Re: relay host with ipv6 ?

Sun, 14 Dec 2025 23:41:27 -0800 


On 15.12.2025 03.24, Thomas Bohl wrote:

I suppose it's best indeed. Here is blackblock's conf (the main 
server) https://pastebin.com/nAKFADH9


(Please post it on list the next time.)
..
listen on $ip6 inet6      port 10027 filter rspamd
..

That is a clear text connection only. Try

listen on $ip6 port 10027 smtps \
     hostname blackblock.22decembre.eu \
     pki blackblock


Ok, I did it, it did not change anything.


and forgo "filter rpsmad" for now.



I assume you block connections to 10027 from the internet? Because I 
tried and can't connect.



Yes, but I just opened it further (on ipv6) for the time of debugging. 
You should be able to connect now, at least feel free to try.





Here is Dina's conf (backup)
https://pastebin.com/4ea7QgzU


action "relay" relay \
     host smtps://blackblock.22decembre.eu:10027 \
     src 2603:c026:306:9211::300


I believe "pki dina" is not necessary here since you are not 
authenticating.


Ok.


As of now, dina still cannot send mail to blackblock. Here is one 
message trapped in the queue. The "AF mismatch" is present in all the 
queue holdings and is why I thought it was an ipv6 trouble at first.



f72ba3523e8dbf6b|local|mta|auth|[email protected]|[email protected]|[email protected]|1765499410|1765499410|0|25|pending|8123|Address 
family mismatch on destination MXs





action "relay" relay host smtp+tls://blackblock.22decembre.eu:10027 
pki dina tls

protocols secure src 2603:c026:306:9211:f:10d:c:9f55


Yes


That is not the IP shown in the logs though. So it can't be.






To bad that OpenBSD's "openssl s_client" doesn't have the -bind option 
or I would have asked for the output of



openssl s_client -connect blackblock.22decembre.eu:10027 -bind 
[2603:c026:306:9211::300]




Indeed. Should I give you a tcpdump (or something else) ?

Here is the current result  without bind :

dina$ openssl s_client -6 -connect blackblock.22decembre.eu:10027
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R13
verify return:1
depth=0 CN = blackblock.22decembre.eu
verify return:1
---
Certificate chain
 0 s:/CN=blackblock.22decembre.eu
   i:/C=US/O=Let's Encrypt/CN=R13
 1 s:/C=US/O=Let's Encrypt/CN=R13
   i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
---

(it goes further...)






























					Reply via email to