Red Hat Bugzilla – Bug 193118
smtpd_helo_restrictions don't work with IPv6 for certain clients
Last modified: 2007-11-30 17:07:25 EST
Description of problem:
I recently enabled IPv6 on my mailserver running Postfix and after also
configuring a client with IPv6 connectivity, attempted to relay mail.
My main.cf contains the following configuration:
What I've found is that if I have any combination of these restrictions enabled,
I cannot send mail via an IPv6 host. The following is logged by Postfix:
postfix/smtpd: NOQUEUE: reject: RCPT from
<[IPv6:2001:618:400:385e:211:24ff:fe28:173d]>: Helo command rejected: invalid ip
address; from=<firstname.lastname@example.org> to=<email@example.com> proto=ESMTP
What's curious is it doesn't matter which restrictions are enabled for
$smtpd_helo_restrictions, it's always the same error griping about the invalid
ip address. I changed $smtpd_helo_restrictions to the following:
I now get three warnings/errors exactly the same as above one, all complaining
about the invalid ip address, nothing related to whether the hostname is
invalid, non-FQDN or unknown.
Current workaround is to set $smtpd_helo_restrictions to empty, but this means
my regular IPv4 connectivity doesn't perform as many checks, which tend to help
cut down on spam.
From limited googling, it appears to be related to the IPv6 syntax used in the
HELO/EHLO. Postfix accepts the address syntax [::1], but doesn't like the
[IPv6:::1] syntax which appears to be an RFC standard, (RFC 2821 I think)
Both Evolution on Fedora Core 4 and Apple Mail on OS X Tiger demonstrated the
problem. I do have some mail delivered by other remote mailservers over IPv6 and
they don't appear to generate warnings so it may be related to particular
versions of particular software.
Version-Release number of selected component (if applicable):
Always with a particular client
Steps to Reproduce:
1. Enable $smtpd_helo_restrictions with a set of valid helo restrictions
2. Attempt to relay mail through server
Server logs invalid ip address in HELO/EHLO
Server should restrict based on the actual restrictions defined, if necessary
There is an update package for postfix in U4: 2.2.10-1.RHEL4.2
Please verify if your problem still exists with this package.
The bump from postfix 2.1.x to 2.2.x seems to have fixed this issue, partly
because AIUI the IPv6 support is largely a rewrite :-)
Then it is ok, to close this bug.