postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: postfix in an IPv6 network

postfix in an IPv6 network

From: postfix <postfix_at_nospam>
Date: Mon Oct 25 2010 - 11:28:30 GMT
To: Postfix users <postfix-users@postfix.org>

Hi listers

[root@mailhost ~]# rpm -q postfix
postfix-2.5.6-3.fc11.i586
[root@mailhost ~]#

[root@mailhost ~]# postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
anvil_rate_time_unit = 60s
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter =
daemon_directory = /usr/libexec/postfix
data_directory = /data/postfix/cache
debug_peer_level = 2
defer_transports =
disable_dns_lookups = no
html_directory = no
inet_interfaces = all
inet_protocols = all
local_recipient_maps = proxy:ldap:/etc/postfix/ldap-alias.cf
mail_owner = postfix
mailbox_command =
mailbox_transport =
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
mydestination = localhost.$mydomain
mydomain = $myhostname
myhostname = mailhost.mydomain.com
mynetworks = 192.168.97.0/24, aaa.bbb.206.128/27, [2002:uuuu:vvvv::]/64
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /data/postfix/queues
readme_directory = /usr/share/doc/postfix-2.5.6/README_FILES
relay_domains = permit_sasl_authenticated, permit_mynetworks
relayhost =
sample_directory = /usr/share/doc/postfix-2.5.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_client_connection_count_limit = 5
smtpd_client_connection_rate_limit = 22
smtpd_client_event_limit_exceptions = $mynetworks
smtpd_client_recipient_rate_limit = 100
smtpd_client_restrictions = permit_sasl_authenticated,
hash:/etc/postfix/whitelist, hash:/etc/postfix/access
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access
hash:/etc/postfix/helo_checks, reject_invalid_hostname
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
check_recipient_access hash:/etc/postfix/check_recipients,
check_recipient_access hash:/etc/postfix/access,
reject_rbl_client mail-abuse.org, reject_rbl_client
sbl-xbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl,
      reject_rbl_client cbl.abuseat.org, reject_rhsbl_client
mail-abuse.org, reject_rhsbl_client sbl-xbl.spamhaus.org,
reject_rhsbl_client blackholes.easynet.nl, reject_rhsbl_client
cbl.abuseat.org check_recipient_access
ldap:/etc/postfix/ldap-spamfilter.cf, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = postfix
smtpd_sender_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unknown_sender_domain,
hash:/etc/postfix/whitelist, check_sender_access
hash:/etc/postfix/access, reject_rhsbl_sender dsn.rfc-ignorant.org
strict_rfc821_envelopes = no
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap-alias.cf
virtual_gid_maps = static:89
virtual_mailbox_base = /data/postfix/maildrop/
virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap-domain.cf
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap-mailbox.cf
virtual_minimum_uid = 51
virtual_transport = virtual
virtual_uid_maps = static:89
[root@mailhost ~]#

1. Problem: format of IPv6 address in mynetworks

After many trials, I have found out that the ipv6 Address in the
mynetworks attribute must have a double semicolon at the end, otherwise
the smtpd server throttles:

Oct 25 12:40:10 mailhost postfix/smtpd[5019]: connect from
myclient.mydomain.com[2002:uuuu:vvvv:1::21]
Oct 25 12:40:10 mailhost postfix/smtpd[5019]: fatal: bad net/mask
pattern: "2002:uuuu:vvvv:/64"
Oct 25 12:40:11 mailhost postfix/master[5013]: warning: process
/usr/libexec/postfix/smtpd pid 5019 exit status 1
Oct 25 12:40:11 mailhost postfix/master[5013]: warning:
/usr/libexec/postfix/smtpd: bad command startup -- throttling

2. Problem: permit_mynetworks with IPv6 addresses does not work

But after having found out and changed that, postfix all the same did
not accept an unauthorized connection via IPv6, even if I had specified
for relay_domains permit_mynetworks

Oct 25 12:53:07 mailhost postfix/smtpd[5298]: connect from
myclient.mydomain.com[2002:uuuu:vvvv:1::21]
Oct 25 12:53:08 mailhost postfix/smtpd[5298]: NOQUEUE: reject: RCPT from
myclient.mydomain.com[2002:uuuu:vvvv:1::21]: 554 5.7.1
<myuser@mydomain.com>: Relay access denied; from=<anax@mydomain.com>
to=<myuser@mydomain.com> proto=ESMTP helo=<myclient.lan>
Oct 25 12:53:37 mailhost postfix/smtpd[5298]: disconnect from
myclient.mydomain.com[2002:uuuu:vvvv:1::21]

Can anybody comment on that?

Thanks for your attention

myuser