Prevent Postfix SMTP from contacting Google Mail using IPv6

When delivering a SMTP message to Google Mail using IPv6, stricter anti-spam rules are applied. You need for instance to have a correct Reverse DNS ‘PTR’ pointer pointing to your sender mail domain and this is “a mess” when you share one IP address for multiple mail servers/domains.

The ‘PTR’ DNS entry is not located in our DNS zone, but in the authoritative DNS server of the owner of the IP. As consequence, one has to contact the hoster/ISP to get this special set-up. Then, multiple ‘PTR’ records aren’t allowed, so one is blocked in this situation when sharing an IP. (If someone could tell me a correct and not-just-work-around-solution, I would be very happy).

More information on Googles requirements: https://support.google.com/mail/?p=ipv6_authentication_error

As an example, this is the extract of the /var/log/mail.log showing the rejection. Note the IPv6 address used to contact Google Mail.

postfix/cleanup[29684]: A9C1B4E0455: message-id=<20160209150447.A9C1B4E0455@xxx.xxx.net>
postfix/qmgr[16566]: A9C1B4E0455: from=<nobody@localhost>, size=583, nrcpt=1 (queue active)
postfix/smtpd[29681]: disconnect from localhost[::1]
postfix/smtp[29685]: A9C1B4E0455: to=<*******@gmail.com>, relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c02::1a]:25, delay=0.82,
 delays=0.2/0.26/0.22/0.14, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[2a00:1450:400c:c02::1a] said: 550-5.7.1 
[2001:41d0:52:500::a2] Our system has detected that this message does 550-5.7.1 not meet IPv6 sending guidelines regarding PTR records 
and 550-5.7.1 authentication. Please review 550-5.7.1  https://support.google.com/mail/?p=ipv6_authentication_error for more 550 5.7.1 
information. k10si49527078wjy.108 - gsmtp (in reply to end of DATA command))
postfix/cleanup[29684]: 84AAA4E1F88: message-id=<20160209150448.84AAA4E1F88@vps132034.ovh.net>
postfix/qmgr[16566]: 84AAA4E1F88: from=<>, size=3146, nrcpt=1 (queue active)
postfix/bounce[29686]: A9C1B4E0455: sender non-delivery notification: 84AAA4E1F88
postfix/qmgr[16566]: A9C1B4E0455: removed

A work-around when it comes to Google Mail is to force Postfix to always use IP4 when contacting Google Mail. This can be achieved using the following configuration:

0) Back-up the files before modification :)

1) In file /etc/postfix/main.cf, add the following line:

transport_maps = hash:/etc/postfix/transport

2) Create (or edit) the file /etc/postfix/transport, adding the following line:

gmail.com       smtp-ipv4:

3) In the file /etc/postfix/master.cf, add the following service definition (similar to the other lines in the file):

smtp-ipv4 unix  -       -       -       -       -       smtp
  -o inet_protocols=ipv4

4) Add the newly created ‘transport’ table to the Postfix look-up tables:

/etc/postfix$ postmap /etc/postfix/transport

5) Restart the Postfix service:

/etc/postfix$ postfix reload

In the resulting log file, Google should now be addressed using an IP4 address:

postfix/smtp[29868]: 7F2544E1F88: to=<******@gmail.com>, orig_to=<****@¨¨¨¨>, relay=gmail-smtp-in.l.google.com[74.125.71.26]:25,
delay=0.44, delays=0.04/0.02/0.19/0.18, dsn=2.0.0, status=sent (250 2.0.0 OK 1455034326 wn4si49965897wjc.13 - gsmtp)

Live happily ever after – till IPv6 becomes mandatory, or ‘PTR’ records for that matter…