# Nightmare IPv6: How to disable IPv6 in FreeBSD



## sidney2017 (Jan 5, 2022)

Hi,

after renting a server that has been assigned an IPv6 address in addition to an Ipv4 address, I am getting an increasing number of email undeliverable responses when using sendmail in my FreeBSD 13 environment, citing some IPv6 reason. 

For example:
554 5.7.1 The sending mail server at XXXX:4f8:212:XXXX::2 does not have a reverse (address-to-name) DNS entry cf http://en.wikipedia.org/wiki/Reverse_DNS_lookup
554 5.0.0 Service unavailable
However, the PRT was set in the Hetzner Robot Console.

What is the fastest way to throw out all the IPv6 stuff in FreeBSD? In Linux it is supposed to be sufficient even to kill a certain process.

Thanks in advance and kind regards
Sidney2017


----------



## Argentum (Jan 5, 2022)

sidney2017 said:


> Hi,
> 
> after renting a server that has been assigned an IPv6 address in addition to an Ipv4 address, I am getting an increasing number of email undeliverable responses when using sendmail in my FreeBSD 13 environment, citing some IPv6 reason.
> 
> ...


ifconfig(8)

However you should be able to configure IPv6 reverse DNS name in Hetzner...


----------



## covacat (Jan 5, 2022)

try








						How to stop Sendmail sending mail from IPv6 instead of IPv4
					

Today I noticed that Gmail sends all messages received from my server to the Spam folder. I checked message header and found the following:  Authentication-Results: mx.google.com;        spf=neutral (




					serverfault.com
				




e.g. if your IPv4 address is 1.2.3.4, specify (sendmail.mc):
CLIENT_OPTIONS(`Family=inet6,Addr=::ffff:1.2.3.4')dnl


----------



## sidney2017 (Jan 5, 2022)

Argentum said:


> ifconfig(8)
> 
> However you should be able to configure IPv6 reverse DNS name in Hetzner...


No, it is not possible in their robot-webif (No AAAA).

*EDIT: *There is a tiny PLUS-Symbol one can click on which opens a text field for the eDNS of the IPv6!

Regards
Sidney2017


----------



## sidney2017 (Jan 6, 2022)

covacat said:


> try
> 
> 
> 
> ...



Hi,

unfortunately this did not work for me: After inserting that CLIENT_OPTIONS-Line into my sendmail.mc and rebuilding the .cf I got following message in /var/log/maillog when restarting sendmail:


> mydomain [84423]: gethostbyaddr(IPv6:XXXX:4f8:XXX:12XX:0:0:0:2) failed: 1



Here another returned mail with a similar meaning like the one in my first post:


> <<< 550-5.7.1 [XXXX:4f8:XXX:12XX::2] Our system has detected that this message does
> <<< 550-5.7.1 *not meet IPv6 sending guidelines regarding PTR records* and
> <<< 550-5.7.1 authentication. Please review
> <<< 550-5.7.1  https://support.google.com/mail/?p=IPv6AuthError for more information
> ...



I tried it with "ipv6_activate_all_interfaces="NO" in  my rc.conf, but also without success!

So the question still is how to "ban" IPv6 from my FreeBSD or sendmail?

Kind regards
Sidney2017


----------



## jamie (Jan 6, 2022)

Do you have a line something like:

ifconfig_vtnet0_ipv6="inet6 accept_rtadv" ?

Remove it!

Note, you need to restart the networking for this to take effect... Easiest way is to just reboot the machine.

As for sendmail, you should see these lines in your sendmail.cf:

O ClientPortOptions=Family=inet, Address=a.b.c.d
O DaemonPortOptions=Name=MTA, M=h, Family=inet, Address=a.b.c.d

and no other ClientPortOptions / DaemonPortOptions lines.

P.S. IPv6 isn't a nightmare. It seems you need to direct your anger at your dns provider!


----------



## Phishfry (Jan 6, 2022)

/etc/rc.conf

```
ipv6_activate_all_interfaces="NO"
ip6addrctl_enable="NO"
```


----------



## sidney2017 (Jan 6, 2022)

> jamie said:
> 
> 
> > Do you have a line something like:
> ...


No!


> jamie said:
> 
> 
> > Remove it!
> ...



