John, On Thu, May 31, 2012 12:55 pm, John Abreau wrote: > http://www.sixxs.net/wiki/Postfix > > "Unfortunately, by default, Postfix assumes you only want to accept > IPv4 mail. So if you haven't explicitly enabled it, Postfix assumes > the following configuration:
Thanks, but that's already been handled. Postfix is v6 aware, and both inet_interfaces and inet_protocols are set to "all". My local hosts are all connecting via v6 (which you can see in the log snippet below). The issue appears to be that postfix is not treating hosts coming from link-local addresses as being on "mynetworks". Either that or it's complaining that there's no PTR record for the fe80:: address. In either case it is most likely a postfix configuration issue, but I'm at a loss for how to fix it. I added [fe80::]/10 to mynetworks, but I haven't been able to figure out how to get it to output more debugging to tell me exactly which rules are affecting the mail. -derek > > On Thu, May 31, 2012 at 11:13 AM, Derek Atkins <[email protected]> wrote: >> Hi BLUers, >> >> I've been working on enabling IPv6 on my personal servers and I ran into >> a strange issue last night when I enabled v6 on my mail server. All of >> a sudden, all the rest of my local hosts that send daily logwatch emails >> are being rejected (at least those that are v6-aware but don't have >> public v6 addresses). It's as if the permit_mynetworks isn't working >> anymore with link-local addresses. >> >> The error I get appears as if the smtpd_sender_restrictions is rejecting >> the email, but it should accept it based on mynetworks: >> >> smtpd_sender_restrictions = permit_mynetworks, >> permit_tls_clientcerts, >> permit_sasl_authenticated, >> check_sender_access hash:/etc/postfix/goodsender, >> check_sender_access hash:/etc/postfix/badsender, >> reject_unknown_sender_domain, >> reject_non_fqdn_sender, >> check_sender_access hash:/etc/postfix/sender_access, >> reject_unverified_sender, >> permit >> >> I haven't found a good way to debug postfix and have it log exactly why >> the mail is being prevented. Here's the full log that I get in my >> maillog: >> >> May 31 09:18:12 mail2 postfix/smtpd[26444]: connect from >> unknown[fe80::20c:29ff:fecf:7df0%eth0] >> May 31 09:18:12 mail2 postfix/smtpd[26444]: setting up TLS connection >> from unknown[fe80::20c:29ff:fecf:7df0%eth0] >> May 31 09:18:12 mail2 postfix/smtpd[26444]: Anonymous TLS connection >> established from unknown[fe80::20c:29ff:fecf:7df0%eth0]: TLSv1 with >> cipher DHE-RSA-AES256-SHA (256/256 bits) >> May 31 09:18:12 mail2 postfix/smtpd[26444]: NOQUEUE: reject: RCPT from >> unknown[fe80::20c:29ff:fecf:7df0%eth0]: 450 4.1.7 <[email protected]>: >> Sender address rejected: unverified address: Address verification >> failed; from=<[email protected]> to=<[email protected]> proto=ESMTP >> helo=<host.dom.ain> >> May 31 09:18:12 mail2 postfix/smtpd[26444]: warning: >> network_biopair_interop: error reading 5 bytes from the network: >> Connection reset by peer >> May 31 09:18:12 mail2 postfix/smtpd[26444]: disconnect from >> unknown[fe80::20c:29ff:fecf:7df0%eth0] >> >> Any gurus around who can help me debug? >> >> Thanks, >> >> -derek >> >> -- >> Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory >> Member, MIT Student Information Processing Board (SIPB) >> URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH >> [email protected] PGP key available >> _______________________________________________ >> Discuss mailing list >> [email protected] >> http://lists.blu.org/mailman/listinfo/discuss > > > > -- > John Abreau / Executive Director, Boston Linux & Unix > OLD GnuPG KeyID: D5C7B5D9 / Email: [email protected] > OLD GnuPG FP: 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99 > 2011 PGP KeyID: 32A492D8 / Email: [email protected] > 2011 PGP FP: 7834 AEC2 EFA3 565C A4B6 9BA4 0ACB AD85 32A4 92D8 > -- Derek Atkins 617-623-3745 [email protected] www.ihtfp.com Computer and Internet Security Consultant _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
