Re: "limit mta inet4" is ignored, smtpd fails to start

[Richard]

On Sun, 18 Mar 2018, Harald Dunkel wrote:

> problem using opensmtpd 6.0.3 on Debian: I have set
>
>       xname=mailhost.example.com
>       :
>       limit mta inet4
>       listen on lo tls pki $xname
>       listen on eth0 tls pki $xname
>       listen on eth1 tls pki $xname
>       :
>
> in smtpd.conf, but apparently this "limit" line ignored. At boot
> time it tries to bind to a link-local IPv6 address. And this fails,
> as strace shows:
>
> :
> 695   setsockopt(11, SOL_SOCKET, SO_REUSEADDR, [1], 4 <unfinished ...>
> 695   <... setsockopt resumed> )        = 0
> 695   bind(11, {sa_family=AF_INET, sin_port=htons(25), 
> sin_addr=inet_addr("10.0.0.2")}, 16 <unfinished ...>
> 695   <... bind resumed> )              = 0
> 695   socket(PF_INET6, SOCK_STREAM, IPPROTO_IP <unfinished ...>
> 695   <... socket resumed> )            = 12
> 695   setsockopt(12, SOL_SOCKET, SO_REUSEADDR, [1], 4 <unfinished ...>
> 695   <... setsockopt resumed> )        = 0
> 695   setsockopt(12, SOL_IPV6, IPV6_V6ONLY, [1], 4 <unfinished ...>
> 695   <... setsockopt resumed> )        = 0
> 695   bind(12, {sa_family=AF_INET6, sin6_port=htons(25), inet_pton(AF_INET6, 
> "fe80::216:3aff:feca:38bb", &sin6_addr), sin6_flowinfo=0, 
> sin6_scope_id=if_nametoindex("eth0")}, 28 <unfinished ...>
> 695   <... bind resumed> )              = -1 EADDRNOTAVAIL (Cannot assign 
> requested address)
> 695   write(2, "pony express: smtpd: bind: Canno"..., 59 <unfinished ...>
> 695   <... write resumed> )             = 59
> 695   exit_group(1)                     = ?
> 695   +++ exited with 1 +++
>
>
> "ip address show" (run immediately before smtpd) shows, that
> the link-local address is still "tentative":
>
> :
> 194: eth0@if195: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue 
> state UP group default qlen 1000
>     link/ether 00:16:3a:ca:38:bb brd ff:ff:ff:ff:ff:ff
>     inet 10.0.0.2/24 brd 10.0.0.255 scope global eth0
>        valid_lft forever preferred_lft forever
>     inet6 fe80::216:3aff:feca:38bb/64 scope link tentative
>        valid_lft forever preferred_lft forever
> :
>
> If I try to run smtpd later, then it works.

It appears that "limit mta inet4" statement limits outgoing ipv6
connections but not incoming ipv6 connections...

Instead of the limit statement one might use a notation like this
which limits incoming and outgoing connections to ipv4 by interface:

       listen on lo inet4 tls pki $xname
       listen on eth0 inet4 tls pki $xname
       listen on eth1 inet4 tls pki $xname

Richard Narron

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org