On Thu, Apr 18, 2024 at 12:18:04PM +0200, Philipp wrote:
> Hi
Hi, sorry about the delay.
> [2024-04-16 16:44] "James J. Lippard" <lippard-opensm...@discord.org>
> > I run dual-stack IPv6/IPv4 networks, including mail servers. On occasion
> > I may not have IPv6 connectivity, but have IPv4 connectivity. When that
> > happens, I find that my mail queue accumulates mail that arrives over
> > IPv6, but cannot be sent out on an IPv6 interface.
>
> Which IP version was used to enqueue a mail is indipendent from the
> IP version used to relay a mail. Also for most cases dual stack just
> works(tm) when using hostnames with A and AAAA records and use "listen on"
> with interface name.
It is likely I've created some dependency with overcomplication -- I'm
doing split horizon DNS as well as dual-stack IPv4/v6 , and am also
listening on IPv6 unique local addresses rather than the public
addresses that correspond to the public DNS names. I'll have to see
if I can simplify it and still run into issues.
I attempted to change the "src" on my outbound relay actions to use a
single DNS name with the correct outbound IPv4 and IPv6 addresses:
action "relayext" relay host <relay-hosts> src smtp-ext.domain.com helo
smtp.domain.com pki "smtp.domain.com" ca "my-ca"
which led to the error:
smtpd[60955]: warn: Failed to get source address for
[relay:[mx.domain.com],port=587,smtp+tls,pki_name=smtp.domain.com,mx,sourcetable=<dynamic:0>,heloname=smtp.domain.com]
This then leads to stat="No valid route to destination" and
result="TempFail" on the mta delivery.
All works fine if I continue to have separate v4/v6 actions to relay
using IP address instead of DNS name. This is still with separate
listens for v4 and v6.
It looks like the issue here may be caused by smtp.domain.com--the
name used for helo and pki but not for the IP address to send
from--not being in internal DNS? But if that's the case, why does it work fine
if I use an IP address instead of an FQDN for "src"? Is the logic that
it is picking address family for the outbound connection on the src address,
if evident, but then using helo or pki if src is a FQDN with both AAAA and A
records?
> > (1) How to relay both IPv4/IPv6 outbound mail, regardless of whether it
> > came to the mail server via IPv4 or IPv6?
> >
> > Is it possible to set up a relay action that works with either IPv6 or
> > IPv4, perhaps with a preference for one or the other? I've tried
> > using "src <IPv4-addr>|<IPv6-addr>" on my relay action, but this
> > results in "No valid route to destination" errors (apparently due to
> > the name resolution on the smtp+tls:// URL returning the address from
> > the family opposite the selected src interface?).
> >
> > I'd like inbound mail to come in via IPv4 or IPv6 and go out with a
> > preference for IPv6 but still work with IPv4 if IPv6 is unavailable.
>
> I don't understand what what exactly is the problem. Can you share your
> config and a short explanation what you want to achive? Some logs
> showing the problem could also help.
>
> > (2) How to set up a secondary relay to use if a destination relay is
> > unavailable?
> >
> > Is it possible to define multiple relay hosts in one action, or to
> > specify that a second relay action is to occur in the event of failure
> > of the first using match rules?
>
> The host option of action relay takes a table. So you can simply specify
> multible relay-urls with something like:
>
> > { smtp+tls://hosta.example.com , smtp+tls://hostb.example.com }
This works great, thank you.
--
Jim Lippard lipp...@discord.org http://www.discord.org/
GPG Key ID: 0x99FD5CD6
