[ale] Any Postfix + ipv6 people out there?
Derek Atkins
warlord at MIT.EDU
Thu May 31 10:53:40 EDT 2012
Hi alers,
I've been working on enabling IPv6 on my personal servers and I ran into
a strange issue last night when I enabled v6 on my mail server. All of
a sudden, all the rest of my local hosts that send daily logwatch emails
are being rejected (at least those that are v6-aware but don't have
public v6 addresses). It's as if the permit_mynetworks isn't working
anymore with link-local addresses.
The error I get appears as if the smtpd_sender_restrictions is rejecting
the email, but it should accept it based on mynetworks:
smtpd_sender_restrictions = permit_mynetworks,
permit_tls_clientcerts,
permit_sasl_authenticated,
check_sender_access hash:/etc/postfix/goodsender,
check_sender_access hash:/etc/postfix/badsender,
reject_unknown_sender_domain,
reject_non_fqdn_sender,
check_sender_access hash:/etc/postfix/sender_access,
reject_unverified_sender,
permit
I haven't found a good way to debug postfix and have it log exactly why
the mail is being prevented. Here's the full log that I get in my maillog:
May 31 09:18:12 mail2 postfix/smtpd[26444]: connect from unknown[fe80::20c:29ff:fecf:7df0%eth0]
May 31 09:18:12 mail2 postfix/smtpd[26444]: setting up TLS connection from unknown[fe80::20c:29ff:fecf:7df0%eth0]
May 31 09:18:12 mail2 postfix/smtpd[26444]: Anonymous TLS connection established from unknown[fe80::20c:29ff:fecf:7df0%eth0]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
May 31 09:18:12 mail2 postfix/smtpd[26444]: NOQUEUE: reject: RCPT from unknown[fe80::20c:29ff:fecf:7df0%eth0]: 450 4.1.7 <root at host.dom.ain>: Sender address rejected: unverified address: Address verification failed; from=<root at host.dom.ain> to=<derek at dom.ain> proto=ESMTP helo=<host.dom.ain>
May 31 09:18:12 mail2 postfix/smtpd[26444]: warning: network_biopair_interop: error reading 5 bytes from the network: Connection reset by peer
May 31 09:18:12 mail2 postfix/smtpd[26444]: disconnect from unknown[fe80::20c:29ff:fecf:7df0%eth0]
Any gurus around who can help me debug?
Thanks,
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
More information about the Ale
mailing list