Service does not accept messages sent over IPv6 [2602:f8d5:a1:1::3]
cant receive email over ip6
Mail records
How to remove IP6 MX record attached ? we have added only IP4 MX record, how we have ip6 ?
as we seen many emails are resolved thru ip6 which has been rejected by MS 365.
BR
Classic XY Problem.
MS 365 is not blocking your emails, and IP addresses have nothing to do with why you’re not receiving emails in your Outlook mailbox.
Instead, you have two MX records for two different providers with the following priorities:
10 cnbcarabia-com.mail.protection.outlook.com.
0 mx.us.mailmarshal.cloud.
So your emails are going to MailMarshal, instead of MS365.
Delete the MailMarshal MX record to have your emails delivered to MS 365.
NB: If Trustwave MailMarshal is part of your email security solution, consult your provider for instructions to implement this properly, as your current implementation isn’t right.
You have added cnbcarabia-com.mail.protection.outlook.com as an Mx record. It has both IPv4 and IPv6 addresses associated with it as Microsoft Office 365 supports both. Issues with mail delivery via IPv6 should be directed to Microsoft as they maange their service.
We use MailMarshal for GW, and it was working fine, had no issues, now they point out that we have below additional record popped up (not sure if that’s the case)
is there any way we can stop IP6 MX record shown below? as i can’t see this record in our cloudflare dashboard
this show in mxtoolbox along with other 2 records **
** 10 cnbcarabia-com.mail.protection.outlook.com 2a01:111: f403:cc30::1
when emails are resolved thru IP4 MX records then we are receiving, if it is resolving thru IP6 then we have issues and we get this error “”“Server temporarily not accepting mail at END OF DATA - 450 4.7.26 Service does not accept messages sent over IPv6 [2602: f8d5: a1:1::3] unless they pass either SPF or DKIM validation”“”
below case we are not receiving. (this log is extracted from MailMarshal)
RX: 250-DX2PEPF000000D4.mail.protection.outlook.com Hello [2602: f8d5: a1:8001::2]
**in this case we received emails **
RX: 250-DX1PEPF000003F2.mail.protection.outlook.com Hello [52.165.84.16]
MX records are never IPv4 or IP6. They are hostnames. Cloudflare has no control over how those are resolved. Cloudflare is only providing the DNS that points your MX record to a hostname.
Here is how that hostname resolves in my area:
% host cnbcarabia-com.mail.protection.outlook.com
cnbcarabia-com.mail.protection.outlook.com has address 52.101.148.13
cnbcarabia-com.mail.protection.outlook.com has address 52.101.147.1
cnbcarabia-com.mail.protection.outlook.com has address 52.101.148.3
cnbcarabia-com.mail.protection.outlook.com has address 52.101.148.1
cnbcarabia-com.mail.protection.outlook.com has IPv6 address 2a01:111:f403:cc30::1
cnbcarabia-com.mail.protection.outlook.com has IPv6 address 2a01:111:f403:cc30::3
cnbcarabia-com.mail.protection.outlook.com has IPv6 address 2a01:111:f403:cc2f::
cnbcarabia-com.mail.protection.outlook.com has IPv6 address 2a01:111:f403:cc30::
If there is an issue connecting to an IPv6 address for mail, that is an issue between the provider sending the mail, and their connection to Outlook.com
The issue isn’t that it won’t accept mail via IPv6, it’s that the mail being forwarded isn’t passing validation for SPF or DKIM. You should work with your providers to create records which can pass those checks for a variety of reasons. MailMarshall should be able to assist with this I’d assume since they are the responsible MTA.
Microsoft did this thru PowerShell
Enable-IPv6ForAcceptedDomain -mydomain.com
lets see how this goes
thank you all
MS enabled IP6 to accept , will see if it works.
in mstoolbox i see hostname to ip6 MX record , from where this is populated ?
i checked few domains who uses MS 365 but they have only one MX resolving to IP4
BR
As both @cscharff and @sdayman have told you already:
It originates from Microsoft Office 365, e.g. the outlook.com domain.
→
As @cscharff also told you, the problem IS NOT the IPv6.
Stop worrying about the IPv6.
Contact Trustwave MailMarshal and ask them for assistance on how to set up proper DKIM signing, and SPF authentication on your own domain, for the email deliveries that you (attempt to) send through them.
If the message is forwarded through Trustwave MailMarshal, this will need to be escalated through the original sender of the message, so they can fix the issues with their (lack of) email authentication.
You will see the exact same kind of issues, if you’re attempting to send (or forward) messages towards Google (Gmail), and many other of the large providers, if you’re not fixing the (missing) email authentication.
thanks , sure will do
Disabled IP6 thru PowerShell from exchange online, which removed MX resolving to IP6 Host and everything is back to normal now.
This is enabled automatically as part of MS allocating IP6 to all exchange online domains.
will check SPF, DKIM validation to incoming emails gradually.
Thank you all.
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.