Skip to content

Gmail and their IPv6 Security is spaghetti

I’ve been running a mail servers for 15 years. I’ve held on to the same domain names and IP addresses since .com opened up to the public. But with Google’s implementation of IPv6 security policies, I am now shut out from 26% of the e-mail network in America – that’s Gmail’s market share.

As Tanguy points out in his blog, Gmail servers are blocking incoming messages for no good reasons. Jari, has a different approach, but the same source of problem. Gmail gives zero consideration to non-gmail email. I have a Comcast e-mail address that cannot send messages through a Comcast SMTP server to a Gmail account… and Comcast is the LARGEST supplier of Internet service in the continental United States.

And according to actual people that work in the department at Google in charge of this mess, they have no better reasons. One of them hypothesizes that there is not enough “good” traffic between our servers that the algorithm may learn which messages to pass through and which ones are actually spam coming from spoofed smtp hosts.

Really? Statistically, there’s a 26% chance that one of my e-mails is meant for a Gmail user (in actuality, higher because I work with local schools who are on Google’s suite of services for education). So some spammers must be sending a thousand times more spam to Google users while spoofing my hostname and IP address? But I still get hundreds of spam in MY Gmail account. So what makes it possible for spammers’ messages to get through but not MINE? Sheer quantity?

Let me make it clear that I am FOR moving to IPv6. We need more IP addresses if we keep going this route in technology. The accompanying changes in protocols can make some of the more exploited parts of the current Internet more secure. But then, people don’t get to send birthday party invites or veteran’s benefits notices to Gmail users. It’s the implementations out there that suck.

Even if you set up SPF, DKIM, DMARC on outgoing messages, if your e-mail has “spammer-like behavior”, it gets rejected. Spam-like behavior includes, messages to multiple recipients. The threshold is TWO recipients.

By the way, as always, Alex at Topicdesk has an excellent tutorial on adding DKIM to your OS X Server 5.x. The only change with OS X Server 5.2 and up is that you must fix a bug(?) in amavisd-new 2.0.11. For OS X Server,

 #In /Applications/
 #Add at line 22852

And with OS X Server 5.x, SPF is already compiled into the mail system. You only need to add TXT records to your DNS entry.

If you’re running on older versions, Alex has a SPF tutorial also.

 #Example: Replace with your actual domainname and ipv4/ipv6 addresses
 domain.tld 3600 IN TXT v=spf1 ip4: ip6:1111:2222:3333:4444::/56 ~all

Notice one problem with the IPv6 address. If you lease one (1) static IPv4 address from your ISP, they’ll probably give you a /56 block of IPv6 addresses… that’s 4.7 sextillion hosts. They ALL have to point back to your server. If you’ve ever hosted reverse DNS, you’ll know that’s impossible to manage PTR records. And I think that’s where Google decided to authenticate using SPF instead of forcing admins to create 4.7 sextillion arpa records.

This was especially true in my case as my ISP’s transitional equipment would assign a random IPv6 address from the 4.7 sextillion possibilities to my single machine every day.

Of course, you must also use Google’s Postmaster Tools to generate a google-site-verification hash and add that as a TXT entry to your DNS records. This is fairly easy, but I don’t see how it verifies anything.

Posted in Confusion, English.

iPhone Has Full Bars but No Internet Connection

If an iPhone has full bars (shows 4G or LTE) and can make/receive phone calls but cannot get to the Internet (via Safari or any other IP app), then it’s a routing issue. Out of many routing issues, it MAY be that your cellular provider is having problems. BUT if all other devices (e.g. your friends and family’s) devices are working, then it is probably a routing issue with YOUR phone only.

There are several ways to troubleshoot routing issues on your phone.
1) Simply quit every app by swiping them away and turn your phone completely off, then back on. This will clear the cache and your phone may request the cellular provider for an alternate route.
2) Settings > General > Reset > Reset Network Settings. This will wipe out all network settings in addition to the network cache. Your iPhone WILL request the cellular provider for routing information as if it was new out of the box.

Now, there is a setting that will INHIBIT the iPhone from renewing the routing information from the cell provider – Data Roaming. For some reason, if you have Data Roaming turned ON, the cache is repopulated with roaming routing information. You have to turn Data Roaming OFF while attempting the above.

