On Tue, 2011-06-07 at 09:10 -0500, Matt Brookings wrote:
Unfortunately, the 5.4 branch does not understand "::1" as the loopback, and it parses the value incorrectly, leading to an open relay situation. Not all systems allow localhost to relay via SMTP without authentication.
Doesn't it also mean that if someone connects via a remote IPv6 address, it again leads to open relay? How about the attached patch instead?
Many systems will be running other qmail and vpopmail services from the ucspi-tcp package which may not be patched to support IPv6. As a result, when connecting to "::1", it will be translated to 127.0.0.1, and as I said before, some systems will not allow localhost to send without authentication.
I understand it's introducing a hackish fix into your project, but I will submit a new patch that updates this block of code when a proper solution that will work across the various system configurations is determined.
It still seems safer to me to ignore all IPv6 addresses rather than ::1 specifically. And as I understand it works just as well normally with both ways?