thr3ads.net - dovecot - How to prevent, or change priority, of dovecot's FAILed relay-submission to relay's IPv6 address, and submit ONLY/first to IPv4? [Apr 2021]

If this information is useful, please help other people find it:
Share via:

@lbutlr

2021-Apr-09 12:08 UTC

How to prevent, or change priority, of dovecot's FAILed relay-submission to relay's IPv6 address, and submit ONLY/first to IPv4?

On 08 Apr 2021, at 06:08, PGNet Dev <pgnet.dev at gmail.com>
wrote:> whereas other services listen at both IPv4 & IPv6 addresses, with IPv6
preferred over IPv4, postfix listens ONLY on IPv4,
Do you mean that YOUR postfix only listens to ipv4? If so, wouldn't the
solution be to setup postfix to listen to ipv6?

Postfix added support for IPv6 back in version 2 days.

   inet_protocols = ipv4, ipv6 

or

   inet_protocols = all

(My ISP does not provide IPv6, so I have little experience with it, so entirely
possible I am missing something here).


-- 
Eliot: Jesus. Alice has gone full Harry Potter part seven/eight over there.
Margo: God, I hope we're winning.

PGNet Dev

2021-Apr-09 13:19 UTC

head link

How to prevent, or change priority, of dovecot's FAILed relay-submission to relay's IPv6 address, and submit ONLY/first to IPv4?

On 4/9/21 8:08 AM, @lbutlr wrote:> On 08 Apr 2021, at 06:08, PGNet Dev <pgnet.dev at gmail.com> wrote:
>> whereas other services listen at both IPv4 & IPv6 addresses, with
IPv6 preferred over IPv4, postfix listens ONLY on IPv4,
> 
> Do you mean that YOUR postfix only listens to ipv4?
Yep.
> If so, wouldn't the solution be to setup postfix to listen to ipv6?
That would work, of course, but that's not the point.  I'm not planning
to open postfix listener on the public IPv6 in order to accommodate one service
connection (Dovecot's relay submit), only to have to add add'l knobs to
lock down access.

And it's a bad assumption that since the host is dual-stack that all
services on it will be.

The 'solution' is to have Dovecot relay submit connect where & how
you TELL it to connect, NOT where it assumes it's OK to connect.

It's already possible to set

  submission_relay_host         submission_relay_port        
submission_relay_ssl          submission_relay_ssl_verify  
submission_relay_trusted
in order to specify exactly how/where to securely connect for relay.

It's a head scratcher what the philosophical reticence is for completing the
picture with a

  submission_relay_inet_protocols

or somesuch.
> Postfix added support for IPv6 back in version 2 days.
> 
>     inet_protocols = ipv4, ipv6
> 
> or
> 
>     inet_protocols = all
> 
> (My ISP does not provide IPv6, so I have little experience with it, so
entirely possible I am missing something here).
> 
>

dovecot - Apr 2021 - How to prevent, or change priority, of dovecot's FAILed relay-submission to relay's IPv6 address, and submit ONLY/first to IPv4?

How to prevent, or change priority, of dovecot's FAILed relay-submission to relay's IPv6 address, and submit ONLY/first to IPv4?

How to prevent, or change priority, of dovecot's FAILed relay-submission to relay's IPv6 address, and submit ONLY/first to IPv4?