Bug 193118 - smtpd_helo_restrictions don't work with IPv6 for certain clients
smtpd_helo_restrictions don't work with IPv6 for certain clients
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: postfix (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
Depends On:
  Show dependency treegraph
Reported: 2006-05-25 08:31 EDT by Matt Dainty
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-03-16 08:46:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Matt Dainty 2006-05-25 08:31:05 EDT
Description of problem:

I recently enabled IPv6 on my mailserver running Postfix and after also
configuring a client with IPv6 connectivity, attempted to relay mail.

My main.cf contains the following configuration:

smtpd_helo_restrictions =

What I've found is that if I have any combination of these restrictions enabled,
I cannot send mail via an IPv6 host. The following is logged by Postfix:

postfix/smtpd[31042]: NOQUEUE: reject: RCPT from
starbug.bodgit-n-scarper.com[2001:618:400:385e:211:24ff:fe28:173d]: 501
<[IPv6:2001:618:400:385e:211:24ff:fe28:173d]>: Helo command rejected: invalid ip
address; from=<matt@bodgit-n-scarper.com> to=<foo@domain.com> proto=ESMTP

What's curious is it doesn't matter which restrictions are enabled for
$smtpd_helo_restrictions, it's always the same error griping about the invalid
ip address. I changed $smtpd_helo_restrictions to the following:

smtpd_helo_restrictions =
        warn_if_reject reject_invalid_hostname
        warn_if_reject reject_non_fqdn_hostname
        warn_if_reject reject_unknown_hostname

I now get three warnings/errors exactly the same as above one, all complaining
about the invalid ip address, nothing related to whether the hostname is
invalid, non-FQDN or unknown.

Current workaround is to set $smtpd_helo_restrictions to empty, but this means
my regular IPv4 connectivity doesn't perform as many checks, which tend to help
cut down on spam.

From limited googling, it appears to be related to the IPv6 syntax used in the
HELO/EHLO. Postfix accepts the address syntax [::1], but doesn't like the
[IPv6:::1] syntax which appears to be an RFC standard, (RFC 2821 I think)

Both Evolution on Fedora Core 4 and Apple Mail on OS X Tiger demonstrated the
problem. I do have some mail delivered by other remote mailservers over IPv6 and
they don't appear to generate warnings so it may be related to particular
versions of particular software.

Version-Release number of selected component (if applicable):


How reproducible:

Always with a particular client

Steps to Reproduce:

1. Enable $smtpd_helo_restrictions with a set of valid helo restrictions
2. Attempt to relay mail through server
Actual results:

Server logs invalid ip address in HELO/EHLO

Expected results:

Server should restrict based on the actual restrictions defined, if necessary

Additional info:
Comment 1 Thomas Woerner 2007-03-09 11:47:58 EST
There is an update package for postfix in U4: 2.2.10-1.RHEL4.2

Please verify if your problem still exists with this package.
Comment 2 Matt Dainty 2007-03-16 06:31:26 EDT
The bump from postfix 2.1.x to 2.2.x seems to have fixed this issue, partly
because AIUI the IPv6 support is largely a rewrite :-)
Comment 3 Thomas Woerner 2007-03-16 08:46:27 EDT
Then it is ok, to close this bug. 

Note You need to log in before you can comment on or make changes to this bug.