Re: "Alternating" IPv4 / IPv6 connections
Nikolaos Milas: > Hello, > > In our setup we have two mail gateway servers accepting incoming mail > (mailgw1.noa.gr [primary] and mailgw3.noa.gr), filtering mail (using > postscreen, amavis, spamassassin, clamav) and forwarding to the internal > mail server (vmail2.noa.gr) where user mailboxes lie. > > All servers are running postfix 3.7.0. > > I am trying to investigate why our mail gateway servers (mailgw1 and > mailgw3) sometimes connect over IPv6 and some other times connect over > IPv4 to deliver mail to vmail2. I received complaints when some Linux distro shipped Postfix with IPv4 and IPv6 support turned on. Under specific confitions, sites could no longer send mail to destinations with IPv6+IPv4 primary MX addresses even if those destinations were perfectly reachable over IPv4. - Postfix would never try IPv4, because it was configured to prefer IPv6, and the number of a destination's IPv6 primary MX addresses was >= than $smtp_mx_address_limit. - Postfix IPv6 support was on, but the host had no IPv6 connectivity. - Not reported, but plausible: IPv6 was tunneled over IPv4, and IPv6 came from a different provider. Thus, IPv6 could go down while IPv4 still worked. You get a similar result, failure to connect over IPv6, when Postfix is configured to prefer IPv4, and IPv4 is down while IPv6 is up. When Postfix IPv4 and IPv6 support are turned on, these Postfix default settings will keep mail flowing as long as at least one of the two protocols works: smtp_address_preference = any smtp_balance_inet_protocols = yes If you must force IPv6 delivery, then I would recommend using a dedicated SMTP client in transport_maps that overrides the above settings (with "-o inet_protocols=ipv6"). I would STRONGLY advise not to override these defaults for email deliveries across the internet or else Postfix will fail to try To deliver over IPV6 (or IPv4) when the other procotol is down. Wietse
Re: "Alternating" IPv4 / IPv6 connections
On 9/5/2022 3:39 μ.μ., Nikolaos Milas wrote: As an example I am listing below some successive log entries (collated, usernames modified). For your reference, I am posting below the log entries (usernames modified consistently) of the same sessions (which I listed in my original message), as logged at mailgw1.noa.gr (You will notice that each session includes local delivery to amavis and return back for final deliver to vmail2.noa.gr): May 03 07:23:50 mailgw1 postfix/smtpd[195932]: connect from a10-227.smtp-out.amazonses.com[54.240.10.227] May 03 07:23:51 mailgw1 postfix/smtpd[195932]: Anonymous connection established from a10-227.smtp-out.amazonses.com[54.240.10.227]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits) May 03 07:23:51 mailgw1 postfix/smtpd[195932]: 4Ksn0768SXzLyyK: client=a10-227.smtp-out.amazonses.com[54.240.10.227] May 03 07:23:52 mailgw1 postfix/cleanup[196401]: 4Ksn0768SXzLyyK: message-id=<010001808828f889-bcb7b94b-b241-41c4-879f-353d04ea2966-000...@email.amazonses.com> May 03 07:23:52 mailgw1 postfix/qmgr[193390]: 4Ksn0768SXzLyyK: from=<010001808828f889-bcb7b94b-b241-41c4-879f-353d04ea2966-000...@bounce.academia-mail.com>, size=61693, nrcpt=1 (queue active) May 03 07:23:54 mailgw1 postfix/smtpd[196404]: connect from localhost[127.0.0.1] May 03 07:23:54 mailgw1 postfix/smtpd[196404]: 4Ksn0B16bmzM016: client=localhost[127.0.0.1] May 03 07:23:54 mailgw1 postfix/cleanup[196401]: 4Ksn0B16bmzM016: message-id=<010001808828f889-bcb7b94b-b241-41c4-879f-353d04ea2966-000...@email.amazonses.com> May 03 07:23:54 mailgw1 postfix/qmgr[193390]: 4Ksn0B16bmzM016: from=<010001808828f889-bcb7b94b-b241-41c4-879f-353d04ea2966-000...@bounce.academia-mail.com>, size=62726, nrcpt=1 (queue active) May 03 07:23:54 mailgw1 postfix/lmtp[196406]: 4Ksn0768SXzLyyK: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=2.8, delays=0.95/0/0.01/1.8, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4Ksn0B16bmzM016) May 03 07:23:54 mailgw1 postfix/qmgr[193390]: 4Ksn0768SXzLyyK: removed May 03 07:23:54 mailgw1 postfix/smtpd[196404]: connect from localhost[127.0.0.1] May 03 07:23:54 mailgw1 postfix/smtpd[196404]: 4Ksn0B16bmzM016: client=localhost[127.0.0.1] May 03 07:23:54 mailgw1 postfix/cleanup[196401]: 4Ksn0B16bmzM016: message-id=<010001808828f889-bcb7b94b-b241-41c4-879f-353d04ea2966-000...