subject:"\"Alternating\" IPv4 \/ IPv6 connections"

Re: "Alternating" IPv4 / IPv6 connections

2022-05-09 Thread Wietse Venema

Nikolaos Milas:
> Hello,
> 
> In our setup we have two mail gateway servers accepting incoming mail 
> (mailgw1.noa.gr [primary] and mailgw3.noa.gr), filtering mail (using 
> postscreen, amavis, spamassassin, clamav) and forwarding to the internal 
> mail server (vmail2.noa.gr) where user mailboxes lie.
> 
> All servers are running postfix 3.7.0.
> 
> I am trying to investigate why our mail gateway servers (mailgw1 and 
> mailgw3) sometimes connect over IPv6 and some other times connect over 
> IPv4 to deliver mail to vmail2.

I received complaints when some Linux distro shipped Postfix with
IPv4 and IPv6 support turned on. Under specific confitions, sites
could no longer send mail to destinations with IPv6+IPv4 primary
MX addresses even if those destinations were perfectly reachable
over IPv4.

- Postfix would never try IPv4, because it was configured to prefer
  IPv6, and the number of a destination's IPv6 primary MX addresses
  was >= than $smtp_mx_address_limit.

- Postfix IPv6 support was on, but the host had no IPv6 connectivity.

- Not reported, but plausible: IPv6 was tunneled over IPv4, and
  IPv6 came from a different provider. Thus, IPv6 could go down
  while IPv4 still worked.

You get a similar result, failure to connect over IPv6, when Postfix
is configured to prefer IPv4, and IPv4 is down while IPv6 is up.

When Postfix IPv4 and IPv6 support are turned on, these Postfix
default settings will keep mail flowing as long as at least one of
the two protocols works:

smtp_address_preference = any

smtp_balance_inet_protocols = yes

If you must force IPv6 delivery, then I would recommend using a
dedicated SMTP client in transport_maps that overrides the above
settings (with "-o inet_protocols=ipv6").

I would STRONGLY advise not to override these defaults for email
deliveries across the internet or else Postfix will fail to try To
deliver over IPV6 (or IPv4) when the other procotol is down.

Wietse

Re: "Alternating" IPv4 / IPv6 connections

2022-05-09 Thread Nikolaos Milas


On 9/5/2022 3:39 μ.μ., Nikolaos Milas wrote:

As an example I am listing below some successive log entries 
(collated, usernames modified). 


For your reference, I am posting below the log entries (usernames 
modified consistently) of the same sessions (which I listed in my 
original message), as logged at mailgw1.noa.gr


(You will notice that each session includes local delivery to amavis and 
return back for final deliver to vmail2.noa.gr):


May 03 07:23:50 mailgw1 postfix/smtpd[195932]: connect from 
a10-227.smtp-out.amazonses.com[54.240.10.227]
May 03 07:23:51 mailgw1 postfix/smtpd[195932]: Anonymous  connection 
established from a10-227.smtp-out.amazonses.com[54.240.10.227]: TLSv1.2 
with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)
May 03 07:23:51 mailgw1 postfix/smtpd[195932]: 4Ksn0768SXzLyyK: 
client=a10-227.smtp-out.amazonses.com[54.240.10.227]
May 03 07:23:52 mailgw1 postfix/cleanup[196401]: 4Ksn0768SXzLyyK: 
message-id=<010001808828f889-bcb7b94b-b241-41c4-879f-353d04ea2966-000...@email.amazonses.com>
May 03 07:23:52 mailgw1 postfix/qmgr[193390]: 4Ksn0768SXzLyyK: 
from=<010001808828f889-bcb7b94b-b241-41c4-879f-353d04ea2966-000...@bounce.academia-mail.com>, 
size=61693, nrcpt=1 (queue active)
May 03 07:23:54 mailgw1 postfix/smtpd[196404]: connect from 
localhost[127.0.0.1]
May 03 07:23:54 mailgw1 postfix/smtpd[196404]: 4Ksn0B16bmzM016: 
client=localhost[127.0.0.1]
May 03 07:23:54 mailgw1 postfix/cleanup[196401]: 4Ksn0B16bmzM016: 
message-id=<010001808828f889-bcb7b94b-b241-41c4-879f-353d04ea2966-000...@email.amazonses.com>
May 03 07:23:54 mailgw1 postfix/qmgr[193390]: 4Ksn0B16bmzM016: 
from=<010001808828f889-bcb7b94b-b241-41c4-879f-353d04ea2966-000...@bounce.academia-mail.com>, 
size=62726, nrcpt=1 (queue active)
May 03 07:23:54 mailgw1 postfix/lmtp[196406]: 4Ksn0768SXzLyyK: 
to=, relay=127.0.0.1[127.0.0.1]:10024, delay=2.8, 
delays=0.95/0/0.01/1.8, dsn=2.0.0, status=sent (250 2.0.0 from 
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4Ksn0B16bmzM016)

