 25
Trying 213.75.63.9...
telnet: connect to address 213.75.63.9: Connection timed out
Alexandra - Telfort
Rank
Reputatie 8
Badge +9
Hi Octavian, thanks for your reply, I'm sorry to hear it didn't work out yet by changing the relay. Are you experiencing the same problem with smtp.telfort.nl or isn't it working at all with those settings? You may want to take a look at this topic on the KPN forum, the topic is in Dutch, but the links to information about DKIM, SPF and DMARC are in English. They may be helpfull 🙂
Stuur je een privébericht? Dan ontvang je binnen 3 werkdagen een reactie.
R
Reputatie 2
When I switched from using smtp.telfortglasvezel.nl to smtp.telfort.nl port 25 also didn't work.
For smtp.telfort.nl I had to use port 587 with authentication.
So probably the same applies for you.
O
Reputatie 1
I have tried the configuration like the one below

code:
relayhost = [smtp.telfort.nl]:587
# enable SASL authentication
smtp_sasl_auth_enable = yes
# disallow methods that allow anonymous authentication.
smtp_sasl_security_options = noanonymous
# where to find sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/relay_password
# Enable STARTTLS encryption
smtp_use_tls = yes
# where to find CA certificates
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt



Also tried:
code:
smtp_use_tls=yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/relay_password
smtp_sasl_security_options =



But I get "Unable to relay..." What username and password do I need to use?
I have tried:
  1. this forum username and password
  2. username and password from email at telfortglasvezel.nl
  3. username and password from an email at telfort.nl (from my old adsl times)
code:
Nov 13 19:40:21 weurope postfix/smtp[12070]: CF93A1C5B414C: to=, relay=smtp.telfort.nl[213.75.63.9]:587, delay=11, delays=11/0.1/0.02/0.22, dsn=5.7.1, status=bounced (host smtp.telfort.nl[213.75.63.9] said: 550 5.7.1 Unable to relay for octavsly@gmail.com (in reply to RCPT TO command))
R
Reputatie 2
I used emailadres (something@telfort.nl) and the password from that emailaccount.
O
Reputatie 1
smtp.telfort.nl does not seem to advertise AUTH

code:
telnet smtp.telfort.nl 587
Trying 213.75.63.9...
Connected to smtp.telfort.nl.
Escape character is '^]'.
220 CPSMTPM-TLF104.kpnxchange.com kpnxchange.com Thu, 15 Nov 2018 02:03:37 +0100 
EHLO 128.127.40.94
250-CPSMTPM-TLF104.kpnxchange.com Hello [128.127.40.94]
250-TURN
250-SIZE 52428800
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-CHUNKING
250-VRFY
250-TLS
250-STARTTLS
250 OK


My server does:
code:
telnet octavsly.net 25
Trying 128.127.40.94...
Connected to octavsly.net.
Escape character is '^]'.
220 eeurope.linux.private ESMTP Postfix
EHLO 128.127.40.94
250-eeurope.linux.private
250-PIPELINING
250-SIZE 500000000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8
O
Reputatie 1
I have received another error from another SMTP server:
code:
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  removed@freenet.de
    host emig.freenet.de [2001:748:100:40::8:116]
    SMTP error from remote mail server after RCPT TO::
    550-Inconsistent/Missing DNS PTR record (RFC 1912 2.1) (smtp-1.concepts.nl)
    550 [2001:838:2:1::30:124]:49306



code:
Reporting-MTA: dns; smtp-1.concepts.nl

Action: failed
Final-Recipient: rfc822;removed@freenet.de
Status: 5.0.0
Remote-MTA: dns; emig.freenet.de
Diagnostic-Code: smtp; 550-Inconsistent/Missing DNS PTR record (RFC 1912 2.1) (smtp-1.concepts.nl)
 550 [2001:838:2:1::30:124]:49306
R
Reputatie 2
It most certainly does work with authentication, how else should people be able to use it on different networks for example on there mobile phone while connected through there mobile provider or some other WiFi network.
If you then switch off authentication you can't send email anymore.

