 |
 |
While I understand why many administrators would disable IPv6, we need to keep in mind that M$ views IPv6 as a necessary component of windows servers and desktops. If your network, like ours here at MSU doesn't support IPv6, your servers will still continue to function because for communication within the same vLAN your servers will get APIPPA addresses (http://support.microsoft.com/kb/220874). However to address the issue at hand, with Gmail servers, the problem is that google doesn't like that it can't find a PTR record for your IPv6 addresses that get registered in the email header. There are two Microsoft supported solutions to this problem. 1) Get a valid IPv6 address and get a PTR record for it. This isn't a possible solution at this time because IPv6 routing, or more specifically IPv6 to IPv4 routing, isn't supported on MSU's network. 2) Forward your outbound email through an email server that is strictly IPv4. As I mentioned in a previous message, we took advantage of this workaround and used our Anti-SPAM appliance as our email gateway. Disabling IPv6 should not be a solution because it is not a supported or tested configuration my Microsoft. Even the second option is really just a work around. The honest truth is that Windows needs IPv6 working on our network here at MSU. I have spoken with the network team and I know they have several hurdles they need to overcome before we are ready for IPv6. I don't want to go into details because I am not qualified to speak on their behalf. But until we get to that point, I'm afraid that us Window admins will be settling for work band aids or operating in unsupported configurations. Joshua Wortz MSU IT Services | Content and Collaboration Systems Administrator, Core Office Services Team Ph. 517.432.5304 | Fax 517.432-1430 -----Original Message----- From: Wortz, Josh Sent: Thursday, March 20, 2014 10:23 AM To: Oscar Castaneda; [log in to unmask] Subject: RE: [MSUNAG] Google Blocking E-mail - IPv6 error FYI Disabling IPv6 is considered an unsupported configuration from Microsoft as up Server 2008 and later. "From Microsoft's perspective, IPv6 is a mandatory part of the Windows operating system and it is enabled and included in standard Windows service and application testing during the operating system development process. Because Windows was designed specifically with IPv6 present, Microsoft does not perform any testing to determine the effects of disabling IPv6." http://blogs.technet.com/b/netro/archive/2010/11/24/arguments-against-disabling-ipv6.aspx Also please note there is a disclaimer on the KB article that describes how to disable IPv6 in the registry that states: " Important Internet Protocol version 6 (IPv6) is a mandatory part of Windows Vista and later versions. We do not recommend that you disable IPv6 or its components, or some Windows components may not function. For more information, see the "What are Microsoft's recommendations about disabling IPv6?" question in IPv6 for Microsoft Windows: Frequently Asked Questions." http://support.microsoft.com/kb/929852 Also the FAQ on IPv6 in windows addresses this issue: Q. What are Microsoft's recommendations about disabling IPv6? A. It is unfortunate that some organizations disable IPv6 on their computers running Windows 7, Windows Vista, Windows Server 2008 R2, or Windows Server 2008, where it is installed and enabled by default. Many disable IPv6-based on the assumption that they are not running any applications or services that use it. Others might disable it because of a misperception that having both IPv4 and IPv6 enabled effectively doubles their DNS and Web traffic. This is not true. From Microsoft's perspective, IPv6 is a mandatory part of the Windows operating system and it is enabled and included in standard Windows service and application testing during the operating system development process. Because Windows was designed specifically with IPv6 present, Microsoft does not perform any testing to determine the effects of disabling IPv6. If IPv6 is disabled on Windows 7, Windows Vista, Windows Server 2008 R2, or Windows Server 2008, or later versions, some components will not function. Moreover, applications that you might not think are using IPv6-such as Remote Assistance, HomeGroup, DirectAccess, and Windows Mail-could be. Therefore, Microsoft recommends that you leave IPv6 enabled, even if you do not have an IPv6-enabled network, either native or tunneled. By leaving IPv6 enabled, you do not disable IPv6-only applications and services (for example, HomeGroup in Windows 7 and DirectAccess in Windows 7 and Windows Server 2008 R2 are IPv6-only) and your hosts can take advantage of IPv6-enhanced connectivity. http://technet.microsoft.com/en-us/network/cc987595.aspx Joshua Wortz MSU IT Services | Content and Collaboration Systems Administrator, Core Office Services Team Ph. 517.432.5304 | Fax 517.432-1430 -----Original Message----- From: Oscar Castaneda [mailto:[log in to unmask]] Sent: Thursday, March 20, 2014 10:11 AM To: [log in to unmask] Subject: Re: [MSUNAG] Google Blocking E-mail - IPv6 error I haven't get in this particular situation but one question comes to mind: are you using IPv6? To me it has been a source of problems. I just disable it. oscar On 3/19/2014 4:19 PM, Steven M. Plemmons wrote: > Suddenly, google is blocking messages sent from our exchange server to gmail addresses. The following error message is given. Is anyone else seeing this? > > Thanks, > > > Steve Plemmons > Systems Analyst II/S > Department of Mathematics > Michigan State University > 619 Red Cedar Road > C339 Wells Hall > Office: 517-353-4673 > [log in to unmask] > > > > > mx.google.com gave this error: > [2002:2308:4821::2308:4821] Our system has detected that this message > does not meet IPv6 sending guidelines regarding PTR records and > authentication. Please review > https://support.google.com/mail/?p=ipv6_authentication_error for more > information. l7si4236735icq.11 - gsmtp > > > Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery. > -- Oscar Castaņeda Remote Sensing & GIS Michigan State University