I have mail successfully working using postfix/dovecot. However, I realized that when mailing to GMAIL and connecting via ipv6 address for my linode, gmail SPF headers show that it is a softfail. It works perfectly when it connects via ipv4, my standard linode address. I have set up SPF records, trying numerous combinations. The only way I could squelch this for now was to completely disable ipv6. Does anyone know if there is a solution or if I am just doing something wrong? Any help is greatly appreciated. DNS is syntactically OK and so is the SPF txt record according to tools i have used.

I set reverse dns in linode for the ip4 and ip6 pointing to my main host dags.io

DNS Zone File, including TXT record.

; dags.io [570724]
$TTL 86400
@ IN SOA ns1.linode.com. dave.dags.io. 2014050849 14400 14400 1209600 86400
@ NS ns1.linode.com.
@ NS ns2.linode.com.
@ NS ns3.linode.com.
@ NS ns4.linode.com.
@ NS ns5.linode.com.
@ MX 1 dags.io.
@ MX 1 iver.dags.io.
@ TXT "v=spf1 a mx ip4:50.116.36.39 ip6:2600:3c02::f03c:91ff:fe6e:3d73 ~all"
@ A 50.116.36.39
iver A 50.116.36.39
mail A 50.116.36.39
www A 50.116.36.39
yum A 50.116.36.39
@ AAAA 2600:3c02::f03c:91ff:fe6e:3d73
iver AAAA 2600:3c02::f03c:91ff:fe6e:3d73
mail AAAA 2600:3c02::f03c:91ff:fe6e:3d73
www AAAA 2600:3c02::f03c:91ff:fe6e:3d73
yum AAAA 2600:3c02::f03c:91ff:fe6e:3d73

IPv6 Failed SPF GMAIL Header

Return-Path: <dave@dags.io>
Received: from iver (dags.io. [2600:3c02::f03c:91ff:fe6e:3d73])
by mx.google.com with ESMTP id z46si2526127yhl.4.2014.05.08.11.02.07
for <davedags@gmail.com>;
Thu, 08 May 2014 11:02:07 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning dave@dags.io does not designate 2600:3c02::f03c:91ff:fe6e:3d73 as permitted sender) client-ip=2600:3c02::f03c:91ff:fe6e:3d73;

IPv4 WORKING SPF GMAIL Header
Received: from iver (dags.io. [50.116.36.39])
by mx.google.com with ESMTP id t64si2495603yhd.78.2014.05.08.11.01.20
for <davedags@gmail.com>;
Thu, 08 May 2014 11:01:20 -0700 (PDT)
Received-SPF: pass (google.com: domain of dave@dags.io designates 50.116.36.39 as permitted sender) client-ip=50.116.36.39;

ok - well, i just checked and with no other changes, it suddenly is working! I did add reverse DNS for my ip6 address this morning so maybe it just took longer to get through to googs.

either way, seems it is working now!

DNS records have a TTL associated with them. If a client (eg google) has looked up a record (eg your TXT record) then it'll cache the result for the duration of the TTL. I think linode TTLs are 1 day, so any DNS change you make might take up to 24 hours to propagate fully.

(Also google doesn't strictly follow DNS semantics, but it's close enough).

_________________
Rgds
Stephen
(Linux user since kernel version 0.11)

How did you set a reverse DNS for your IP6 address?

Cheers
Nap

_________________
My VPS system:
(Ubuntu 14.04 LTS, Kernel 3.15.4-x86_64, Apache 2.4.7, MariaDB Server 5.5.40, MariaDB Client 5.5.41, PHP 5.5.9, ISPConfig 3.0.5.4p5, Webmin, PureFTP & Quota, phpMyAdmin, postfix, dovecot, amavis, clamav, spamassassin, awstats, fail2ban, Jailkit, bind9, vlogger, webalizer)

You can set RDNS for IPv6 the same as you do IPv4. Create forward AAAA records first, go to Remote Access tab for your Linode, enter the name and click Look Up. We'll check to make sure there's an AAAA record pointing to your Linode's IPv6 address and if there is, you'll be asked to confirm you want to set your reverse record.

@JCurry Ok, thanks.

I had to setup the AAAA records first (which is what I did wrong when I tried it earlier). Then, after waiting for the propagation, the Look Up button asked me if I wanted to use the IP6 address.

While on the subject of DNS setup; If I have an entry with a wildcard hostname, should I still add specific hostnames?

_________________
My VPS system:
(Ubuntu 14.04 LTS, Kernel 3.15.4-x86_64, Apache 2.4.7, MariaDB Server 5.5.40, MariaDB Client 5.5.41, PHP 5.5.9, ISPConfig 3.0.5.4p5, Webmin, PureFTP & Quota, phpMyAdmin, postfix, dovecot, amavis, clamav, spamassassin, awstats, fail2ban, Jailkit, bind9, vlogger, webalizer)

If you have a wildcard record then you only need to set records up for records which differ. Just be careful in the future if you decide to change what the wildcard points to while relying on a specific name that isn't in your zone which you might not want to change with your wildcard.