Can't test it now myself but on some servers it only advertises with AUTH after using STARTTLS and then EHLO again.
Natasja - Telfort
Rank
Reputatie 6
Badge +9
Sorry to read switching from smtp.telfortglasvezel.nl to smtp.telfort.nl has not resolved the issue. I've sent the error messages to our SMTP experts just now. Please let me know if @RS2000's advice to use STARTTLS before EHLO has done the trick! 🙂 As soon as I've received a reply, I'll share an update here.
Stuur je een privébericht? Dan ontvang je binnen 3 werkdagen een reactie.
O
Reputatie 1
code:
telnet smtp.telfort.nl 587
Trying 213.75.63.9...
Connected to smtp.telfort.nl.
Escape character is '^]'.
220 CPSMTPM-TLF102.kpnxchange.com kpnxchange.com Mon, 19 Nov 2018 19:32:57 +0100 
EHLO octavsly.net
250-CPSMTPM-TLF102.kpnxchange.com Hello [128.127.40.94]
250-TURN
250-SIZE 52428800
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-CHUNKING
250-VRFY
250-TLS
250-STARTTLS
250 OK
STARTTLS
220 2.0.0 SMTP server ready
AUTH LOGIN
220 2.0.0 SMTP server ready
Connection closed by foreign host.
O
Reputatie 1
code:
telnet smtp.telfort.nl 587
Trying 213.75.63.9...
Connected to smtp.telfort.nl.
Escape character is '^]'.
220 CPSMTPM-TLF101.kpnxchange.com kpnxchange.com Mon, 19 Nov 2018 19:44:26 +0100 
EHLO octavsly.net
250-CPSMTPM-TLF101.kpnxchange.com Hello [128.127.40.94]
250-TURN
250-SIZE 52428800
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-CHUNKING
250-VRFY
250-TLS
250-STARTTLS
250 OK
STARTTLS
220 2.0.0 SMTP server ready
EHLO octavsly.net
220 2.0.0 SMTP server ready
Connection closed by foreign host.
R
Reputatie 2
It doesn't work with telnet, you have to use openssl:
openssl s_client -starttls smtp -connect smtp.telfort.nl:587 -crlf -ign_eof

code:
depth=3 C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden Root CA - G2
verify return:1
depth=2 C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden Organisatie CA - G2
verify return:1
depth=1 C = NL, O = KPN Corporate Market BV, CN = KPN Corporate Market CSP Organisatie CA - G2
verify return:1
depth=0 C = NL, ST = Zuid-Holland, L = 's-Gravenhage, O = Koninklijke KPN N.V., serialNumber = 00000003020452000000, CN = cpsmtpm-tlf102.kpnxchange.com
verify return:1
CONNECTED(00000003)
---
Certificate chain
 0 s:/C=NL/ST=Zuid-Holland/L='s-Gravenhage/O=Koninklijke KPN N.V./serialNumber=00000003020452000000/CN=cpsmtpm-tlf102.kpnxchange.com
   i:/C=NL/O=KPN Corporate Market BV/CN=KPN Corporate Market CSP Organisatie CA - G2
 1 s:/C=NL/O=KPN Corporate Market BV/CN=KPN Corporate Market CSP Organisatie CA - G2
   i:/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Organisatie CA - G2
 2
 s:/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Organisatie CA - G2
   i:/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA - G2
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGxDCCBKygAw...NKiwEVI=
-----END CERTIFICATE-----
subject=/C=NL/ST=Zuid-Holland/L='s-Gravenhage/O=Koninklijke KPN N.V./serialNumber=00000003020452000000/CN=cpsmtpm-tlf102.kpnxchange.com
issuer=/C=NL/O=KPN Corporate Market BV/CN=KPN Corporate Market CSP Organisatie CA - G2
---
No client certificate CA names sent
---
SSL handshake has read 6020 bytes and written 574 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-SHA384
    Session-ID: D12700...337
    Session-ID-ctx:
    Master-Key: 4BA...664
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1542715610
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
250 OK
EHLO somedomain.ext
250-CPSMTPM-TLF102.kpnxchange.com Hello undefined.xxx.xxx.xxx]
250-AUTH=LOGIN
250-AUTH LOGIN
250-TURN
250-SIZE 52428800
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-CHUNKING
250-VRFY
250 OK
quit
221 2.0.0 CPSMTPM-TLF102.kpnxchange.com Service closing transmission channel
read:errno=0





As you can see above, then you do see the 250-AUTH LOGIN
Natasja - Telfort
Rank
Reputatie 6
Badge +9
Hi @octavsly, can you let me know if the advice of @RS2000 to use OpenSSL has resolved the issue? Our SMTP experts told me that the issue between our outgoing smtp.telfortglasvezel.nl and Google has been resolved. However, please note that we have removed the AAAA records and that we don't support IPv6 yet (like @Kees-Jan mentioned earlier on), since abuse from IPv6 addresses is not properly captured. PTR entries are still there.
Stuur je een privébericht? Dan ontvang je binnen 3 werkdagen een reactie.
Natasja - Telfort
Rank
Reputatie 6
Badge +9
Hello @octavsly, since you didn't get back to me, I expect the issue has been resolved by following @RS2000's instructions. If you have any further questions, please do not hesitate to start a new topic.
Stuur je een privébericht? Dan ontvang je binnen 3 werkdagen een reactie.

Reageer