I use
_ service netif restart && service routing restart_



> jamie said:
> 
> 
> > As for sendmail, you should see these lines in your sendmail.cf:
> ...



On another FreeBSD server that has not been assigned an IPv6 address, the following is entered in sendmail.cf:
_
O DaemonPortOptions=Name=IPv4,Family=inet
O DaemonPortOptions=Port=587, Name=MSA, M=E_

And this works fine for years. That's why I added these entries to the sendmail.cf also on the machine with IPv6

I replaced those lines with the ones you mentioned and restarted sendmail!
sendmail still seems to work but I still get the "returned mails: see transcript for details" message which I already mentioned in my initial post and here.

By the way: When restarting sendmail you get following error message in /var/maillog:


> *sendmail[3848]: gethostbyaddr(IPv6:XXX:4f8:XXX:XXX:0:0:0:2) failed: 1*



So the problem obviously indeed has to do with the fact that for the IPv6-Adress cannot be resolved to a corresponding reverse DNS entry.



> jamie said:
> 
> 
> > IPv6 isn't a nightmare. It seems you need to direct your anger at your dns provider!



I guess you are right but I need a solution as soon as possible.

Kind regards
Sidney2017


----------



## covacat (Jan 6, 2022)

iirc you have sendmail from ports
build it again without ipv6 support
make config and uncheck ipv6


----------



## MATPOCKuH (Jan 6, 2022)

Phishfry said:


> /etc/rc.conf
> 
> ```
> ipv6_activate_all_interfaces="NO"
> ...


Please use ip6addrctl_policy="ipv4_prefer"


----------



## SirDice (Jan 6, 2022)

MATPOCKuH said:


> Please use ip6addrctl_policy="ipv4_prefer"


This doesn't _disable_ IPv6. It sets a preference for IPv4 on a dual-stack configuration.


----------



## jamie (Jan 6, 2022)

sidney2017 said:


> No!
> 
> 
> I use
> _ service netif restart && service routing restart_



I can't remember off hand if that is sufficient! 

Can you post the contents of /etc/rc.conf ?



sidney2017 said:


> On another FreeBSD server that has not been assigned an IPv6 address, the following is entered in sendmail.cf:
> 
> _O DaemonPortOptions=Name=IPv4,Family=inet
> O DaemonPortOptions=Port=587, Name=MSA, M=E_
> ...



It's been suggested that you are using sendmail from ports.. Don't take offence, but are you sure you're editting the files for the sendmail port and not the base sendmail (i.e. not /etc/mail but /usr/local/etc/....) ?



sidney2017 said:


> I replaced those lines with the ones you mentioned and restarted sendmail!
> sendmail still seems to work but I still get the "returned mails: see transcript for details" message which I already mentioned in my initial post and here.
> 
> By the way: When restarting sendmail you get following error message in /var/maillog:
> ...



From sendmails point of view, that is a warning. That doesn't break sendmail, but of course, as you're aware, most remote mail servers will reject message from an IPv6 address without a valid AAAA



sidney2017 said:


> I guess you are right but I need a solution as soon as possible.
> 
> Kind regards
> Sidney2017



A bit of overkill, but you could add:

ipfw add 50 reset ip6 from any to any via <enter the ID of your ethernet interface>

If you don't have ipfw loaded, you can use kldload ifpw

but beware that you'll end up locking out all IP access unless you add something like

ipfw add 100 allow ip from any to any

so, put the 3 lines in a script to run!


----------



## grahamperrin@ (Jan 6, 2022)

sidney2017 said:


> I use
> _ service netif restart && service routing restart_



Good luck; 



grahamperrin said:


> … `service routing restart` is not reliable <https://pastebin.com/mXmVPruq>. Instead, I stop then start services: …



YMMV


----------



## sidney2017 (Jan 6, 2022)

Hi,

thanks for all your hints and recommendations!

In order to be able to make some tests I need to know how I can track the communication data between my sendmail and the receiving mail server?

For example:

I use Thunderbird with Windows 10
SENDER: sidney@mydomain.com (IP 1.2.3.4)
SMTP-Server: mail.mydomain.com (IP 1.2.3.4) Port 587 or another one of my domains (mail.myotherdomain with IP 1.2.3.4).

and send an email to user@receiverdomain.tld.

