IPv6 Addresses causing Exchange Relay whitelists to fail

CHI Coder 007 asked:

Several of our new Exchange servers are failing to relay messages because it is communicating over IPv6 and not matching any receive connector I previously set up. I’m not sure how we are using IP6 since we only have a IPv4 network and we are routing across subnets.

I discovered this by typing helo in from the source to the server that is confused by my IP6 address. I saw the IPv6 message and the custom message I gave this receive connector. (connectors with more permission have a different helo)

220 HUB01 client
helo asdf
250 HUB01.nfp.com Hello [fe80::cd8:6087:7b1e:99d4%11]

More info about my environment:

I have two dedicated Exchange forests each with a distinct purpose. They have no trust and only communicate by SMTP. They both share the same DNS infrastructure via stub zones.

What are my options? This is my guess, but I’m no IPv6 expert so I don’t know which one is the best option

  • Disable IPv6
  • Add the IPv6 address to the whitelist (isn’t that IP dynamic?)
  • Tell Exchange to use IPv4 instead
  • Figure out why we are using IPv6 instead of IP4

My answer:

In IPv6, addresses in the subnet fe80::/10 are link-local addresses, (RFC 4291) and are automatically assigned on any interface on which IPv6 is enabled (which is by default in any modern operating system). These are roughly comparable to IPv4 link-local addresses, (RFC 3927) except that in IPv6, every interface always has a link-local address.

These addresses are only usable on the same subnet; they are not meant to be routed, and any halfway decent router will not even make the attempt. They also cannot be disabled; they are used for neighbor discovery, DHCPv6, and various other IPv6 internals.

For that reason it’s relatively safe to add fe80::/10 to your whitelist, to accept connections from any host on your subnet.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.