Hello!

I had a similar problem starting OpenSMTPD at boot in CentOS 7.
Solved it by using *listen on 0.0.0.0* instead of *listen on eth0*

Good luck,
Reio

On 18.03.2018 14:54, Richard wrote:
On Sun, 18 Mar 2018, Harald Dunkel wrote:

problem using opensmtpd 6.0.3 on Debian: I have set

        xname=mailhost.example.com
        :
        limit mta inet4
        listen on lo tls pki $xname
        listen on eth0 tls pki $xname
        listen on eth1 tls pki $xname
        :

in smtpd.conf, but apparently this "limit" line ignored. At boot
time it tries to bind to a link-local IPv6 address. And this fails,
as strace shows:

:
695   setsockopt(11, SOL_SOCKET, SO_REUSEADDR, [1], 4 <unfinished ...>
695   <... setsockopt resumed> )        = 0
695   bind(11, {sa_family=AF_INET, sin_port=htons(25), 
sin_addr=inet_addr("10.0.0.2")}, 16 <unfinished ...>
695   <... bind resumed> )              = 0
695   socket(PF_INET6, SOCK_STREAM, IPPROTO_IP <unfinished ...>
695   <... socket resumed> )            = 12
695   setsockopt(12, SOL_SOCKET, SO_REUSEADDR, [1], 4 <unfinished ...>
695   <... setsockopt resumed> )        = 0
695   setsockopt(12, SOL_IPV6, IPV6_V6ONLY, [1], 4 <unfinished ...>
695   <... setsockopt resumed> )        = 0
695   bind(12, {sa_family=AF_INET6, sin6_port=htons(25), inet_pton(AF_INET6, 
"fe80::216:3aff:feca:38bb", &sin6_addr), sin6_flowinfo=0, 
sin6_scope_id=if_nametoindex("eth0")}, 28 <unfinished ...>
695   <... bind resumed> )              = -1 EADDRNOTAVAIL (Cannot assign 
requested address)
695   write(2, "pony express: smtpd: bind: Canno"..., 59 <unfinished ...>
695   <... write resumed> )             = 59
695   exit_group(1)                     = ?
695   +++ exited with 1 +++


"ip address show" (run immediately before smtpd) shows, that
the link-local address is still "tentative":

:
194: eth0@if195: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state 
UP group default qlen 1000
     link/ether 00:16:3a:ca:38:bb brd ff:ff:ff:ff:ff:ff
     inet 10.0.0.2/24 brd 10.0.0.255 scope global eth0
        valid_lft forever preferred_lft forever
     inet6 fe80::216:3aff:feca:38bb/64 scope link tentative
        valid_lft forever preferred_lft forever
:

If I try to run smtpd later, then it works.
It appears that "limit mta inet4" statement limits outgoing ipv6
connections but not incoming ipv6 connections...

Instead of the limit statement one might use a notation like this
which limits incoming and outgoing connections to ipv4 by interface:

        listen on lo inet4 tls pki $xname
        listen on eth0 inet4 tls pki $xname
        listen on eth1 inet4 tls pki $xname

Richard Narron


Reply via email to