[Discuss] Any Postfix + ipv6 people out there?

[derek at ihtfp.com (Derek Atkins)]

On Thu, May 31, 2012 1:43 pm, Daniel Hagerty wrote:
> "Derek Atkins" <derek at ihtfp.com> writes:
>
>> In either case it is most likely a postfix configuration issue, but I'm
>> at
>> a loss for how to fix it.  I added [fe80::]/10 to mynetworks, but I
>> haven't been able to figure out how to get it to output more debugging
>> to
>> tell me exactly which rules are affecting the mail.
>
>     fe80:: addresses are lacking meaning without a scope indicator.  Try
> [fe80::%eth0]/10 for mynetworks, rather than what you did.

Sorry, I did do this (I was being terse in my last reply).  I actually
tried both [fe80::]/10 and [fe80::%eth0]/10 in mynetworks.  Neither seems
to have worked.

>     That it even let you say that is probably a bug.  Scoped addressing
> is a corner case, with all of the bugs that come with it.  Are you sure
> you wouldn't rather be using a relatively debugged scopeless address?

Yes, I'm sure.  I need this to work for a while during a transition phase.
Right now my ipv6 address space is over a tunnel that I do not want to use
for general traffic, which is why I don't want to just turn on v6 for
everything.  I'd be happy to somehow turn off link local addresses, but I
don't know how to do that, frankly.  But honestly it should be
straightforward to debug postfix to figure out why it's blocking my local
hosts when they come in via v6 link-local but not when they come in via
v6-public or via v4.

Alternatively I can just specify the handful of sender addresses as
whitelisted, but I'd rather do it via address than sender-from.

I can't figure out how to get postfix to log its processing to tell me
what is being permitted/denied..  Maybe smtpd_log_access_permit_actions =
static:all?

-derek

-- 
       Derek Atkins                 617-623-3745
       derek at ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant