193118 – smtpd_helo_restrictions don't work with IPv6 for certain clients

Bug 193118 - smtpd_helo_restrictions don't work with IPv6 for certain clients

Summary: smtpd_helo_restrictions don't work with IPv6 for certain clients

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	postfix
Sub Component:
Version:	4.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Thomas Woerner
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-05-25 12:31 UTC by Matt Dainty
Modified:	2007-11-30 22:07 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-03-16 12:46:27 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Matt Dainty 2006-05-25 12:31:05 UTC

Description of problem:

I recently enabled IPv6 on my mailserver running Postfix and after also
configuring a client with IPv6 connectivity, attempted to relay mail.

My main.cf contains the following configuration:

smtpd_helo_restrictions =
        reject_invalid_hostname
        reject_non_fqdn_hostname
        reject_unknown_hostname

What I've found is that if I have any combination of these restrictions enabled,
I cannot send mail via an IPv6 host. The following is logged by Postfix:

postfix/smtpd[31042]: NOQUEUE: reject: RCPT from
starbug.bodgit-n-scarper.com[2001:618:400:385e:211:24ff:fe28:173d]: 501
<[IPv6:2001:618:400:385e:211:24ff:fe28:173d]>: Helo command rejected: invalid ip
address; from=<matt> to=<foo> proto=ESMTP
helo=<[IPv6:2001:618:400:385e:211:24ff:fe28:173d]>

What's curious is it doesn't matter which restrictions are enabled for
$smtpd_helo_restrictions, it's always the same error griping about the invalid
ip address. I changed $smtpd_helo_restrictions to the following:

smtpd_helo_restrictions =
        warn_if_reject reject_invalid_hostname
        warn_if_reject reject_non_fqdn_hostname
        warn_if_reject reject_unknown_hostname

I now get three warnings/errors exactly the same as above one, all complaining
about the invalid ip address, nothing related to whether the hostname is
invalid, non-FQDN or unknown.

Current workaround is to set $smtpd_helo_restrictions to empty, but this means
my regular IPv4 connectivity doesn't perform as many checks, which tend to help
cut down on spam.

From limited googling, it appears to be related to the IPv6 syntax used in the
HELO/EHLO. Postfix accepts the address syntax [::1], but doesn't like the
[IPv6:::1] syntax which appears to be an RFC standard, (RFC 2821 I think)

Both Evolution on Fedora Core 4 and Apple Mail on OS X Tiger demonstrated the
problem. I do have some mail delivered by other remote mailservers over IPv6 and
they don't appear to generate warnings so it may be related to particular
versions of particular software.

Version-Release number of selected component (if applicable):

postfix-2.1.5-4.2.RHEL4

How reproducible:

Always with a particular client

Steps to Reproduce:

1. Enable $smtpd_helo_restrictions with a set of valid helo restrictions
2. Attempt to relay mail through server
  
Actual results:

Server logs invalid ip address in HELO/EHLO

Expected results:

Server should restrict based on the actual restrictions defined, if necessary

Additional info:

Comment 1 Thomas Woerner 2007-03-09 16:47:58 UTC

There is an update package for postfix in U4: 2.2.10-1.RHEL4.2

Please verify if your problem still exists with this package.

Comment 2 Matt Dainty 2007-03-16 10:31:26 UTC

The bump from postfix 2.1.x to 2.2.x seems to have fixed this issue, partly
because AIUI the IPv6 support is largely a rewrite :-)

Comment 3 Thomas Woerner 2007-03-16 12:46:27 UTC

Then it is ok, to close this bug.

Note You need to log in before you can comment on or make changes to this bug.