*Now I want see exactly the server sided "traffic" under FreeBSD between my sendmail and the receiverdomain.tld in order to see which FQDN my sendmail uses for EHLO etc. in order to send my mail to user@receiverdomain.tld.
How can I make this?*

Background: I have several domains for which IP 1.2.3.4 is set in DNS. The MX-Record points to 1.2.3.4 too.
I never had problems to set up accounts in my Thunderbird like sidney@mydomainXY.tld, smtp.mydomainXY.tld:587 while the PTR is set to a totally other one of my domains but not mydomainXY.tld.

This never resulted in returned Mails related to eDNS issues etc.
But in those cases IPv6 was not enabled on the server managing those domains.


Kind regards and thanks again
Sidney2017


----------



## covacat (Jan 6, 2022)

O LogLevel=33 will log smtp handshakes
33 is pulled out of the ... but it does the job

```
Jan  7 00:45:28 ns sm-mta[8978]: 206MjSMj008978: --- 250-host.dom Hello [2.56.57.170], pleased to meet you
Jan  7 00:45:28 ns sm-mta[8978]: 206MjSMj008978: --- 250-ENHANCEDSTATUSCODES
Jan  7 00:45:28 ns sm-mta[8978]: 206MjSMj008978: --- 250-PIPELINING
Jan  7 00:45:28 ns sm-mta[8978]: 206MjSMj008978: --- 250-8BITMIME
Jan  7 00:45:28 ns sm-mta[8978]: 206MjSMj008978: --- 250-SIZE 50000000
Jan  7 00:45:28 ns sm-mta[8978]: 206MjSMj008978: --- 250-ETRN
Jan  7 00:45:28 ns sm-mta[8978]: 206MjSMj008978: --- 250-AUTH LOGIN
Jan  7 00:45:28 ns sm-mta[8978]: 206MjSMj008978: --- 250-STARTTLS
Jan  7 00:45:28 ns sm-mta[8978]: 206MjSMj008978: --- 250-DELIVERBY
Jan  7 00:45:28 ns sm-mta[8978]: 206MjSMj008978: --- 250 HELP
Jan  7 00:45:28 ns sm-mta[8978]: 206MjSMj008978: <-- AUTH LOGIN
Jan  7 00:45:28 ns sm-mta[8978]: 206MjSMj008978: --- 334 VXNlcm5hbWU6
Jan  7 00:45:28 ns sm-mta[8978]: 206MjSMj008978: --- 334 UGFzc3dvcmQ6
Jan  7 00:45:28 ns sm-mta[8978]: 206MjSMj008978: --- 535 5.7.0 authentication failed
Jan  7 00:45:28 ns sm-mta[8978]: 206MjSMj008978: AUTH failure (LOGIN): authentication failure (-13) SASL(-13): authentication failure: checkpass failed,
Jan  7 00:45:28 ns sm-mta[8978]: 206MjSMj008978: <-- QUIT
Jan  7 00:45:28 ns sm-mta[8978]: 206MjSMj008978: --- 221 2.0.0 host.dom closing connection
Jan  7 00:45:28 ns sm-mta[8978]: 206MjSMj008978: Milter (spamassassin): quit filter
Jan  7 00:45:28 ns sm-mta[8978]: 206MjSMj008978: Milter (sentinel): quit filter
Jan  7 00:45:28 ns sm-mta[8978]: 206MjSMj008978: Milter (clmilter): quit filter
Jan  7 00:45:28 ns sm-mta[8978]: 206MjSMj008978: Milter (dkim-filter): quit filter
```


----------



## freebuser (Jan 6, 2022)

covacat said:


> O LogLevel=33 will log smtp handshakes
> 33 is pulled out of the ... but it does the job
> 
> ```
> ...


TLDR;
Also check what is your ip assigned to the outgoing something like
curl http://ipinfo.io/ip
May be your ISP is sending through ipv6 by default.


----------



## freebuser (Jan 6, 2022)

sidney2017 said:


> Hi,
> 
> thanks for all your hints and recommendations!
> 
> ...



TLDR;
Also check what is your ip assigned to the outgoing something like
curl http://ipinfo.io/ip
May be your ISP is sending through ipv6 by default.