May 03 07:23:54 mailgw1 postfix/qmgr[193390]: 4Ksn0768SXzLyyK: removed
May 03 07:23:54 mailgw1 postfix/smtpd[196404]: connect from 
localhost[127.0.0.1]
May 03 07:23:54 mailgw1 postfix/smtpd[196404]: 4Ksn0B16bmzM016: 
client=localhost[127.0.0.1]
May 03 07:23:54 mailgw1 postfix/cleanup[196401]: 4Ksn0B16bmzM016: 
message-id=<010001808828f889-bcb7b94b-b241-41c4-879f-353d04ea2966-000...@email.amazonses.com>
May 03 07:23:54 mailgw1 postfix/qmgr[193390]: 4Ksn0B16bmzM016: 
from=<010001808828f889-bcb7b94b-b241-41c4-879f-353d04ea2966-000...@bounce.academia-mail.com>, 
size=62726, nrcpt=1 (queue active)
May 03 07:23:54 mailgw1 postfix/smtp[196405]: 4Ksn0B16bmzM016: 
to=, relay=vmail2.noa.gr[2001:648:2011:15::166]:25, 
delay=0.41, delays=0.05/0/0.04/0.32, dsn=2.0.0, status=sent (250 2.0.0 
Ok: queued as 3EA3681E8C1DE)

May 03 07:23:54 mailgw1 postfix/qmgr[193390]: 4Ksn0B16bmzM016: removed

May 03 07:24:15 mailgw1 postfix/smtpd[195934]: connect from 
66-220-155-141.mail-mail.facebook.com[66.220.155.141]
May 03 07:24:15 mailgw1 postfix/smtpd[195934]: Anonymous TLS connection 
established from 66-220-155-141.mail-mail.facebook.com[66.220.155.141]: 
TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange 
X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
May 03 07:24:15 mailgw1 postfix/smtpd[195934]: 4Ksn0b6C9dzLyyK: 
client=66-220-155-141.mail-mail.facebook.com[66.220.155.141]
May 03 07:24:16 mailgw1 postfix/cleanup[196401]: 4Ksn0b6C9dzLyyK: 
message-id=
May 03 07:24:16 mailgw1 postfix/qmgr[193390]: 4Ksn0b6C9dzLyyK: 
from=, size=24266, nrcpt=1 (queue active)
May 03 07:24:17 mailgw1 postfix/smtpd[195932]: disconnect from 
a10-227.smtp-out.amazonses.com[54.240.10.227] ehlo=2 starttls=1 mail=1 
rcpt=1 data=1 quit=1 commands=7
May 03 07:24:17 mailgw1 postfix/smtpd[196411]: connect from 
localhost[127.0.0.1]
May 03 07:24:17 mailgw1 postfix/smtpd[196411]: 4Ksn0d20kHzM019: 
client=localhost[127.0.0.1]
May 03 07:24:17 mailgw1 postfix/cleanup[196401]: 4Ksn0d20kHzM019: 
message-id=
May 03 07:24:17 mailgw1 postfix/qmgr[193390]: 4Ksn0d20kHzM019: 
from=, size=25399, nrcpt=1 (queue active)
May 03 07:24:17 mailgw1 postfix/lmtp[196402]: 4Ksn0b6C9dzLyyK: 
to=, relay=127.0.0.1[127.0.0.1]:10024, delay=1.7, 
delays=0.5/0/0.01/1.2, dsn=2.0.0, status=sent (250 2.0.0 from 
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4Ksn0d20kHzM019)

May 03 07:24:17 mailgw1 postfix/qmgr[193390]: 4Ksn0b6C9dzLyyK: removed
May 03 07:24:17 mailgw1 postfix/smtp[196405]: 4Ksn0d20kHzM019: 
to=, relay=vmail2.noa.gr[2001:648:2011:15::166]:25, 
delay=0.16, delays=0.01/0/0.04/0.1, dsn=2.0.0, status=sent (250 2.0.0 
Ok: queued as 5415981E8C1DE)

