Comcast blocking IPv6 subnets at SMTP level
tjc at ecs.soton.ac.uk
Tue Jan 12 11:04:29 CET 2016
> On 12 Jan 2016, at 08:35, Björn JACKE <bj at SerNet.DE> wrote:
> did anybody experience issues with Comcast blocking IPv6 addresses at SMTP
> level? We used to be able to send mail to comcast servers but since a couple of
> days they cancel SMTP connections with a misleading error message:
> # telnet mx2.comcast.net. 25
> Trying 2001:558:fe21:2a::6...
> Connected to mx2.comcast.net.
> Escape character is '^]'.
> 554 resimta-ch2-09v.sys.comcast.net comcast ESMTP server not available
> Connection closed by foreign host.
> Forward and reverse DNS etc. is all fine at our site. From other IPv6
> subnets the SMTP connection isn't terminated.
> The KDE project had the same issues last year, see
> I already had a one hour call with a Comcast support guy but their support
> isn't helpful at all, in the end he didn't know what's wrong and the result of
> the call with them was zero. Currently it looks like Comcast needs to be IPv6
> blacklisted for SMTP if you want to keep sending mails to them reliably. But
> that can't really shouldn't be the solution...
No problem reaching them from here. I wonder what blacklisting mechanism they use?
$ telnet mx2.comcast.net 25
Connected to mx2.comcast.net (2001:558:fe21:2a::6).
Escape character is '^]'.
220 resimta-ch2-04v.sys.comcast.net comcast ESMTP server ready
250 resimta-ch2-04v.sys.comcast.net hello [2001:630:d0:f102::22], pleased to meet you
221 2.0.0 resimta-ch2-04v.sys.comcast.net comcast closing connection
Connection closed by foreign host.
We have fallen foul of senderbase's reputation, more than once, which oddly keeps separate reputation for IPv4 and IPv6 transport for the same sending system. Are you blocked for IPv4 for the same subnet?
https://www.senderbase.org/lookup/?search_string=sernet.de does show a 220% rise in email volume the past 24 hours, but your rep seems fine, at least for IPv4 as shown there. Also seems fine at spamhaus, though you don’t say which specific sender you have issues with to look that up - might be interesting to see what it says, whether or not Comcast use that particular system.
I suppose that such issues are a sign of IPv6 gaining some maturity.
More information about the ipv6-ops