Dynamic temporary IPv6 addresses conflict with SPF rule

Hi all,
Ubuntu seems to assign itself temporary IPv6 addresses (within the server’s subnet), besides its static (MAC-address based) one. It uses such a temporary address for outward connections, but then a well-configured receiving server rejects the message, since my SPF record tells that only messages from ip address in my MX records are authentic. So I would think that either:

  1. My server should use its static ip also for outgoing connections (why need temporary addresses anyway? I would suppose mails servers do not need the bit of extra privacy…)
  2. The SPF record should tell that any IPs from the IPv6 subnet are authentic.

Would anyone have a clue how this could be configured correctly?


This should be fixed/working in the latest version.

This could also be responsible for the problem.

Thanks for the reply.The problem however still exists with v0.18b, which I suppose you referred to with ‘latest version’.

If the line you highlight sets the IP that we use for outgoing connections, should it perhaps say $PUBLIC_IPV6 rather than $PRIVATE_IPV6? At least for me, mailinabox calls my static IP ‘public’ and the temporary IP ‘private’ (though I am not sure if this is designed that way or picked by chance).

Sorta but not really. This is by design. Take a look at Why is nsd service listening on private IPv6 address? for why we do this.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.