May 03 07:24:17 mailgw1 postfix/qmgr[193390]: 4Ksn0d20kHzM019: removed


May 03 07:24:22 mailgw1 postfix/smtpd[195934]: connect from 
mx0a-0d04.pphosted.com[148.163.149.245]
May 03 07:24:23 mailgw1 postfix/smtpd[195934]: Anonymous TLS connection 
established from mx0a-0d04.pphosted.com[148.163.149.245]: TLSv1.2

Re: "Alternating" IPv4 / IPv6 connections

2022-05-09 Thread Nikolaos Milas


On 9/5/2022 3:39 μ.μ., Nikolaos Milas wrote:
In our setup we have two mail gateway servers accepting incoming mail 
(mailgw1.noa.gr [primary] and mailgw3.noa.gr), filtering mail (using 
postscreen, amavis, spamassassin, clamav) and forwarding to the 
internal mail server (vmail2.noa.gr) where user mailboxes lie.

...


Transport is configured as follows (on mailgw1 and mailgw3 servers):

/etc/postfix/transportmap:

noa.gr  relay:[vmail2.noa.gr]
admin.noa.gr    relay:[vmail2.noa.gr]
nestor.noa.gr   relay:[vmail2.noa.gr]
space.noa.gr    relay:[vmail2.noa.gr]
meteo.noa.gr    relay:[vmail2.noa.gr]
gein.noa.gr relay:[vmail2.noa.gr]
technet.noa.gr  relay:[vmail2.noa.gr]
astro.noa.gr    relay:[vmail2.noa.gr]
hesperia-space.eu   relay:[vmail2.noa.gr]

If any additional information is required, I will be happy to share it 
with you.


Thanks,
Nick

"Alternating" IPv4 / IPv6 connections

2022-05-09 Thread Nikolaos Milas


Hello,

In our setup we have two mail gateway servers accepting incoming mail 
(mailgw1.noa.gr [primary] and mailgw3.noa.gr), filtering mail (using 
postscreen, amavis, spamassassin, clamav) and forwarding to the internal 
mail server (vmail2.noa.gr) where user mailboxes lie.


All servers are running postfix 3.7.0.

I am trying to investigate why our mail gateway servers (mailgw1 and 
mailgw3) sometimes connect over IPv6 and some other times connect over 
IPv4 to deliver mail to vmail2.


As an example I am listing below some successive log entries (collated, 
usernames modified).


Why does this happen? I would expect all connections to be made using 
IPv6, since it is preferred over IPv4. Why all connections do not use IPv6?


Can you please help me to understand and correct any settings if/where 
needed?


At the bottom I list the output of postconf -n for mailgw1 and vmail2.

Log entries follow:

May 03 07:23:54 vmail2 postfix/smtpd[24699]: connect from 
mailgw1.noa.gr[2001:648:2ffc:1115::27]
May 03 07:23:54 vmail2 postfix/smtpd[24699]: Anonymous TLS connection 
established from mailgw1.noa.gr[2001:648:2ffc:1115::27]: TLSv1.3 with 
cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 
server-signature RSA-PSS (4096 bits) server-digest SHA256
May 03 07:23:54 vmail2 postfix/smtpd[24699]: 3EA3681E8C1DE: 
client=mailgw1.noa.gr[2001:648:2ffc:1115::27]
May 03 07:23:54 vmail2 postfix/cleanup[22675]: 3EA3681E8C1DE: 
message-id=<010001808828f889-bcb7b94b-b241-41c4-879f-353d04ea2966-000...@email.amazonses.com>
May 03 07:23:54 vmail2 postfix/qmgr[27646]: 3EA3681E8C1DE: 
from=<010001808828f889-bcb7b94b-b241-41c4-879f-353d04ea2966-000...@bounce.academia-mail.com>, 
size=63158, nrcpt=1 (queue active)
May 03 07:23:54 vmail2 postfix/smtpd[24699]: disconnect from 
mailgw1.noa.gr[2001:648:2ffc:1115::27] ehlo=2 starttls=1 mail=1 rcpt=1 
data=1 quit=1 commands=7
May 03 07:23:54 vmail2 postfix/lmtp[22677]: 3EA3681E8C1DE: 
to=, relay=vmail2.noa.gr[private/dovecot-lmtp], 
delay=0.35, delays=0.31/0.002/0.001/0.034, dsn=2.0.0, status=sent (250 
2.0.0  YC2SIVqucGJvYgAAcV+qjQ Saved)

