[Discuss] [SOLVED] Re: Any Postfix + ipv6 people out there?
Derek Atkins
warlord at MIT.EDU
Mon Jun 4 09:56:20 EDT 2012
Hi,
Daniel Hagerty <hag at linnaean.org> writes:
> "Derek Atkins" <derek at ihtfp.com> writes:
>
>> Yes, I'm sure. I need this to work for a while during a transition phase.
>> Right now my ipv6 address space is over a tunnel that I do not want to use
>> for general traffic, which is why I don't want to just turn on v6 for
>> everything. I'd be happy to somehow turn off link local addresses, but I
>> don't know how to do that, frankly. But honestly it should be
>> straightforward to debug postfix to figure out why it's blocking my local
>> hosts when they come in via v6 link-local but not when they come in via
>> v6-public or via v4.
>
> ULA (rfc4193, fd00::/8 addresses that you generate randomly, don't
> need scope)? You can't turn link local off, it's similar to "I want to
> run tcp without this pesky IP thing". Unlike link-local, ULA isn't
> magic "no-routing, avoid selecting this address" sauce. Much like
> rfc1918 in these regards.
>
> ACL processing is a specific area that's prone to breakage when
> something has a slight flub in link-local handling. The fact that it
> let you specify nonsense without complaining doesn't make me feel warm
> and fuzzy about it's handling of link local being 100% sane.
>
> Can't help you with the detailed postfix debugging, it hasn't given
> me a lot of reason to get that angry with in longer than memory for that
> level of detail. The source is somewhat approachable as I remember, if
> only to find out how to crank the debugging up.
FYI, the issue was due to the way linux handles link local scoping and
postfix not handling that in the string. I.e., Linux declared the
address to be fe80::...%eth0, and postfix didn't like the "%eth0" part.
Somewhere between 2.7.7 and 2.9.2 postfix was patched to remove the
trailing "%..." portion, so upgrading to 2.9.2 fixed the problem for me.
IPv6 link local addresses now match properly. I'm sending this for the
logs and for future generations of researchers :)
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
More information about the Discuss
mailing list