This morning I started having a problem with connecting to my server from my Phone which is a Verizon 4G device. The issue was connecting to a POP3 port (110). It acted as if the server was not there (not connection can be established). I had no problem connecting to the port from other servers so it seems to be limited to Verizon 4G and my phone to the server.

However, everything else was working from the same phone as usual, Web, SMTP, my setup SSH port etc). I was also able to connect to other POP3 servers with my phone without any issues either.

I went through my firewall rules and didn't see anything nor did I see any hits showing up as being blocked. I ended up turning off the firewall altogether in case I was missing something. Nada...

Thinking that somehow Verizon was having some weird port issue on their network, I setup a second port for POP3 to listen to and I tested it from other servers no problem... From my phone... Nada again.

While doing that, I saw how you can add listening from ipv6 as well as the default for ipv4. By default, it is not listening on ipv6. So for grins.. I added that and Bang... I was able to connect.

So why would my phone all of a sudden want to use ipV6 for such a common port. Something that Verizon is doing? Or is there something I might have triggered that is telling Verizon that I prefer ipv6 over ipv4??

I have very little experience with ipV6 and am not sure what rules apply there.

_________________
Kevin a.k.a. Dweeber

Do you have AAAA records? What's your MX record?

MX record doesn't point to my server. It points to a service that deals with all the crap and just sends me clean email to my mail server to then go to the users. Attempts to deliver email directly to my server from unauth users/servers gets rejected.

However, I did setup an AAAA record related to SPF the other day... I was getting mismatch errors on SPF records because they were receiving email from my server using ipv6 instead of ipv4. They only way to get them the SPF records to match was to add an AAAA record. Maybe that is what is triggering it.

_________________
Kevin a.k.a. Dweeber

MX is for SMTP traffic (MTA) not POP3 (MDA).

Yes I know that... however... I had setup an AAAA record for the hostname which Verizon was seeing when I told it to connect to that hostname for POP3 connection and it defaulted to the IPv6 Address. (In fact it would not use the IPv4 address for that host).


Okay... figured it out....

Summary:

o Exim binary has IPv6 support in it (I didn't know this until this afternoon).
o Exim will use an MX record with an AAAA record if there is one.
o MX records for my domains do NOT point to my mail server, but instead a mail processing center so SPF record cannot use MX.
o SPF record had IPv4 IP as a valid site (but not an IPv6 one) there were no AAAA records at first.
o Sending email to verification account testing SPF and DKIM returned with Fail because it got email from an IPv6 address and it didn't match the SPF record.
o I setup an AAAA Record and added it to the SFP entry and last night everything was happy.
o This Morning, My phone could not connect to POP3 address.
o I found that it was using an IPv6 IP to make the connection ???
o I setup Dovecot to listen to both and it works.. buy why did this mess start in the first place.
o This afternoon, I found out that Exim has IPv6 support compiled into it!! This means it will use IPv6 if the MX record to the site it is sending to has one before it will try IPv4....
o Turned off IPv6 support in Exim ( disable_ipv6 = yes ), restarted Exim server.
o Checked and now it only uses IPv4 to the verification addresses.
o Changed SFP records to take out IPv6 referencesv
o Removed AAAA records
o Tried verification.... works and verifies now.
o Tried Phone and it still fails trying to use IPv6, but more than an hour after the TTL exired it started using IPv4 and works fine now.
...

TIL...

1) Exim was compiled with IPv6
2) Exim uses IPv6 addresses as a priority if AAAA MX records exist
3) If you setup an AAAA record for your domain, some services will use that by priority over the IPv4 version.
4) Verizon DOES do that.
5) You can configure Dovecot to listen for IPv6, but it doesn't do it by default.
6) You can turn off IPv6 support in Exim - disable_ipv6 = yes

_________________
Kevin a.k.a. Dweeber

All other things being equal, IPv6 is preferred over IPv4. So, it shouldn't be a surprise that an IPv6-enabled client will try to connect to a service that advertises itself as IPv6-enabled.

_________________

/* TODO: need to add signature to posts */