@email.amazonses.com> May 03 07:23:54 mailgw1 postfix/qmgr[193390]: 4Ksn0B16bmzM016: from=<010001808828f889-bcb7b94b-b241-41c4-879f-353d04ea2966-000...@bounce.academia-mail.com>, size=62726, nrcpt=1 (queue active) May 03 07:23:54 mailgw1 postfix/smtp[196405]: 4Ksn0B16bmzM016: to=, relay=vmail2.noa.gr[2001:648:2011:15::166]:25, delay=0.41, delays=0.05/0/0.04/0.32, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 3EA3681E8C1DE) May 03 07:23:54 mailgw1 postfix/qmgr[193390]: 4Ksn0B16bmzM016: removed May 03 07:24:15 mailgw1 postfix/smtpd[195934]: connect from 66-220-155-141.mail-mail.facebook.com[66.220.155.141] May 03 07:24:15 mailgw1 postfix/smtpd[195934]: Anonymous TLS connection established from 66-220-155-141.mail-mail.facebook.com[66.220.155.141]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 May 03 07:24:15 mailgw1 postfix/smtpd[195934]: 4Ksn0b6C9dzLyyK: client=66-220-155-141.mail-mail.facebook.com[66.220.155.141] May 03 07:24:16 mailgw1 postfix/cleanup[196401]: 4Ksn0b6C9dzLyyK: message-id= May 03 07:24:16 mailgw1 postfix/qmgr[193390]: 4Ksn0b6C9dzLyyK: from=, size=24266, nrcpt=1 (queue active) May 03 07:24:17 mailgw1 postfix/smtpd[195932]: disconnect from a10-227.smtp-out.amazonses.com[54.240.10.227] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7 May 03 07:24:17 mailgw1 postfix/smtpd[196411]: connect from localhost[127.0.0.1] May 03 07:24:17 mailgw1 postfix/smtpd[196411]: 4Ksn0d20kHzM019: client=localhost[127.0.0.1] May 03 07:24:17 mailgw1 postfix/cleanup[196401]: 4Ksn0d20kHzM019: message-id= May 03 07:24:17 mailgw1 postfix/qmgr[193390]: 4Ksn0d20kHzM019: from=, size=25399, nrcpt=1 (queue active) May 03 07:24:17 mailgw1 postfix/lmtp[196402]: 4Ksn0b6C9dzLyyK: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=1.7, delays=0.5/0/0.01/1.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4Ksn0d20kHzM019) May 03 07:24:17 mailgw1 postfix/qmgr[193390]: 4Ksn0b6C9dzLyyK: removed May 03 07:24:17 mailgw1 postfix/smtp[196405]: 4Ksn0d20kHzM019: to=, relay=vmail2.noa.gr[2001:648:2011:15::166]:25, delay=0.16, delays=0.01/0/0.04/0.1, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 5415981E8C1DE) May 03 07:24:17 mailgw1 postfix/qmgr[193390]: 4Ksn0d20kHzM019: removed May 03 07:24:22 mailgw1 postfix/smtpd[195934]: connect from mx0a-0d04.pphosted.com[148.163.149.245] May 03 07:24:23 mailgw1 postfix/smtpd[195934]: Anonymous TLS connection established from mx0a-0d04.pphosted.com[148.163.149.245]: TLSv1.2
Re: "Alternating" IPv4 / IPv6 connections
On 9/5/2022 3:39 μ.μ., Nikolaos Milas wrote: In our setup we have two mail gateway servers accepting incoming mail (mailgw1.noa.gr [primary] and mailgw3.noa.gr), filtering mail (using postscreen, amavis, spamassassin, clamav) and forwarding to the internal mail server (vmail2.noa.gr) where user mailboxes lie. ... Transport is configured as follows (on mailgw1 and mailgw3 servers): /etc/postfix/transportmap: noa.gr relay:[vmail2.noa.gr] admin.noa.gr relay:[vmail2.noa.gr] nestor.noa.gr relay:[vmail2.noa.gr] space.noa.gr relay:[vmail2.noa.gr] meteo.noa.gr relay:[vmail2.noa.gr] gein.noa.gr relay:[vmail2.noa.gr] technet.noa.gr relay:[vmail2.noa.gr] astro.noa.gr relay:[vmail2.noa.gr] hesperia-space.eu relay:[vmail2.noa.gr] If any additional information is required, I will be happy to share it with you. Thanks, Nick
"Alternating" IPv4 / IPv6 connections
