On 03/18/18 13:54, Richard wrote:
>
> It appears that "limit mta inet4" statement limits outgoing ipv6
> connections but not incoming ipv6 connections...
>
> Instead of the limit statement one might use a notation like this
> which limits incoming and outgoing connections to ipv4 by interface:
>
> listen on lo inet4 tls pki $xname
> listen on eth0 inet4 tls pki $xname
> listen on eth1 inet4 tls pki $xname
>
This works for me in this case (thanx very much), but apparently it
doesn't really solve the problem. If I use a global IPv6 address and
a dual-stack configuration
xname="mailhost.example.com"
pki $xname key "/etc/ssl/private/smtpd.key.pem"
pki $xname certificate "/etc/ssl/public/mailhost.example.com.pem"
listen on lo tls pki $xname
listen on eth0 tls pki $xname
listen on eth1 tls pki $xname
:
then smtpd stumbles over the tentative IPv6 address again. The only
difference is that its not a link-local address anymore:
:
:
670 bind(11, {sa_family=AF_INET, sin_port=htons(25),
sin_addr=inet_addr("10.0.0.2")}, 16 <unfinished ...>
670 <... bind resumed> ) = 0
670 socket(PF_INET6, SOCK_STREAM, IPPROTO_IP <unfinished ...>
670 <... socket resumed> ) = 12
670 setsockopt(12, SOL_SOCKET, SO_REUSEADDR, [1], 4 <unfinished ...>
670 <... setsockopt resumed> ) = 0
670 setsockopt(12, SOL_IPV6, IPV6_V6ONLY, [1], 4 <unfinished ...>
670 <... setsockopt resumed> ) = 0
670 bind(12, {sa_family=AF_INET6, sin6_port=htons(25), inet_pton(AF_INET6,
"2001:DB8:30:ffe0::e6", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28 <
670 <... bind resumed> ) = -1 EADDRNOTAVAIL (Cannot assign
requested address)
670 write(2, "pony express: smtpd: bind: Canno"..., 59 <unfinished ...>
670 <... write resumed> ) = 59
670 exit_group(1) = ?
670 +++ exited with 1 +++
Regards
Harri
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