May 03 07:23:54 vmail2 postfix/qmgr[27646]: 3EA3681E8C1DE: removed

May 03 07:24:17 vmail2 postfix/smtpd[24699]: connect from 
mailgw1.noa.gr[2001:648:2ffc:1115::27]
May 03 07:24:17 vmail2 postfix/smtpd[24699]: Anonymous TLS connection 
established from mailgw1.noa.gr[2001:648:2ffc:1115::27]: TLSv1.3 with 
cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 
server-signature RSA-PSS (4096 bits) server-digest SHA256
May 03 07:24:17 vmail2 postfix/smtpd[24699]: 5415981E8C1DE: 
client=mailgw1.noa.gr[2001:648:2ffc:1115::27]
May 03 07:24:17 vmail2 postfix/cleanup[22675]: 5415981E8C1DE: 
message-id=
May 03 07:24:17 vmail2 postfix/qmgr[27646]: 5415981E8C1DE: 
from=, size=25840, nrcpt=1 (queue active)
May 03 07:24:17 vmail2 postfix/smtpd[24699]: disconnect from 
mailgw1.noa.gr[2001:648:2ffc:1115::27] ehlo=2 starttls=1 mail=1 rcpt=1 
data=1 quit=1 commands=7
May 03 07:24:17 vmail2 postfix/lmtp[22677]: 5415981E8C1DE: 
to=, relay=vmail2.noa.gr[private/dovecot-lmtp], 
delay=0.1, delays=0.093/0.001/0.001/0.008, dsn=2.0.0, status=sent (250 
2.0.0  aEf1GXGucGJvYgAAcV+qjQ Saved)

May 03 07:24:17 vmail2 postfix/qmgr[27646]: 5415981E8C1DE: removed

May 03 07:24:26 vmail2 postfix/smtpd[24699]: connect from 
mailgw1.noa.gr[83.212.5.27]
May 03 07:24:26 vmail2 postfix/smtpd[24699]: Anonymous TLS connection 
established from mailgw1.noa.gr[83.212.5.27]: TLSv1.3 with cipher 
TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 
server-signature RSA-PSS (4096 bits) server-digest SHA256
May 03 07:24:26 vmail2 postfix/smtpd[24699]: 0FE2A81E8C1DE: 
client=mailgw1.noa.gr[83.212.5.27]
May 03 07:24:26 vmail2 postfix/cleanup[22675]: 0FE2A81E8C1DE: 
message-id=<20220503042418.138f63f...@cl2n038.stanford.edu>
May 03 07:24:26 vmail2 postfix/qmgr[27646]: 0FE2A81E8C1DE: 
from=, size=4807, nrcpt=3 (queue active)
May 03 07:24:26 vmail2 postfix/smtpd[24699]: disconnect from 
mailgw1.noa.gr[83.212.5.27] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 
quit=1 commands=7
May 03 07:24:26 vmail2 postfix/lmtp[22677]: 0FE2A81E8C1DE: 
to=, orig_to=, 
relay=vmail2.noa.gr[private/dovecot-lmtp], delay=0.18, 
delays=0.056/0.003/0.001/0.12, dsn=2.0.0, status=sent (250 2.0.0 
 uABAB3qucGJvYgAAcV+qjQ Saved)

May 03 07:24:26 vmail2 postfix/qmgr[27646]: 0FE2A81E8C1DE: removed

May 03 07:24:40 vmail2 postfix/smtpd[24699]: connect from 
mailgw1.noa.gr[83.212.5.27]
May 03 07:24:40 vmail2 postfix/smtpd[24699]: Anonymous TLS connection 
established from mailgw1.noa.gr[83.212.5.27]: TLSv1.3 with cipher 
TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 
server-signature RSA-PSS (4096 bits) server-digest SHA256
May 03 07:24:40 vmail2 postfix/smtpd[24699]: DC30681E8C1DE: 
client=mailgw1.noa.gr[83.212.5.27]
May 03 07:24:40 vmail2 postfix/cleanup[22675]: DC30681E8C1DE: 
message-id=
May 03 07:24:41 vmail2 postfix/qmgr[27646]: DC30681E8C1DE: 
from=, size=4638210, nrcpt=1 (queue active)

Re: "Alternating" IPv4 / IPv6 connections

Re: "Alternating" IPv4 / IPv6 connections

Re: "Alternating" IPv4 / IPv6 connections

"Alternating" IPv4 / IPv6 connections

4 matches

Site Navigation

Mail list logo

Footer information