Postfix doesn't fall back on other IP addresses
in [Postfix]
|
Prev: outbound sender
Next: order in cidr_table
From: Erik Logtenberg on 4 Mar 2010 18:52 > If your system has no useful IPv6 connectivity, disable IPv6 in Postfix. > > http://www.postfix.org/inet_protocols The issue is that other people with broken IPv6 connectivity have trouble delivering mail to me, because my mailservers have many different IP addresses, both IPv4 and IPv6. Due to the default of a maximum of 5 IP addresses being tried before giving up, combined with the fact that IPv6 apparently has precedence over IPv4, no one with broken IPv6 can deliver mail to me when I have >= 5 IPv6 addresses configured. Thank you for your tip nevertheless, if everyone would follow it, this problem wouldn't exist.
From: Erik Logtenberg on 4 Mar 2010 19:13 > People who configure MX records should read the SMTP RFC, in > particular section 5. "Address Resolution and Mail Handling. > > By design, Postfix enforces sane limits on ALL information. In the > case of SMTP server IP addresses. Such limits protect Postfix > against abusive sites. Thank you again for your reply, Wietse. Please forgive my relative cluelessness regarding this issue, but could you please elaborate a bit on what you mean? I just read section 5 of RFC 2821, and section 4.5.4.1 (Sending Strategy) as well, which is referenced to in section 5. I understand that the question of whether or not a sender should try different IP's on a multihomed host has been controversial. However by pointing to this RFC you seem to imply more that the MX records aren't configured right to begin with, at least not according to best practice / common sense. Do I interpret you correctly? If so, what would you consider the best way to configure MX records, given the situation that there are 11 incoming SMTP servers required to handle the load and they all have both an IPv4 and an IPv6 address?
From: Wietse Venema on 4 Mar 2010 19:52 Erik Logtenberg: > > > If your system has no useful IPv6 connectivity, disable IPv6 in Postfix. > > > > http://www.postfix.org/inet_protocols > > The issue is that other people with broken IPv6 connectivity have > trouble delivering mail to me, because my mailservers have many > different IP addresses, both IPv4 and IPv6. Due to the default of a > maximum of 5 IP addresses being tried before giving up, combined with > the fact that IPv6 apparently has precedence over IPv4, no one with > broken IPv6 can deliver mail to me when I have >= 5 IPv6 addresses > configured. > > Thank you for your tip nevertheless, if everyone would follow it, this > problem wouldn't exist. Sites with broken IPv6 connectivity should not enable IPv6 on their systems. Wietse
From: mouss on 7 Mar 2010 18:05 Erik Logtenberg a �crit : >> People who configure MX records should read the SMTP RFC, in >> particular section 5. "Address Resolution and Mail Handling. >> >> By design, Postfix enforces sane limits on ALL information. In the >> case of SMTP server IP addresses. Such limits protect Postfix >> against abusive sites. > > Thank you again for your reply, Wietse. Please forgive my relative > cluelessness regarding this issue, but could you please elaborate a bit > on what you mean? > > I just read section 5 of RFC 2821, and section 4.5.4.1 (Sending > Strategy) as well, which is referenced to in section 5. I understand > that the question of whether or not a sender should try different IP's > on a multihomed host has been controversial. > > However by pointing to this RFC you seem to imply more that the MX > records aren't configured right to begin with, at least not according to > best practice / common sense. Do I interpret you correctly? > If so, what would you consider the best way to configure MX records, > given the situation that there are 11 incoming SMTP servers required to > handle the load and they all have both an IPv4 and an IPv6 address? > RFC 5321 (the same sentence is in 2821) says "In any case, the SMTP client SHOULD try at least two addresses." so a client that only tries two addresses is compliant. If you use twenty IPs, be prepared to see clients ignore most of them (and no tuning of _your_ postfix will help).
From: Wietse Venema on 7 Mar 2010 18:26
mouss: > RFC 5321 (the same sentence is in 2821) says > "In any case, the SMTP client SHOULD try at least two addresses." > > so a client that only tries two addresses is compliant. If you use > twenty IPs, be prepared to see clients ignore most of them (and no > tuning of _your_ postfix will help). As of snapshot 20100306, Postfix's hard-coded "try ipv6 before ipv4" behavior is now configurable. The default setting is backwards-compatible with the behavior that was imported long ago with the TLS+IPV6 patch. I may change the default into "any" (i.e. toss a coin between IPv6 and IPv4) to improve the worst-case behavior. If there is a problem that affects only one protocol, then mail will eventually get through via the other protocol. Of course, this has no effect on IPV4-only hosts. Wietse Quoting from the friendly manual: smtp_address_preference (default: ipv6) The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP client will try first, when a destination has IPv6 and IPv4 addresses with equal MX preference. This feature has no effect unless the inet_proto- cols setting enables both IPv4 and IPv6. This feature is available in Postfix 2.8 and later. |