Zitat von postfix <post...@ayni.com>:
Hi listers[r...@mailhost ~]# rpm -q postfix postfix-2.5.6-3.fc11.i586 [r...@mailhost ~]# [r...@mailhost ~]# postconf -n alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases anvil_rate_time_unit = 60s command_directory = /usr/sbin config_directory = /etc/postfix content_filter = daemon_directory = /usr/libexec/postfix data_directory = /data/postfix/cache debug_peer_level = 2 defer_transports = disable_dns_lookups = no html_directory = no inet_interfaces = all inet_protocols = all local_recipient_maps = proxy:ldap:/etc/postfix/ldap-alias.cf mail_owner = postfix mailbox_command = mailbox_transport = mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = root mydestination = localhost.$mydomain mydomain = $myhostname myhostname = mailhost.mydomain.com mynetworks = 192.168.97.0/24, aaa.bbb.206.128/27, [2002:uuuu:vvvv::]/64 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /data/postfix/queues readme_directory = /usr/share/doc/postfix-2.5.6/README_FILES relay_domains = permit_sasl_authenticated, permit_mynetworks relayhost = sample_directory = /usr/share/doc/postfix-2.5.6/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_client_connection_count_limit = 5 smtpd_client_connection_rate_limit = 22 smtpd_client_event_limit_exceptions = $mynetworks smtpd_client_recipient_rate_limit = 100smtpd_client_restrictions = permit_sasl_authenticated, hash:/etc/postfix/whitelist, hash:/etc/postfix/accesssmtpd_delay_reject = yes smtpd_helo_required = yessmtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/etc/postfix/helo_checks, reject_invalid_hostname smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access hash:/etc/postfix/check_recipients, check_recipient_access hash:/etc/postfix/access, reject_rbl_client mail-abuse.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client cbl.abuseat.org, reject_rhsbl_client mail-abuse.org, reject_rhsbl_client sbl-xbl.spamhaus.org, reject_rhsbl_client blackholes.easynet.nl, reject_rhsbl_client cbl.abuseat.org check_recipient_access ldap:/etc/postfix/ldap-spamfilter.cf, permitsmtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = postfixsmtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_sender_domain, hash:/etc/postfix/whitelist, check_sender_access hash:/etc/postfix/access, reject_rhsbl_sender dsn.rfc-ignorant.orgstrict_rfc821_envelopes = no transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_maps = proxy:ldap:/etc/postfix/ldap-alias.cf virtual_gid_maps = static:89 virtual_mailbox_base = /data/postfix/maildrop/ virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap-domain.cf virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap-mailbox.cf virtual_minimum_uid = 51 virtual_transport = virtual virtual_uid_maps = static:89 [r...@mailhost ~]# 1. Problem: format of IPv6 address in mynetworksAfter many trials, I have found out that the ipv6 Address in the mynetworks attribute must have a double semicolon at the end, otherwise the smtpd server throttles:Oct 25 12:40:10 mailhost postfix/smtpd[5019]: connect from myclient.mydomain.com[2002:uuuu:vvvv:1::21] Oct 25 12:40:10 mailhost postfix/smtpd[5019]: fatal: bad net/mask pattern: "2002:uuuu:vvvv:/64"
As far as i remember you must specify the whole network address + präfix so the net/mask is indeed wrong.
2. Problem: permit_mynetworks with IPv6 addresses does not workBut after having found out and changed that, postfix all the same did not accept an unauthorized connection via IPv6, even if I had specified for relay_domains permit_mynetworksOct 25 12:53:07 mailhost postfix/smtpd[5298]: connect from myclient.mydomain.com[2002:uuuu:vvvv:1::21] Oct 25 12:53:08 mailhost postfix/smtpd[5298]: NOQUEUE: reject: RCPT from myclient.mydomain.com[2002:uuuu:vvvv:1::21]: 554 5.7.1
The address 2002:uuuu:vvvv:1::21 is not within 2002:uuuu:vvvv::/64 as far as i can tell. You should use 2002:uuuu:vvvv:1::/64 instead in mynetworks. The :: means all zero if memory serves me right.
Regards Andreas
smime.p7s
Description: S/MIME Cryptographic Signature