how to set smtp-client -> submission_relay_host for IPv4 only?
In dovecot conf, for submission relay, I've config'd
submission_relay_host = lan.example.com
submission_relay_port = 465hostname -- not IP -- must be used, to inform relay for cert verification match.
Here,
host lan.example.com
lan.example.com has address 10.0.1.47
lan.example.com has IPv6 address fd80:25:01::47The receiving smtp relay listens only on IPv4 -- no IPv6 service,
telnet 10.0.1.47 465
Trying 10.0.1.47...
Connected to 10.0.1.47.
Escape character is '^]'.
telnet -6 fd80:25:01::47 465
Trying fd80:25:01::47...
telnet: connect to address fd80:25:01::47: Connection refusedOn the lan, all boxes are set, in "/etc/gai.conf", for IPv6 to take precedence over IPv4.
On submission to dovecot submission port, after login/auth, dovecot smtp-client subsequently connects to the relay
lan.example.com:465IPv6 1st, & fails
2020-10-15 12:51:45 submission(mua@example.com)<8OJP+rqxuvho7Z95>: Error: smtp-client: conn lan.example.com:465 ([fd80:25:01::47]:465) [1]: connect(lan.example.com:465) failed: Connection refusedthen falls back to IPv4, and continues OK
2020-10-15 12:51:45 submission(mua@example.com)<8OJP+rqxuvho7Z95>: Info: Successfully relayed message: from=<test@remote.example.com>, size=84, id=LMe...Aw, nrcpt=1, reply=`247 2.0.0 Ok: queued as 4CC0KY1wXNzWf93'not fatal, but wasted effort, and noise in the logs.
how/where do I configure (just) the dovecot smtp-client -> submission_relay_host to only connect IPv4?
On 16/10/2020 4:04 am, PGNet Dev wrote:
2020-10-15 12:51:45 submission(mua@example.com)<8OJP+rqxuvho7Z95>: Info: Successfully relayed message: from=test@remote.example.com, size=84, id=LMe...Aw, nrcpt=1, reply=`247 2.0.0 Ok: queued as 4CC0KY1wXNzWf93'
not fatal, but wasted effort, and noise in the logs.
how/where do I configure (just) the dovecot smtp-client -> submission_relay_host to only connect IPv4?
It appears your host has A and AAAA records in your DNS. The clients will try IPV6 first if they see an AAAA record.
If you don't need IPV6 for your host remove the AAAA record. All connections will then only use IPV4.
If you need IPV6 for some other reason then create an alias DNS A record and point your clients to that instead
e.g.
myhost A 192.0.2.1
AAAA 2001:db8::1myhostv4 A 192.0.2.1
you will have to change your certificate to include the alias myhost4
On 10/15/20 2:02 PM, jeremy ardley wrote:
how/where do I configure (just) the dovecot smtp-client -> submission_relay_host to only connect IPv4?
It appears your host has A and AAAA records in your DNS. The clients will try IPV6 first if they see an AAAA record.
If you don't need IPV6 for your host remove the AAAA record. All connections will then only use IPV4.
If you need IPV6 for some other reason then create an alias DNS A record and point your clients to that instead
That's not the issue.
All my machines are dual stack. All my hosts' DNS records exist for both A & AAAA records.
Some services listen on only IPv4, some only on IPv6, some both.
For Dovecot _listeners_ it's trivial to set IPv4/6-only, or both, addresses.
It's also trivial to set OTHER clients, connecting TO Dovecot, to use IPv4-only.
I'm asking how/where to 'tell', via config, Dovecot's smtp-CLIENT, that's making to connection to the submission_relay_host, to use _only_ IPv4.
On 16/10/2020 00:52 PGNet Dev pgnet.dev@gmail.com wrote:
On 10/15/20 2:02 PM, jeremy ardley wrote:
how/where do I configure (just) the dovecot smtp-client -> submission_relay_host to only connect IPv4?
It appears your host has A and AAAA records in your DNS. The clients will try IPV6 first if they see an AAAA record.
If you don't need IPV6 for your host remove the AAAA record. All connections will then only use IPV4.
If you need IPV6 for some other reason then create an alias DNS A record and point your clients to that instead
That's not the issue.
All my machines are dual stack. All my hosts' DNS records exist for both A & AAAA records.
Some services listen on only IPv4, some only on IPv6, some both.
For Dovecot _listeners_ it's trivial to set IPv4/6-only, or both, addresses.
It's also trivial to set OTHER clients, connecting TO Dovecot, to use IPv4-only.
I'm asking how/where to 'tell', via config, Dovecot's smtp-CLIENT, that's making to connection to the submission_relay_host, to use _only_ IPv4.
There is currently no (other) way to do this than using /etc/hosts or specifying IPv4 address for the relay host.
Aki
On 10/15/20 10:13 PM, Aki Tuomi wrote:
I'm asking how/where to 'tell', via config, Dovecot's smtp-CLIENT, that's making to connection to the submission_relay_host, to use _only_ IPv4.
There is currently no (other) way to do this than using /etc/hosts or specifying IPv4 address for the relay host.
just a quick look, but looks like the culprit here is the submission code call to "net_addr2ip()"
src/submission/main.c (c)
...193 static void main_stdio_run(const char *username) { struct mail_storage_service_input input; buffer_t *input_buf; const char *value, *error, *input_base64;
i_zero(&input);
input.module = input.service = "submission";
input.username = username != NULL ? username : getenv("USER");
if (input.username == NULL && IS_STANDALONE())
input.username = getlogin();
if (input.username == NULL)
i_fatal("USER environment missing");
if ((value = getenv("IP")) != NULL)!!! (void)net_addr2ip(value, &input.remote_ip); if ((value = getenv("LOCAL_IP")) != NULL) (void)net_addr2ip(value, &input.local_ip);
input_base64 = getenv("CLIENT_INPUT");
input_buf = input_base64 == NULL ? NULL :
t_base64_decode_str(input_base64);
if (client_create_from_input(&input, STDIN_FILENO, STDOUT_FILENO,
input_buf, &error) < 0)
i_fatal("%s", error);
}
...which includes ipv6-first code,
./src/lib/net.c
...932 int net_addr2ip(const char *addr, struct ip_addr *ip) { int ret;
if (net_addr2ip_inet4_fast(addr, ip))
return 0;
if (strchr(addr, ':') != NULL) {!!! /* IPv6 */ T_BEGIN { if (addr[0] == '[') { /* allow [ipv6 addr] */ size_t len = strlen(addr); if (addr[len-1] == ']') addr = t_strndup(addr+1, len-2); } ret = inet_pton(AF_INET6, addr, &ip->u.ip6); } T_END; if (ret == 0) return -1; ip->family = AF_INET6; } else { /* IPv4 */ if (inet_aton(addr, &ip->u.ip4) == 0) return -1; ip->family = AF_INET; } return 0; } ...
adding a config param, e.g.,
submission_relay_ip_family = {any:inet6:inet4}and wrapping the "src/lib/net.c" stanza, above, in 'if' conditionals based on its value should, iiuc, sufficiently instruct Dovecot to relay-submit over the intended AF.
and stop causing the 'failed connect' error noise in logs.
participants (3)
-
Aki Tuomi
-
jeremy ardley
-
PGNet Dev