(Re-send due to me accidentally sending with the wrong From: address,
apologies to the moderators for the noise.)
On 9/3/24 09:14, Thomas Groman wrote:
Is there any way to configure OpenSMTPd to relay to another mail server
only for outgoing emails to MXs that do not have IPv6 native addresses?
My current site has working IPv6, but the IPv4 connectivity is provided
by NAT64 which is then natted again by a CG-NAT. I am not able to
control the external CG-NAT address and it does not have a PTR record
set. IPv6 outgoing mail works just fine. My ISP does not have any more
IPv4 addresses to give out.
It would be very helpful if there was a way to relay outgoing mail to
IPv4 hosts only, instead of all or nothing. Currently I can only figure
out how to configure this to do an all or nothing.
Possibly not the answer you were looking for, but a possible work-around:
Is it possible to deploy a DNS64 server on the IPv6-only mail server
(e.g. `bind9`, `totd`) to map the IPv4 address space to a specific IPv6
ULA subnet (fd00::/8 space), then use IPv6 NAT to effectively DNAT TCP
port 25 connections to that subnet, to the IPv6 relay host?
Basically a firewall rule like:
ip6tables -t nat -A POSTROUTING -p tcp -d fd00:1111:2222::/64 \
--dport 25 -j DNAT --to-destination 2001:db8:aaaa:bbbb::1
or on OpenBSD pf.conf:
pass out on egress proto tcp from any to fd00:1111:2222::/64 port 25 \
nat-to 2001:db8:aaaa:bbbb::1
(Syntax likely isn't 100% correct… but hopefully the concept is there.)
It might also require a NAT64 daemon on there as well to catch non-SMTP
server traffic and route that to your IPv4 default route… but that might
allow you to "catch" the SMTP traffic and push it to a reachable
destination.
--
Stuart Longland (aka Redhatter, VK4MSL)
I haven't lost my mind...
...it's backed up on a tape somewhere.