----------



## sidney2017 (Jan 7, 2022)

Indeed I think that the main factor for my problem is that an activated IPv6-Support on the Hetzner machine results in priorising IPv6 even if you do not want to use it for sendmail.

In the meantime, Hetzner support has explained to me how to enter an eDNS in the Robot for the IPv6 address as well. It is a tiny PLUS symbol, so different from the IPv4 eDNS-address field in the Robot webif. And you must not forget then to set the AAAA entry for that IPv6 address in DNS. Since then, at least the emails to xy@gmail.com go through without the error message mentioned at the beginning.

On the other hand, the emails to xy@t-online.tld still come back. However, I assume that the IP of my server is on a blacklist of t-online meanwhile.

Today I tested the whole thing on another Hetzner server, which also contains IPv6 for free. On this server, the problems discussed at the beginning do NOT appear. However, on this server, at least in rc.conf, IPV6 is not bound to the network card, which confirms my suspicion that the whole issue is ultimately due to IPv6 only: 

IF it is enabled, you quickly fall into the prioritization trap and various things have to be taken into account, such as the eDNS record for the IPv6 address and the AAAA in DNS.

I'll have to see what command I can use to find out if the FreeBSD kernel on this machine might not have been built with IPv6 support.

Kind regards
Sidney2017


----------



## sidney2017 (Jan 7, 2022)

covacat said:


> O LogLevel=33 will log smtp handshakes
> 33 is pulled out of the ... but it does the job
> 
> ```
> ...



Hi covacat,

is this logged in /maillog?

Thanks and regards
Sidney2017


----------



## sidney2017 (Jan 7, 2022)

freebuser said:


> TLDR;
> Also check what is your ip assigned to the outgoing something like
> curl http://ipinfo.io/ip
> May be your ISP is sending through ipv6 by default.


A nice idea!
But the machine´s IPv4 address is returned.

Kind regards
Sidney2017


----------



## sidney2017 (Jan 7, 2022)

jamie said:


> ...
> It's been suggested that you are using sendmail from ports.. Don't take offence, but are you sure you're editting the files for the sendmail port and not the base sendmail (i.e. not /etc/mail but /usr/local/etc/....) ?


Hi Jamie,

yes, I am sure!

/usr/src/etc/sendmail/freebsd.mc from which the actual configuration file /etc/mail/sendmail.cf is created!

I had to build sendmail with the port to get rid of that "PICKY-HELO-CHECK".


Best regards
Sidney2017


----------



## sidney2017 (Jan 7, 2022)

covacat said:


> iirc you have sendmail from ports
> build it again without ipv6 support
> make config and uncheck ipv6


I think that would have saved me a lot of trouble if I had done this right at the beginning.

Kind regards
Sidney2017


----------



## sidney2017 (Jan 7, 2022)

covacat said:


> O LogLevel=33 will log smtp handshakes
> 33 is pulled out of the ... but it does the job
> 
> ```
> ...



Hi,

the LogLevel=33 setting works like a charme.

But I wonder if it is normal that the *EHLO *below mentions my internal LAN IP Number *192.168.0.30*?

Kind regards
Sidney2017



> Jan  7 13:44:16 MyDomain sm-mta[1220]: NOQUEUE: connect from dslb-123-064-456-076.789.064.pools.vodafone-ip.de [1.2.3.4]
> Jan  7 13:44:16 MyDomain sm-mta[1220]: AUTH: available mech=SCRAM-SHA-1 SCRAM-SHA-256 DIGEST-MD5 OTP NTLM CRAM-MD5 PLAIN LOGIN ANONYMOUS, allowed mech=PLAIN LOGIN
> Jan  7 13:44:16 MyDomain sm-mta[1220]: 207CiGjp001220: Milter: no active filter
> Jan  7 13:44:16 MyDomain sm-mta[1220]: 207CiGjp001220: --- 220 mail.MyDomain.de ESMTP Sendmail 8.17.1/8.16.1; Fri, 7 Jan 2022 13:44:16 +0100 (CET)
> ...


----------



## SirDice (Jan 7, 2022)

Add your hostname with the _internal_ IP to /etc/hosts. The problem here is likely that 192.168.0.30 doesn't reverse resolve.


