On Tue, 2011-06-07 at 09:10 -0500, Matt Brookings wrote: > >> Unfortunately, the 5.4 branch does not understand "::1" as the loopback, > >> and it parses the value incorrectly, leading to an open relay situation. > >> Not all systems allow localhost to relay via SMTP without authentication. > > > > Doesn't it also mean that if someone connects via a remote IPv6 address, > > it again leads to open relay? How about the attached patch instead? > > Many systems will be running other qmail and vpopmail services from the > ucspi-tcp package which may not be patched to support IPv6. As a > result, when connecting to "::1", it will be translated to 127.0.0.1, > and as I said before, some systems will not allow localhost to send > without authentication. > > I understand it's introducing a hackish fix into your project, but I > will submit a new patch that updates this block of code when a proper > solution that will work across the various system configurations is > determined.
It still seems safer to me to ignore all IPv6 addresses rather than ::1 specifically. And as I understand it works just as well normally with both ways?
