DO Ideas 2

ICMP reject ports that DigitalOcean blocks on IPv6 (avoid SMTP timeouts)

DigitalOcean blocks some outgoing IPv6 connections (SMTP, notably: https://digitalocean.uservoice.com/forums/136585-digitalocean/suggestions/7190053-allow-smtp-over-ipv6).

Right now packets are simply dropped. This causes timeouts.

I'd suggest you guys reject with ICMP administrative packet, so there are no timeouts (and, as a bonus, we know what's going on).

Workaround to do this locally on each VM:
ip6tables -A OUTPUT -p tcp -m multiport --dports 25,109,110,143,465,587,993,995 -j REJECT --reject-with adm-prohibited -m comment --comment "Avoid timeouts on ports blocked by DigitalOcean"

  • Jacopo Corbetta
  • Sep 11 2018
  • Attach files