----------



## sidney2017 (Jan 7, 2022)

SirDice said:


> Add your hostname with the _internal_ IP to /etc/hosts. The problem here is likely that 192.168.0.30 doesn't reverse resolve.



Hello,

thanks for your reply!

I guess that my statements above have come across misleadingly because the IP 192.168.0.30 (my desktop computer) is the internal IP address in my LAN at home and not on the FreeBSD server.

Obviously my Thunderbird-EmailClient transmits my desktop PC´s IP address while my Thunderbird contacts the smtp-server (sendmail) running on my FreeBSD at Hetzner and afterwards sendmail seems to pass that IP number 192.168.0.30 to the receiving mail server.

I wonder if this is a normal behaviour?

Kind regards
Sidney2017


----------



## SirDice (Jan 7, 2022)

sidney2017 said:


> I guess that my statements above have come across misleadingly because the IP 192.168.0.30 (my desktop computer) is the internal IP address in my LAN at home and not on the FreeBSD server.


Right, then this does make sense:

```
Jan 7 13:44:16 MyDomain sm-mta[1220]: 207CiGjp001220: --- 220 mail.MyDomain.de ESMTP Sendmail 8.17.1/8.16.1; Fri, 7 Jan 2022 13:44:16 +0100 (CET)
Jan 7 13:44:16 MyDomain sm-mta[1220]: 207CiGjp001220: <-- EHLO [192.168.0.30]
```




sidney2017 said:


> afterwards sendmail seems to pass that IP number 192.168.0.30 to the receiving mail server.


It won't. The MTA doesn't know or care where the email came from.


----------



## sidney2017 (Jan 7, 2022)

SirDice said:


> Right, then this does make sense:
> 
> ```
> Jan 7 13:44:16 MyDomain sm-mta[1220]: 207CiGjp001220: --- 220 mail.MyDomain.de ESMTP Sendmail 8.17.1/8.16.1; Fri, 7 Jan 2022 13:44:16 +0100 (CET)
> ...



Thanks!

I didn't know if it is normal that in the constellation I described, my local IP 182.168.0.30 from my PC shows up in the EHLO in /var/maillog.

Kind regards
Sidney2017


----------



## covacat (Jan 7, 2022)

sendmail will ignore the ehlo arg and will try to reverse resolve the ip and put it in the answer
iirc sendmail used not to like /etc/hosts and always tried to resolve the ip by dns queries
but try what SirDice said, just add it to /etc/hosts, maybe sendmail's behaviour has changed

```
nc myhost.ro 25
220 myhost.ro ESMTP of Borg. You will be assimilated; Fri, 7 Jan 2022 19:03:27 +0200 (EET)
ehlo iAmGroot
250-myhost.ro Hello allwinnerh6.myhost.local [10.1.1.172], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 50000000
250-ETRN
250-AUTH LOGIN
250-STARTTLS
250-DELIVERBY
250 HELP
```


----------



## sidney2017 (Jan 7, 2022)

Hi covacat,

If I understood SirDice correctly with his last answer, I don't have to/shouldn't add anything to my FreeBSD server´s /etc/host, because the IP 192.168.0.30 has nothing to do with the LAN of the FreeBSD server, but comes from the LAN at my home.

SirDice wrote:

*Right, then this does make sense:*



> Code:
> Jan 7 13:44:16 MyDomain sm-mta[1220]: 207CiGjp001220: --- 220 mail.MyDomain.com ESMTP Sendmail 8.17.1/8.16.1; Fri, 7 Jan 2022 13:44:16 +0100 (CET)
> Jan 7 13:44:16 MyDomain sm-mta[1220]: 207CiGjp001220: *<-- EHLO [192.168.0.30]*



Or did I misinterpret his answer?

Best regards
Sidney2017


----------



## Vull (Jan 7, 2022)

covacat said:


> sendmail will ignore the ehlo arg and will try to reverse resolve the ip and put it in the answer
> iirc sendmail *used not to like /etc/hosts and always tried to resolve the ip by dns queries*
> but try what SirDice said, just add it to /etc/hosts, maybe sendmail's behaviour has changed
> <snip>...


