• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

SMTP

Started by jln, April 03, 2014, 03:49:32 AM

Previous topic - Next topic

jln

Hi everyone,

I have a problem with sendmail on a fedora distribution.
It was working but not anymore.

==========
[root@ns sbin]# ip6tables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

[root@ns sbin]# lsof -i TCP:25
COMMAND    PID USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
sendmail 30654 root    4u  IPv4 30418180      0t0  TCP *:smtp (LISTEN)
sendmail 30654 root    6u  IPv6 30418182      0t0  TCP ns.stben.net:smtp (LISTEN)
sendmail 30654 root    7u  IPv6 30418183      0t0  TCP router.stben.net:smtp (LISTEN)
[root@ns sbin]# telnet 2001:470:792a::108 25
Trying 2001:470:792a::108...
telnet: connect to address 2001:470:792a::108: Connection refused
==========

I did it from the machine connected to internet.
That machine has 2 interfaces p3p1 [2001:470:792a::108/212.68.197.108] connected to internet
and p1p1 [2001:470:792a:1::1/10.149.85.30] connected to my internal net.
http://www.stben.net/phpsysinfo/

I can't find out what was gone wrong.
Could you help please?

Thanks.

Bye,
Jean-Louis

jln

Everything is all right now!
A misconfiguration.

sendmail.cf
==========
O DaemonPortOptions=Name=IPv6, Addr=2001:470:792a::108, Family=inet6
==========
I changed the IP address of the interface and forgot to change it in sendmail.cf!

snarked

OK, but is there a reason why you bind to a specific IPV6 address instead of "IPv6_Any" ("::")?  I find it more efficient to let sendmail bind to the wildcard address and let the firewall determine which IPv6 addresses are valid incoming destinations.

jln

If you look how sendmail reacts under ipv6 (my first post) it's not the same
than in ipv4.
ipv4 has only one bind.
ipv6 one bind for each interface.

snarked

It doesn't act that way for me.  I compile a custom kernel from the source at ftp.kernel.org.

jln

I use a standard Fedora (release 20).
Do you change sendmail.mc or sendmail.cf?

kriteknetworks

I attempted to connect, worked fine.

telnet 2001:470:792a::108 25                                                                       
Trying 2001:470:792a::108...
Connected to ns.stben.net.
Escape character is '^]'.
220 ns.stben.net ESMTP Sendmail 8.14.8/8.14.5; Sun, 6 Apr 2014 16:30:38 +0200

jln

Sure!
Everything is fine now. 8)

snarked

I use a sendmail.mc file and compile it through the M4 processor into a .cf file.  However, that shouldn't make a difference at all.

You don't need two IPv6 sockets - using an IPv6_addr_any (::0) socket will save one and do the same thing, and this also works for IPv4 (at least on my kernel):
QuoteDAEMON_OPTIONS(`Name=MTA, Family=inet6, Modifier=AEbf,Port=smtp')dnl
You may also want to enable this for local submissions:
QuoteDAEMON_OPTIONS(`Name=MSA, Family=inet6, Modifier=Eau, Port=submission')dnl
And such results in these open "files" (others deleted):
Quotesendmail    993     root    4u     IPv6               6962          0t0        TCP *:submission (LISTEN)
sendmail    993     root    6u     IPv6               6964          0t0        TCP *:smtp (LISTEN)

jln

Could you post the line generated please?
Thanks.

snarked

QuoteO DaemonPortOptions=Name=MSA, Family=inet6, Modifier=Eau, Port=submission
O DaemonPortOptions=Name=MTA, Family=inet6, Modifier=AEbf,Port=smtp

jln