BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Any Postfix + ipv6 people out there?

Subject: [Discuss] Any Postfix + ipv6 people out there?
From: derek at ihtfp.com (Derek Atkins)
Date: Thu, 31 May 2012 13:25:46 -0400
In-reply-to: <CAFv2jcZTbswu3J2Ra9c7+ixyRw2tDGx=UaDY8SkvCgpJAM9JNw@mail.gmail.com>
References: <sjmy5o8s7su.fsf@mocana.ihtfp.org> <CAFv2jcZTbswu3J2Ra9c7+ixyRw2tDGx=UaDY8SkvCgpJAM9JNw@mail.gmail.com>

John,

On Thu, May 31, 2012 12:55 pm, John Abreau wrote:
> http://www.sixxs.net/wiki/Postfix
>
> "Unfortunately, by default, Postfix assumes you only want to accept
> IPv4 mail. So if you haven't explicitly enabled it, Postfix assumes
> the following configuration:

Thanks, but that's already been handled.  Postfix is v6 aware, and both
inet_interfaces and inet_protocols are set to "all".  My local hosts are
all connecting via v6 (which you can see in the log snippet below).  The
issue appears to be that postfix is not treating hosts coming from
link-local addresses as being on "mynetworks".  Either that or it's
complaining that there's no PTR record for the fe80:: address.

In either case it is most likely a postfix configuration issue, but I'm at
a loss for how to fix it.  I added [fe80::]/10 to mynetworks, but I
haven't been able to figure out how to get it to output more debugging to
tell me exactly which rules are affecting the mail.

-derek

>
> On Thu, May 31, 2012 at 11:13 AM, Derek Atkins <warlord at mit.edu> wrote:
>> Hi BLUers,
>>
>> I've been working on enabling IPv6 on my personal servers and I ran into
>> a strange issue last night when I enabled v6 on my mail server. ?All of
>> a sudden, all the rest of my local hosts that send daily logwatch emails
>> are being rejected (at least those that are v6-aware but don't have
>> public v6 addresses). ?It's as if the permit_mynetworks isn't working
>> anymore with link-local addresses.
>>
>> The error I get appears as if the smtpd_sender_restrictions is rejecting
>> the email, but it should accept it based on mynetworks:
>>
>> smtpd_sender_restrictions = permit_mynetworks,
>> ? ? ? ?permit_tls_clientcerts,
>> ? ? ? ?permit_sasl_authenticated,
>> ? ? ? ?check_sender_access hash:/etc/postfix/goodsender,
>> ? ? ? ?check_sender_access hash:/etc/postfix/badsender,
>> ? ? ? ?reject_unknown_sender_domain,
>> ? ? ? ?reject_non_fqdn_sender,
>> ? ? ? ?check_sender_access hash:/etc/postfix/sender_access,
>> ? ? ? ?reject_unverified_sender,
>> ? ? ? ?permit
>>
>> I haven't found a good way to debug postfix and have it log exactly why
>> the mail is being prevented. ?Here's the full log that I get in my
>> maillog:
>>
>> May 31 09:18:12 mail2 postfix/smtpd[26444]: connect from
>> unknown[fe80::20c:29ff:fecf:7df0%eth0]
>> May 31 09:18:12 mail2 postfix/smtpd[26444]: setting up TLS connection
>> from unknown[fe80::20c:29ff:fecf:7df0%eth0]
>> May 31 09:18:12 mail2 postfix/smtpd[26444]: Anonymous TLS connection
>> established from unknown[fe80::20c:29ff:fecf:7df0%eth0]: TLSv1 with
>> cipher DHE-RSA-AES256-SHA (256/256 bits)
>> May 31 09:18:12 mail2 postfix/smtpd[26444]: NOQUEUE: reject: RCPT from
>> unknown[fe80::20c:29ff:fecf:7df0%eth0]: 450 4.1.7 <root at host.dom.ain>:
>> Sender address rejected: unverified address: Address verification
>> failed; from=<root at host.dom.ain> to=<derek at dom.ain> proto=ESMTP
>> helo=<host.dom.ain>
>> May 31 09:18:12 mail2 postfix/smtpd[26444]: warning:
>> network_biopair_interop: error reading 5 bytes from the network:
>> Connection reset by peer
>> May 31 09:18:12 mail2 postfix/smtpd[26444]: disconnect from
>> unknown[fe80::20c:29ff:fecf:7df0%eth0]
>>
>> Any gurus around who can help me debug?
>>
>> Thanks,
>>
>> -derek
>>
>> --
>> ? ? ? Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>> ? ? ? Member, MIT Student Information Processing Board ?(SIPB)
>> ? ? ? URL: http://web.mit.edu/warlord/ ? ?PP-ASEL-IA ? ? N1NWH
>> ? ? ? warlord at MIT.EDU ? ? ? ? ? ? ? ? ? ? ? ?PGP key available
>> _______________________________________________
>> Discuss mailing list
>> Discuss at blu.org
>> http://lists.blu.org/mailman/listinfo/discuss
>
>
>
> --
> John Abreau / Executive Director, Boston Linux & Unix
> OLD GnuPG KeyID: D5C7B5D9 / Email: abreauj at gmail.com
> OLD GnuPG FP: 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99
> 2011 PGP KeyID: 32A492D8 / Email: abreauj at gmail.com
> 2011 PGP FP: 7834 AEC2 EFA3 565C A4B6 ?9BA4 0ACB AD85 32A4 92D8
>


-- 
       Derek Atkins                 617-623-3745
       derek at ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant

Follow-Ups:
- [Discuss] Any Postfix + ipv6 people out there?
  - From: hag at linnaean.org (Daniel Hagerty)

References:
- [Discuss] Any Postfix + ipv6 people out there?
  - From: warlord at MIT.EDU (Derek Atkins)
- [Discuss] Any Postfix + ipv6 people out there?
  - From: abreauj at gmail.com (John Abreau)

Prev by Date: [Discuss] SSD
Next by Date: [Discuss] Any Postfix + ipv6 people out there?
Previous by thread: [Discuss] Any Postfix + ipv6 people out there?
Next by thread: [Discuss] Any Postfix + ipv6 people out there?
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org