I'm having a new problem with ipv6.  I'm running Debian (mostly testing
release) on my laptop, with Postfix running simply to allow mutt to send
when I don't have connectivity.  The relevant postconf entries (full
postconf -n below):

inet_protocols = all   (default; not specified in main.cf)
relayhost = [florina.renich.org]:587

On March 10, I have this log entry:

Mar 10 08:59:49 basil postfix/smtp[10878]: C0CFC2401AA: 
to=<recipie...@host1.example.com>, 
relay=florina.renich.org[64.150.161.163]:587, delay=1.5, 
delays=0.13/0.04/1.2/0.11, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 
84B16680B0)

That was the last successful delivery through relayhost.  The next
outgoing message was on March 21:

Mar 21 14:42:45 basil postfix/smtp[12587]: 3AF35240229: 
to=<recipie...@host2.example2.com>, relay=none, delay=0.47, 
delays=0.25/0.22/0/0, dsn=4.4.3, status=deferred (Host or domain name not 
found. Name service error for name=florina.renich.org type=AAAA: Host not 
found, try again)

Postfix was last updated on February 5, from Debian postfix 3.1.4-3 to
3.1.4-4.  etckeeper shows that the last changes to Postfix configuration
came from that upgrade on that date (dynamicmaps.cf, makedefs.out, and
/etc/aliases.db).  mail.log shows Postfix was restarted on March 3, 11,
12, and 18.

The DNS information for the relayhost has not changed in a long time,
and it has never had an ipv6 entry (I control the tinydns server that is
authoritative for that domain).  From my laptop, various tools (host,
dig, nslookup, dnsip) have no trouble resolving the relayhost's address,
returning the correct ipv4 address.  I even did a raw dump of the result
from getaddrinfo("florina.renich.org", "587", ...) and got the expected
result.

First, why would the DNS query correctly give the ipv4 address on Mar
10, but then fail saying it could not find an ipv6 entry on Mar 21?  I
can find no configuration change or program version change that would
explain this.

Second, I would expect that with inet_protocols = all that if an ipv6
lookup fails, it would try an ipv4 lookup.  Is that not the case?  Do I
need to explicitly specify which hosts should use ipv4?

Third, I found a serverfault.com post[1] from 2014 where the answer said
to use a transport map with an entry like

example.com smtp-ipv4:[mail.domain.com]

but it did not say anything about creating a service smtp-ipv4 in
master.cf; was this answer just missing that info?  Does the default
Postfix config have that entry, but the Debian package doesn't?  That
same answer said that with inet_protocols=all Postfix should try ipv6
first, then fall back to ipv4.

Since on my laptop, I am always sending through the relayhost, is the
best solution to just set inet_protocols = ipv4?  Is there a better
solution?

This is what I have done for now, and it works, but I have other Postfix
servers, including the one on the relayhost (which has not yet shown any
problem), and as it delivers globally, I would like to understand why my
laptop's Postfix is having trouble.

Thanks...Marvin

[1] http://serverfault.com/questions/577134/postfix-host-or-domain-not-found

# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
home_mailbox = Maildir/
html_directory = /usr/share/doc/postfix/html
inet_interfaces = loopback-only
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = basil.localdomain, localhost.localdomain, localhost
myhostname = basil.localdomain
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = /usr/share/doc/postfix
recipient_delimiter = -
relayhost = [florina.renich.org]:587
smtp_generic_maps = hash:/etc/postfix/generic
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
smtp_sasl_security_options = noanonymous, noplaintext
smtp_sasl_tls_security_options = noanonymous
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated 
defer_unauth_destination
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

Reply via email to