Several of our new Exchange servers are failing to relay messages because it is communicating over IPv6 and not matching any receive connector I previously set up. I’m not sure how we are using IP6 since we only have a IPv4 network and we are routing across subnets.
I discovered this by typing
helo in from the source to the server that is confused by my IP6 address. I saw the IPv6 message and the custom message I gave this receive connector. (connectors with more permission have a different helo)
220 HUB01 client helo asdf 250 HUB01.nfp.com Hello [fe80::cd8:6087:7b1e:99d4%11]
More info about my environment:
I have two dedicated Exchange forests each with a distinct purpose. They have no trust and only communicate by SMTP. They both share the same DNS infrastructure via stub zones.
What are my options? This is my guess, but I’m no IPv6 expert so I don’t know which one is the best option
- Disable IPv6
- Add the IPv6 address to the whitelist (isn’t that IP dynamic?)
- Tell Exchange to use IPv4 instead
- Figure out why we are using IPv6 instead of IP4
In IPv6, addresses in the subnet
fe80::/10 are link-local addresses, (RFC 4291) and are automatically assigned on any interface on which IPv6 is enabled (which is by default in any modern operating system). These are roughly comparable to IPv4
169.254.0.0/16 link-local addresses, (RFC 3927) except that in IPv6, every interface always has a link-local address.
These addresses are only usable on the same subnet; they are not meant to be routed, and any halfway decent router will not even make the attempt. They also cannot be disabled; they are used for neighbor discovery, DHCPv6, and various other IPv6 internals.
For that reason it’s relatively safe to add
fe80::/10 to your whitelist, to accept connections from any host on your subnet.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.