On 03/18/18 13:54, Richard wrote: > > It appears that "limit mta inet4" statement limits outgoing ipv6 > connections but not incoming ipv6 connections... > > Instead of the limit statement one might use a notation like this > which limits incoming and outgoing connections to ipv4 by interface: > > listen on lo inet4 tls pki $xname > listen on eth0 inet4 tls pki $xname > listen on eth1 inet4 tls pki $xname >
This works for me in this case (thanx very much), but apparently it doesn't really solve the problem. If I use a global IPv6 address and a dual-stack configuration xname="mailhost.example.com" pki $xname key "/etc/ssl/private/smtpd.key.pem" pki $xname certificate "/etc/ssl/public/mailhost.example.com.pem" listen on lo tls pki $xname listen on eth0 tls pki $xname listen on eth1 tls pki $xname : then smtpd stumbles over the tentative IPv6 address again. The only difference is that its not a link-local address anymore: : : 670 bind(11, {sa_family=AF_INET, sin_port=htons(25), sin_addr=inet_addr("10.0.0.2")}, 16 <unfinished ...> 670 <... bind resumed> ) = 0 670 socket(PF_INET6, SOCK_STREAM, IPPROTO_IP <unfinished ...> 670 <... socket resumed> ) = 12 670 setsockopt(12, SOL_SOCKET, SO_REUSEADDR, [1], 4 <unfinished ...> 670 <... setsockopt resumed> ) = 0 670 setsockopt(12, SOL_IPV6, IPV6_V6ONLY, [1], 4 <unfinished ...> 670 <... setsockopt resumed> ) = 0 670 bind(12, {sa_family=AF_INET6, sin6_port=htons(25), inet_pton(AF_INET6, "2001:DB8:30:ffe0::e6", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28 < 670 <... bind resumed> ) = -1 EADDRNOTAVAIL (Cannot assign requested address) 670 write(2, "pony express: smtpd: bind: Canno"..., 59 <unfinished ...> 670 <... write resumed> ) = 59 670 exit_group(1) = ? 670 +++ exited with 1 +++ Regards Harri -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org