The DNS vs. /etc/hosts preference behavior is normally controlled by the "hosts" line in /etc/nsswitch.conf. The default setting is `hosts: files dns` which means look in /etc/hosts first and do DNS lookups only if the IP address is not found there. nsswitch.conf(5)

Using the /etc/hosts file for frequently accessed LAN addresses can speed up performance considerably in some network configurations, but it might not be worth the trouble, since it can also be problematic in some situations. This is an old un*x trick that goes back at least as far as Solaris when network accesses were much slower.


----------



## Argentum (Jan 8, 2022)

sidney2017 said:


> No, it is not possible in their robot-webif (No AAAA).
> 
> *EDIT: *There is a tiny PLUS-Symbol one can click on which opens a text field for the eDNS of the IPv6!
> 
> ...


Correct. I happen to have a  (FreeBSD) server in *Hetzner* also. Now, after long time logging toe the *robot* I can confirm that there is no *reverse DNS* configuration menu. I your situation I would connect the customer support.

EDIT: I was wrong here! Hetzner has a function to add a new reverse DNS entry for IPv6 in their robot.


----------



## Argentum (Jan 8, 2022)

Argentum said:


> Correct. I happen to have a  (FreeBSD) server in *Hetzner* also. Now, after long time logging toe the *robot* I can confirm that there is no *reverse DNS* configuration menu. I your situation I would connect the customer support.


And now, trying again. Looks like I was wrong here. There is a little + sign for adding new reverse DNS entries and I was able to add one for IPv6.


----------



## sidney2017 (Jan 8, 2022)

Argentum said:


> And now, trying again. Looks like I was wrong here. There is a little + sign for adding new reverse DNS entries and I was able to add one for IPv6.



What I already wrote here - even quoted by you here! 

Regards
Sidney2017


----------



## Argentum (Jan 8, 2022)

sidney2017 said:


> What I already wrote here - even quoted by you here!
> 
> Regards
> Sidney2017


For some reason I mised that. The thing started to bother me - how can it be that one cannot set the reverse address there. As I wrote, I have also a FreeBSD server running there with IP6, but I had no need for reverse. No I can confirm that it actually works.

So, you can mark this thread *solved*?


----------



## sidney2017 (Jan 8, 2022)

Since in the course of the discussion by hints of other posters it became clear that sendmail prioritizes IPv6 first by default and my initial problem could be caused by it and beyond that further hints came that one should not deactivate IPv6 completely because of the sendmail problem, the question arises since then, how I deactivate IPv6 support best in sendmail. 

And since covacat here advised to compile sendmail again WITHOUT IPv6 support, I followed his recommendation, with the just described contradictory output of sendmail to IPv6 support.

Regards
Sidney2017


----------



## sidney2017 (Jan 8, 2022)

Argentum said:


> For some reason I mised that. The thing started to bother me - how can it be that one cannot set the reverse address there. As I wrote, I have also a FreeBSD server running there with IP6, but I had no need for reverse.


For the IPv4 eDNS the robot interface shows the input field directly in the same raw like the IPv4 number whereas this is not the case for the eDNS field of the IPv6 number. Here you have to click on the tiny plus-symbol.

The whole thing only became important for me because the Telekom denies delivering mails to customers sometimes when there isn´t a corresponding reverse dns entry for the mail servers IP number. They consider this as spam. This is what they wrote me by email.

Kind regards
Sidney2017


----------



## trev (Jan 9, 2022)

I use the base system sendmail and compile my own trimmed down STABLE branch. My /etc/make.confcontains:



> SENDMAIL_CFLAGS= -UNETINET6     # no ISP IPv6 rDNS, so ditch IPv6 for sendmail



It was the only reliable way I found to stop sendmail using IPv6


----------



## sidney2017 (Jan 9, 2022)

Hi trev,

thanks for that information!

But even though I placed "ENDMAIL_CFLAGS= -UNETINET6" in make.conf and rebuilt sendmail from the port, "/usr/local/sbin/sendmail -bt -d0.1" still displays 



> "Compiled with: DANE DNSMAP *IPV6_FULL ...*".



*Even commenting out IPv6-Support in the port's makefile* doesn't change this, so I have to assume that this is a bug in the current sendmail-port.



