So something to try is disable all IPv6 support on the network interface. Interesting! Probably saves a little RAM too.
You weren’t confusing, I didn’t interpret well enough.
So did you recompile your kernel to disable IPv6 support? I’ve read up on this for CentOS and RHEL but there seems to be a variety of techniques with various results.
Btw, in Nodeworx under Settings ‘Qmail sender IP’ was off when in the past I would turn it on. I turned it back on. SNI support for virtual hosts has been on. Assuming I don’t have a certificate issue causing bounces, I’m focusing now on any IPv6 pitfalls.
Hi Sysnop
Many thanks, all we did for IPV6 turnoff was set this option in ifcfg-eth0, ifcfg-eth1 etc… (not needed for virtual IP) IPV6INIT=no
, and restart network. (/etc/sysconfig/network-scripts)
This then disables IPV6 at network level, but please ensure you have additional access into server in case the network does not come back up.
Hope that helps a little
Many thanks
John
Hi John,
Thanks for the info, I’ll make the edits in the next day or so and report back. If I break the network there’s a console for access.
You’ve been a big help. I’m enlightened about IPv6, for starters.
Richard
Likewise there’s no starttlsciphers file for my distro (CentOS 6.5) but possibly others. However, I just pasted the short cipher instructions posted in this thread over the longer one in the tlsservercipers file. Messages to an Apple domain appear to have sent right out. Prior to changing the file the messages were still queued. Is that your experience?
Hi sysnop
Excellent news and I’ve just updated on of our system to release version, so I’ll check the same file to see if it’s moved from beta yet.
Also, if you have updated IW to ver 15, you may want to check your SSL session cache, I don’t think this has been updated on permission yet, so if you have this failure, just ssh and run chmod 711 /var/log/httpd and you should be good to go
Many thanks
John
Mail transport to Apple servers is fixed and I’ve disabled IPv6 as far as i can tell. No new bounces and I’ll wait for the next failure notice before adjust anything else. I’m sure everyone is preoccupied with bash this week anyway.