Quantcast

Fallback to IPV4 in case of IPV6 is not available

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
16 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Fallback to IPV4 in case of IPV6 is not available

mahe-2
Hi,

My ISP is blocking outside SMTP connection except their own SMTP relay with
authentication, so

I've in /etc/transport
* smtp:smtp.domain.com:587 with SASL configuration to authenticate

I recently activated the IPV6 configuration on my BOX and I'm able to
connect to an IPV6 Address on port 25.

So I would like to use IPV6 for default outgoing transport and in case of
trouble, I want to use my current configuration with my ISP SMTP relay and
authentication.

I tried to use fallback_transport_map = /etc/transport_fallback with the
current configuration of /etc/transport and I changed in /etc/transport the
default transport to be

* smtp-ipv6:

The smtp-ipv6 is defined in /etc/master like this

smtp-ipv6 unix    -       -       y       -       -       smtp
       -o inet_protocols=ipv6

postfix/error[8666]: 2AEACA0093: to=<[hidden email]>, relay=none,
delay=656, delays=654/1.2/0/0.03, dsn=4.3.0, status=deferred (unknown mail
transport error)

What is wrong in my settings. Any help will be appreciated.

Franck MAHE
-------------------------------------------


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fallback to IPV4 in case of IPV6 is not available

Wietse Venema
Postfix can be configured to try IPv6 before IPv4 (with
smtp_address_preference), but that feature is independent from
routing features such as transport_maps, smtp_fallback_relay, and
so on. That is, there are no ipv6_transport_maps or
ipv4_smtp_fallback_relay features.

I suggest you just keep sending mail via the IPv4 smarthost.

        Wietse
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Fallback to IPV4 in case of IPV6 is not available

mahe-2
Hi Wietse,

That is to say it must work with a second instance of POSTFIX?

Let say that it will use IPV6 as default for outgoing smtp and a
fallback on
the same host that will use IPV4. Correct?



Franck MAHE
-------------------------------------------

-----Message d'origine-----
De : [hidden email]
[mailto:[hidden email]] De la part de Wietse Venema
Envoyé : samedi 25 mars 2017 15:44
À : Postfix users <[hidden email]>
Objet : Re: Fallback to IPV4 in case of IPV6 is not available

Postfix can be configured to try IPv6 before IPv4 (with
smtp_address_preference), but that feature is independent from
routing features such as transport_maps, smtp_fallback_relay, and
so on. That is, there are no ipv6_transport_maps or
ipv4_smtp_fallback_relay features.

I suggest you just keep sending mail via the IPv4 smarthost.

        Wietse

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fallback to IPV4 in case of IPV6 is not available

Paul C
I wish the world would use ipv6 enough for this to be worth doing, but
it's not going to have much benefit to you as there's almost no one
using it for smtp, from the last time I checked which was a few months
ago, google uses it perfectly, verizon too (maybe a few more cable
domains), yahoo looked like they were trying lol, website and some
services were v6 this year but smtp was not when I checked, hotmail
doesn't use it anywhere from what i can see, aol never will and almost
no self hosted mail server will have it. My guess is (unless gmail is
where most mail goes) that you might see a few percent like 1-5% of
mail ever use it. Not a bad research project or knowing v6, or if you
have other reasons, but actual sending out is just not happening any
time soon.

I suggest finding a better work around than v6, such as changing the
smtp port (I don't know how to do this in postfix but I believe it has
this option), or using a different smtp relay (your own hosted
somewhere else, 3rd party, etc), or even switching your email on your
domain to a service like gmail. Making the default v6 will probably
also cause lots of incoming mail problems and as Wietse said you will
lose a lot of your internal config. Between the confusion of outside
mail servers and your own, you will find lots of confusing issues,
there's a reason your ISP doesn't seem to care about blocking the v6
smtp port.

Paul


On Sat, Mar 25, 2017 at 12:29 PM, Franck MAHE <[hidden email]> wrote:

> Hi Wietse,
>
> That is to say it must work with a second instance of POSTFIX?
>
> Let say that it will use IPV6 as default for outgoing smtp and a
> fallback on
> the same host that will use IPV4. Correct?
>
>
>
> Franck MAHE
> -------------------------------------------
>
> -----Message d'origine-----
> De : [hidden email]
> [mailto:[hidden email]] De la part de Wietse Venema
> Envoyé : samedi 25 mars 2017 15:44
> À : Postfix users <[hidden email]>
> Objet : Re: Fallback to IPV4 in case of IPV6 is not available
>
> Postfix can be configured to try IPv6 before IPv4 (with
> smtp_address_preference), but that feature is independent from
> routing features such as transport_maps, smtp_fallback_relay, and
> so on. That is, there are no ipv6_transport_maps or
> ipv4_smtp_fallback_relay features.
>
> I suggest you just keep sending mail via the IPv4 smarthost.
>
>         Wietse
>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fallback to IPV4 in case of IPV6 is not available

Doug Barton
In reply to this post by Wietse Venema
On 03/25/2017 07:43 AM, Wietse Venema wrote:
> Postfix can be configured to try IPv6 before IPv4 (with
> smtp_address_preference)

Regarding that option, I've never understood the warning in postconf(5).
Doesn't that feature provide precedence, not exclusivity? Or put a
different way, if the site cannot be reached by IPv6, won't postfix
retry with IPv4?