Posted in Apple, English.

2019 Cayenne Turbo fuse box confusion

I had a dashcam to install on a 2019 Cayenne Turbo. I needed a switched power source (ACC) and I thought I could pigtail off of something in the fuse box. I looked in the owner’s manual and found out that there was no fusebox on the passenger side which would have been closer to the desired dashcam position. So I went to the driver’s side and found that…

1. There is no legend or markings telling me the socket numbers
2. The fuses in the sockets don’t correspond to those in the manual

This happened on the 2008 Cayenne Turbo too. The “first year of production” models and their manuals don’t match up.

I couldn’t find a suitable switched power source anyways so I went to the fuse box under the dead-pedal. Same problem here; no markings and fuses are either missing where the manual say they should be or a fuse is in a position the manual doesn’t say there should be one.

Anyways, I made an educated guess and figured out that the middle column in the bottom row had to be “Row D” in the manual. I confirmed this by pulling the fuse from position #16 – Left headlight electronics. When I turned the ignition, a warning for “Left lo-beam…” showed up on the dash. The funny thing is the left headlight still worked without the fuse. It must be the automatic hi/lo beam sensor or some other PDLS feature unrelated to the regular lights.

So for those seeking a switched power source, you can use socket #15 and #16 (Right and Left headlight electronics). There IS enough height for piggy back adapters under the dead-pedal. If you’re using TWO piggy-back/add-a-circuit, BEWARE – the pigtail from #15 will interfere with #16. A little bit of plastic shaving/forming will be necessary. And no, you can’t flip one left-side-right either because the divider in the fusebox interferes with the piggy-back.

Good Luck!

Posted in Cars, English.

Delete last Admin user from OS X [10.6-10.12]

In “Delete All Users from Mac OS X [10.5]”, we outlined how to boot into Single User Mode and use Terminal commands to delete the last admin user from a Mac running OS X 10.5. The OpenDirectory system has seen some changes since then and the commands have changed too.

OpenDirectory has gone through some hack job of an update by Apple, and still retains error-check messages that you can safely ignore according to Apple’s own documentation (HT4749):

When running dscl(1) from Single User mode, you’ll see this message:

launchctl: Couldn't stat("/System/Library/LaunchDaemons/"): No such file or directory nothing found to load

This message can be safely ignored.

So the procedure is as follows:

Start your computer into Single User mode by holding Command-S during startup.

Check the startup disk

fsck -fy

Mount the root file system

mount -uw /

Launch DirectoryServices

launchctl load /System/Library/LaunchDaemons/

Delete the last admin

dscl . delete /Users/username

If you’d like to resuscitate the Setup Assistant

rm -rf /var/db/.AppleSetupDone

Posted in Apple, English.

How do I know if I have a BOOST rear hub?

So you want to get some new cranks on your bike but you’re unsure if you need BOOST compatible spacing on your cranks. Getting the correct crank spacing is especially important now-a-days with two piece systems that you have almost no way to adjust the chain ring distance in or out. The front chain ring must align with the median chain position of the rear cog-set to keep the chain-line within optimal angle so not to affect the Q-factor… it just makes for a better ride if the chain-line matches up.

The first clue that you have a BOOST compatible bike and rear hub is if your bike has some kind of marking or sticker saying it is “148 BOOST” – usually on the chain stay. The second clue would be if it came with a 148mm x 12mm thru-axle. To make sure, follow the flowchart below to find out.




O.L.D. = Over Lock-nut Distance

FTF = Flange To Flange

DONT just assume you have a boost compatible bike and hub because you have a 148 x 12 thru-axle, the axle insertion depth into the frame may be fudged to fit a narrower hub into the frame.

There are EXCEPTIONS. You will encounter bikes with GNOT-BOOST from Surly or future-proofed thread attachments from Raleigh. These bikes have a non-standard 145mm frame width in the rear and accommodates a ±3mm margin by simply having some flex in the frame.

Raleigh even provides a thru-axel that is technically too long for the old 142mm standard and can actually support a 148mm hub (although it’s labeled 142 O.L.D. x 12mm). A thread attachment that is independent from the frame sits on the outside of the frame loosely to compensate for the change in torque angle when the frame flexes.


Posted in English, Sidetracked.