> #.if ${PORT_OPTIONS:MIPV6}
> #SITE+=    ${FILESDIR}/site.config.m4.ipv6
> #.endif



Kind regards
Sidney2017


----------



## Argentum (Jan 9, 2022)

sidney2017 said:


> The whole thing only became important for me because the Telekom denies delivering mails to customers sometimes when there isn´t a corresponding reverse dns entry for the mail servers IP number. They consider this as spam. This is what they wrote me by email.


This is simple yet powerful measure *against malicious botnets*. Bots do not have means to configure the reverse address. With my own mail servers I have always configured this option.


----------



## zirias@ (Jan 9, 2022)

sidney2017 said:


> But even though I placed "ENDMAIL_CFLAGS= -UNETINET6" in make.conf and rebuilt sendmail from the port, "/usr/local/sbin/sendmail -bt -d0.1" still displays


Two errors here:

There's an 'S' missing (probably just typo?)
This setting is for building the base sendmail, see https://cgit.freebsd.org/src/tree/usr.sbin/sendmail/Makefile#n66
I'd rather put it in /etc/src.conf cause it only applies to the base src tree.

And generally, nowadays it would make more sense to fix whatever is broken with your IPv6 setup instead of just disabling it...


----------



## covacat (Jan 9, 2022)

ignore IPV6_FULL. it probably has no effect without -DNETINET6


----------



## sidney2017 (Jan 9, 2022)

Argentum said:


> This is simple yet powerful measure *against malicious botnets*. Bots do not have means to configure the reverse address. With my own mail servers I have always configured this option.


In my case the mail server passes all test of MXToolbox.com and nevertheless the mails are returned (ONLY from Telekom).

Kind regards
Sidney2017


----------



## zirias@ (Jan 9, 2022)

sidney2017 said:


> (ONLY from Telekom)


I doubt that very much. My MX would reject them as well. Basically, what Argentum said. No single measure works well against email spam, but rejecting anything where the sender has no (or broken) RDNS is a proven strategy to filter a substantial part of crap.

If your hoster doesn't allow you to configure RDNS records for your IPv6 addresses, complain to them. That's crucial functionality missing.


----------



## sidney2017 (Jan 9, 2022)

Zirias said:


> I doubt that very much. My MX would reject them as well. Basically, what Argentum said.
> 
> If your hoster doesn't allow you to configure RDNS records for your IPv6 addresses, complain to them. That's crucial functionality missing.



Didn´t you read what I had written?

_"In my case the mail server passes all test of MXToolbox.com"_

This includes eDNS checks etc. since - what I mentioned several times in this thread - I found the option to enter a Reverse DNS entry for IPv6 in Hetzner´s robot console.

Kind regards
Sidney2017


----------



## zirias@ (Jan 9, 2022)

Don't you read what you write yourself? In your post Argentum quoted, you're talking about missing RDNS records.


----------



## sidney2017 (Jan 9, 2022)

Zirias said:


> Don't you read what you write yourself? In your post Argentum quoted, you're talking about missing RDNS records.



Apparently you are unaware that new points of view can arise in the course of a discussion, for example that even a set eDNS does not solve a problem that has been raised.

If you had bothered to read this thread in its entirety, you would have noticed that this is also about disabling IPv6 in sendmail, so that a PTR for an IPv6 address is no longer needed if you don't want to use IPv6 anyway. 

Thanks for your answers anyway!

Kind regards
Sidney2017


----------



## zirias@ (Jan 9, 2022)

Yeah, how about you first read all my answers properly and second don't randomly change quoted context?


----------



## sidney2017 (Jan 9, 2022)

How about just not commenting anymore unless something constructive could still be contributed?

Regards
Sidney2017


----------



## zirias@ (Jan 9, 2022)

Ah, so you finally found all my posts. Just to state it, it also makes a lot of sense to take quoted text for context, but whatever...


----------



## Argentum (Jan 9, 2022)

sidney2017 said:


> How about just not commenting anymore unless something constructive could still be contributed?


If you still need to remove all the IPv6, you can build a custom kernel without IPv6. See `grep INET6 /usr/src/sys/amd64/conf/GENERIC`. 

```
options         INET6                   # IPv6 communications protocols
```
You can remove INET6 from kernel configuration and build a custom kernel. _I wouldn't do that, but if there is no other way..._


----------

