Re: relay host with ipv6 ?

[Stéphane Guedon]

I just tested all the connections on the server (port 25 and 587 for 
regular mail service) and they are all this way.

I mean, shouldn't starttls be this way ? This is different from smtps.
Thank you for the help.

On 10.12.2025 17.09, Zé Loff wrote:
On Wed, Dec 10, 2025 at 04:22:06PM +0100, Stéphane Guedon wrote:
I have this conf' in host blackblock :

ip6 = "2a05:f6c7:de1::2"
listen on $ip6  tag SAFE        tls-require     pki blackblock  port 10027

Blackblock listen on the proper port :

debug: smtp: listen on [2a05:f6c7:de1::2] port 10027 flags 0x421


And this in host dina :

action "relay" relay host smtp+tls://[2a05:f6c7:de1::2]:10027 pki dina tls
protocols secure src 2603:c026:306:9211:f:10d:c:9f55

Here is dina trying to send mail through the relay :

debug: mta: ... got source for 
[relay:[2a05:f6c7:de1::2],port=10027,smtp+tls,pki_name=dina,mx,sourcetable=<dynamic:2>]:
[2603:c026:306:9211:f:10d:c:9f55]
debug: mta: connecting with 
[connector:[2603:c026:306:9211:f:10d:c:9f55]->[relay:[2a05:f6c7:de1::2],port=10027,smtp+tls,pki_name=dina,mx,sourcetable=<dynamic:2>],0x8]
debug: mta: connector error
debug: mta: draining 
[relay:[2a05:f6c7:de1::2],port=10027,smtp+tls,pki_name=dina,mx,sourcetable=<dynamic:2>]
refcount=1, ntask=3, nconnector=1, nconn=0
debug: 
mta_flush([relay:[2a05:f6c7:de1::2],port=10027,smtp+tls,pki_name=dina,mx,sourcetable=<dynamic:2>],
82, "Network error on destination MXs")
0000000000000000 mta delivery evpid=bf322e2a7fd910bd from=<>
to=<steph...@dina.22decembre.eu> rcpt=<-> source="-"
relay="[2a05:f6c7:de1::2]" delay=6m51s result="TempFa
il" stat="Network error on destination MXs"
0000000000000000 mta delivery evpid=d7e4032361bb147c from=<>
to=<steph...@dina.22decembre.eu> rcpt=<-> source="-"
relay="[2a05:f6c7:de1::2]" delay=6m51s result="TempFa
il" stat="Network error on destination MXs"
0000000000000000 mta delivery evpid=e74a3ace7ad6ad03 from=<>
to=<steph...@dina.22decembre.eu> rcpt=<-> source="-"
relay="[2a05:f6c7:de1::2]" delay=6m51s result="TempFa
il" stat="Network error on destination MXs"
debug: mta: freeing 
[relay:[2a05:f6c7:de1::2],port=10027,smtp+tls,pki_name=dina,mx,sourcetable=<dynamic:2>]
debug: mta: freeing 
[connector:[2603:c026:306:9211:f:10d:c:9f55]->[relay:[2a05:f6c7:de1::2],port=10027,smtp+tls,pki_name=dina,mx,sourcetable=<dynamic:2>],0x8]
debug: mta: flush for e74a3ace7ad6ad03 (-> steph...@dina.22decembre.eu)
debug: mta: flush for d7e4032361bb147c (-> steph...@dina.22decembre.eu)


And yet I can do telnet from Dina to Blackblock :

dina$ telnet -6 blackblock.22decembre.eu 10027
Trying 2a05:f6c7:de1::2...
Connected to blackblock.22decembre.eu.
Escape character is '^]'.
220 blackblock.22decembre.eu ESMTP OpenSMTPD
This is a connection *without* TLS.

I cannot figure out where is it I am wrong.

On 10.12.2025 13.33, Crystal Kolipe wrote:
On Tue, Dec 09, 2025 at 05:32:24PM +0100, Stphane Guedon wrote:
When looking at the manual to smtpd.conf, on "action" and "relay" nothing
says the relay host has to be ipv4.

Yet, when writing my conf', it definitely looks like not to be possible to
relay to an ipv6-only host (in my case, I wanted to dedicate a specific ipv6
address on the relay host).
What exactly is the problem you're having?

We have various setups with IPv6 only relay hosts, so it's definitely
possible.

Is it possible that the relay function only sends mail to ipv4 addresses ?
No, it's not exclusive to IPv4, IPv6 is supported.