Hello, In our setup we have two mail gateway servers accepting incoming mail (mailgw1.noa.gr [primary] and mailgw3.noa.gr), filtering mail (using postscreen, amavis, spamassassin, clamav) and forwarding to the internal mail server (vmail2.noa.gr) where user mailboxes lie. All servers are running postfix 3.7.0. I am trying to investigate why our mail gateway servers (mailgw1 and mailgw3) sometimes connect over IPv6 and some other times connect over IPv4 to deliver mail to vmail2. As an example I am listing below some successive log entries (collated, usernames modified). Why does this happen? I would expect all connections to be made using IPv6, since it is preferred over IPv4. Why all connections do not use IPv6? Can you please help me to understand and correct any settings if/where needed? At the bottom I list the output of postconf -n for mailgw1 and vmail2. Log entries follow: May 03 07:23:54 vmail2 postfix/smtpd[24699]: connect from mailgw1.noa.gr[2001:648:2ffc:1115::27] May 03 07:23:54 vmail2 postfix/smtpd[24699]: Anonymous TLS connection established from mailgw1.noa.gr[2001:648:2ffc:1115::27]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 May 03 07:23:54 vmail2 postfix/smtpd[24699]: 3EA3681E8C1DE: client=mailgw1.noa.gr[2001:648:2ffc:1115::27] May 03 07:23:54 vmail2 postfix/cleanup[22675]: 3EA3681E8C1DE: message-id=<010001808828f889-bcb7b94b-b241-41c4-879f-353d04ea2966-000...@email.amazonses.com> May 03 07:23:54 vmail2 postfix/qmgr[27646]: 3EA3681E8C1DE: from=<010001808828f889-bcb7b94b-b241-41c4-879f-353d04ea2966-000...@bounce.academia-mail.com>, size=63158, nrcpt=1 (queue active) May 03 07:23:54 vmail2 postfix/smtpd[24699]: disconnect from mailgw1.noa.gr[2001:648:2ffc:1115::27] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7 May 03 07:23:54 vmail2 postfix/lmtp[22677]: 3EA3681E8C1DE: to=, relay=vmail2.noa.gr[private/dovecot-lmtp], delay=0.35, delays=0.31/0.002/0.001/0.034, dsn=2.0.0, status=sent (250 2.0.0 YC2SIVqucGJvYgAAcV+qjQ Saved) May 03 07:23:54 vmail2 postfix/qmgr[27646]: 3EA3681E8C1DE: removed May 03 07:24:17 vmail2 postfix/smtpd[24699]: connect from mailgw1.noa.gr[2001:648:2ffc:1115::27] May 03 07:24:17 vmail2 postfix/smtpd[24699]: Anonymous TLS connection established from mailgw1.noa.gr[2001:648:2ffc:1115::27]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 May 03 07:24:17 vmail2 postfix/smtpd[24699]: 5415981E8C1DE: client=mailgw1.noa.gr[2001:648:2ffc:1115::27] May 03 07:24:17 vmail2 postfix/cleanup[22675]: 5415981E8C1DE: message-id= May 03 07:24:17 vmail2 postfix/qmgr[27646]: 5415981E8C1DE: from=, size=25840, nrcpt=1 (queue active) May 03 07:24:17 vmail2 postfix/smtpd[24699]: disconnect from mailgw1.noa.gr[2001:648:2ffc:1115::27] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7 May 03 07:24:17 vmail2 postfix/lmtp[22677]: 5415981E8C1DE: to=, relay=vmail2.noa.gr[private/dovecot-lmtp], delay=0.1, delays=0.093/0.001/0.001/0.008, dsn=2.0.0, status=sent (250 2.0.0 aEf1GXGucGJvYgAAcV+qjQ Saved) May 03 07:24:17 vmail2 postfix/qmgr[27646]: 5415981E8C1DE: removed May 03 07:24:26 vmail2 postfix/smtpd[24699]: connect from mailgw1.noa.gr[83.212.5.27] May 03 07:24:26 vmail2 postfix/smtpd[24699]: Anonymous TLS connection established from mailgw1.noa.gr[83.212.5.27]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 May 03 07:24:26 vmail2 postfix/smtpd[24699]: 0FE2A81E8C1DE: client=mailgw1.noa.gr[83.212.5.27] May 03 07:24:26 vmail2 postfix/cleanup[22675]: 0FE2A81E8C1DE: message-id=<20220503042418.138f63f...@cl2n038.stanford.edu> May 03 07:24:26 vmail2 postfix/qmgr[27646]: 0FE2A81E8C1DE: from=, size=4807, nrcpt=3 (queue active) May 03 07:24:26 vmail2 postfix/smtpd[24699]: disconnect from mailgw1.noa.gr[83.212.5.27] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7 May 03 07:24:26 vmail2 postfix/lmtp[22677]: 0FE2A81E8C1DE: to=, orig_to=, relay=vmail2.noa.gr[private/dovecot-lmtp], delay=0.18, delays=0.056/0.003/0.001/0.12, dsn=2.0.0, status=sent (250 2.0.0 uABAB3qucGJvYgAAcV+qjQ Saved) May 03 07:24:26 vmail2 postfix/qmgr[27646]: 0FE2A81E8C1DE: removed May 03 07:24:40 vmail2 postfix/smtpd[24699]: connect from mailgw1.noa.gr[83.212.5.27] May 03 07:24:40 vmail2 postfix/smtpd[24699]: Anonymous TLS connection established from mailgw1.noa.gr[83.212.5.27]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 May 03 07:24:40 vmail2 postfix/smtpd[24699]: DC30681E8C1DE: client=mailgw1.noa.gr[83.212.5.27] May 03 07:24:40 vmail2 postfix/cleanup[22675]: DC30681E8C1DE: message-id= May 03 07:24:41 vmail2 postfix/qmgr[27646]: DC30681E8C1DE: from=, size=4638210, nrcpt=1 (queue active)