Hi,

We are having issues with our IPv6 being blocked by spamhaus, but I think we are being lopped in with someone else who is spamming, as I’ve requested removal. Linode have given me a whole block:

2a01:7e01:e001:843::/64

But I’m not sure what the method is to add this? I’ve done some research, and apparently (on Ubuntu 22.04), you edit:

/etc/netplan/01-netcfg.yaml

I changed it to:

network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: no
      dhcp6: no
      addresses:
        - 2a01:7e01:e001:843::1/64

Then did a reboot:

sudo netplan apply

But it still seems to want to use the old IPv6:

ip -6 addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    inet6 2a01:7e01::f03c:93ff:fe9e:1ce9/64 scope global dynamic mngtmpaddr noprefixroute
       valid_lft 5239sec preferred_lft 1639sec
    inet6 fe80::f03c:93ff:fe9e:1ce9/64 scope link
       valid_lft forever preferred_lft forever

2a01:7e01::f03c:93ff:fe9e:1ce9 is the old ipv6 we had. Am I missing something? I know this isn’t strictly a Hestia thing, but just thought I’d ask here =)

Cheers

Andy

This isnt gonna answer your question , but I dont believe hestia release versions support ipv6. This may or may not be an issue for you.

Thanks. I’ve actually managed to get ipv6 working pretty well on my servers. The main issue is around the nginx templates needing the different lines added to listen to ipv6. I’ve also enabled ipv6 in exim in exim4.conf.template:

disable_ipv6 = false

The issue is coming just from the fact our ipv6 is blacklisted for some reason on Spamhaus, so I’m trying to issue a new IP to see if that gets blacklisted as well (in which case, it’s a deeper issue) . According to Spamhaus:

NOTE: If your allocation is smaller than /64, we cannot remove it from CSS, and the situation needs to be corrected with the provider prior to requesting removal. For more information about IPv6, IP allocation, and industry standards, please see our FAQ. A spammer can cycle through IPv6 addresses every 5 seconds (or even faster, with custom kernels). Since an IPv6 /64 is twice the size of the entire IPv4 mask, lots of spam can be produced with very minimal effort. Thus, listing the whole /64 is warranted.

So I think the more likely cause, is that someone is sending out spam on another ipv6 in that (huge) range that will be shared with thousands of other servers, and this then falls on us (even though we are not the problem). So the fact we have been given a whole /64 block - but I just can’t work out how to use them

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.