Red Hat Bugzilla – Bug 193118
smtpd_helo_restrictions don't work with IPv6 for certain clients
Last modified: 2007-11-30 17:07:25 EST
Description of problem: I recently enabled IPv6 on my mailserver running Postfix and after also configuring a client with IPv6 connectivity, attempted to relay mail. My main.cf contains the following configuration: smtpd_helo_restrictions = reject_invalid_hostname reject_non_fqdn_hostname reject_unknown_hostname What I've found is that if I have any combination of these restrictions enabled, I cannot send mail via an IPv6 host. The following is logged by Postfix: postfix/smtpd[31042]: NOQUEUE: reject: RCPT from starbug.bodgit-n-scarper.com[2001:618:400:385e:211:24ff:fe28:173d]: 501 <[IPv6:2001:618:400:385e:211:24ff:fe28:173d]>: Helo command rejected: invalid ip address; from=<matt@bodgit-n-scarper.com> to=<foo@domain.com> proto=ESMTP helo=<[IPv6:2001:618:400:385e:211:24ff:fe28:173d]> What's curious is it doesn't matter which restrictions are enabled for $smtpd_helo_restrictions, it's always the same error griping about the invalid ip address. I changed $smtpd_helo_restrictions to the following: smtpd_helo_restrictions = warn_if_reject reject_invalid_hostname warn_if_reject reject_non_fqdn_hostname warn_if_reject reject_unknown_hostname I now get three warnings/errors exactly the same as above one, all complaining about the invalid ip address, nothing related to whether the hostname is invalid, non-FQDN or unknown. Current workaround is to set $smtpd_helo_restrictions to empty, but this means my regular IPv4 connectivity doesn't perform as many checks, which tend to help cut down on spam. From limited googling, it appears to be related to the IPv6 syntax used in the HELO/EHLO. Postfix accepts the address syntax [::1], but doesn't like the [IPv6:::1] syntax which appears to be an RFC standard, (RFC 2821 I think) Both Evolution on Fedora Core 4 and Apple Mail on OS X Tiger demonstrated the problem. I do have some mail delivered by other remote mailservers over IPv6 and they don't appear to generate warnings so it may be related to particular versions of particular software. Version-Release number of selected component (if applicable): postfix-2.1.5-4.2.RHEL4 How reproducible: Always with a particular client Steps to Reproduce: 1. Enable $smtpd_helo_restrictions with a set of valid helo restrictions 2. Attempt to relay mail through server Actual results: Server logs invalid ip address in HELO/EHLO Expected results: Server should restrict based on the actual restrictions defined, if necessary Additional info:
There is an update package for postfix in U4: 2.2.10-1.RHEL4.2 Please verify if your problem still exists with this package.
The bump from postfix 2.1.x to 2.2.x seems to have fixed this issue, partly because AIUI the IPv6 support is largely a rewrite :-)
Then it is ok, to close this bug.