Doug

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fallback to IPV4 in case of IPV6 is not available

Viktor Dukhovni

> On Mar 25, 2017, at 9:05 PM, Doug Barton <[hidden email]> wrote:
>
>> Postfix can be configured to try IPv6 before IPv4 (with
>> smtp_address_preference)
>
> Regarding that option, I've never understood the warning in postconf(5). Doesn't that feature provide precedence, not exclusivity? Or put a different way, if the site cannot be reached by IPv6, won't postfix retry with IPv4?

See

  http://www.postfix.org/postconf.5.html#inet_protocols
  http://www.postfix.org/postconf.5.html#smtp_address_preference

If IPv6 is explicitly preferred, rather than randomly selected as with:

        smtp_address_preference = any

then an MX host with sufficiently many IPv6 addresses will never be
tried over IPv4 because the number of connection attempts and SMTP
sessions are limited:

   http://www.postfix.org/postconf.5.html#smtp_mx_address_limit
   http://www.postfix.org/postconf.5.html#smtp_mx_session_limit

One or the other might be exceeded before any IPv4 addresses are
tried.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fallback to IPV4 in case of IPV6 is not available

Doug Barton
On 03/25/2017 06:43 PM, Viktor Dukhovni wrote:

>
>> On Mar 25, 2017, at 9:05 PM, Doug Barton <[hidden email]> wrote:
>>
>>> Postfix can be configured to try IPv6 before IPv4 (with
>>> smtp_address_preference)
>>
>> Regarding that option, I've never understood the warning in postconf(5). Doesn't that feature provide precedence, not exclusivity? Or put a different way, if the site cannot be reached by IPv6, won't postfix retry with IPv4?
>
> See
>
>   http://www.postfix.org/postconf.5.html#inet_protocols
>   http://www.postfix.org/postconf.5.html#smtp_address_preference
>
> If IPv6 is explicitly preferred, rather than randomly selected as with:
>
> smtp_address_preference = any
>
> then an MX host with sufficiently many IPv6 addresses will never be
> tried over IPv4 because the number of connection attempts and SMTP
> sessions are limited:
>
>    http://www.postfix.org/postconf.5.html#smtp_mx_address_limit
>    http://www.postfix.org/postconf.5.html#smtp_mx_session_limit
>
> One or the other might be exceeded before any IPv4 addresses are
> tried.

That makes sense, thanks. It might be nice to have that information, or
a pointer to it, included in postconf(5).

Doug

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fallback to IPV4 in case of IPV6 is not available

Viktor Dukhovni

> On Mar 25, 2017, at 9:51 PM, Doug Barton <[hidden email]> wrote:
>
>> See
>>
>> http://www.postfix.org/postconf.5.html#inet_protocols
>> http://www.postfix.org/postconf.5.html#smtp_address_preference
>>
>> If IPv6 is explicitly preferred, rather than randomly selected as with:
>>
>> smtp_address_preference = any
>>
>> then an MX host with sufficiently many IPv6 addresses will never be
>> tried over IPv4 because the number of connection attempts and SMTP
>> sessions are limited:
>>
>>  http://www.postfix.org/postconf.5.html#smtp_mx_address_limit
>>  http://www.postfix.org/postconf.5.html#smtp_mx_session_limit
>>
>> One or the other might be exceeded before any IPv4 addresses are
>> tried.
>
> That makes sense, thanks. It might be nice to have that information, or a pointer to it, included in postconf(5).

Patches welcome, send to this list or via:

  https://github.com/vdukhovni/postfix/pulls

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fallback to IPV4 in case of IPV6 is not available

allenc
In reply to this post by Wietse Venema


On 25/03/17 14:43, Wietse Venema wrote:
> Postfix can be configured to try IPv6 before IPv4 (with
> smtp_address_preference), but that feature is independent from
> routing features such as transport_maps, smtp_fallback_relay, and
> so on. That is, there are no ipv6_transport_maps or
> ipv4_smtp_fallback_relay features.
>

A slightly different approach:

You don't try to favour IPv6 over v4.  However -
If transport selects an IPv6 address, the message goes directly.
If transport selects IPv4, it goes via the smart-host relay.

Would this work?

It would be useful to me, as my (domestic) IPv4 address is listed in the
Spamhaus Policy blocklist,  whereas my 6-over-4 tunnel is "clean".

Allen C
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fallback to IPV4 in case of IPV6 is not available

Dirk Stöcker
In reply to this post by Paul C
On Sat, 25 Mar 2017, Paul C wrote:

> I wish the world would use ipv6 enough for this to be worth doing, but
> it's not going to have much benefit to you as there's almost no one
> using it for smtp, from the last time I checked which was a few months
> ago, google uses it perfectly, verizon too (maybe a few more cable
> domains), yahoo looked like they were trying lol, website and some
> services were v6 this year but smtp was not when I checked, hotmail
> doesn't use it anywhere from what i can see, aol never will and almost
> no self hosted mail server will have it. My guess is (unless gmail is
> where most mail goes) that you might see a few percent like 1-5% of
> mail ever use it. Not a bad research project or knowing v6, or if you
> have other reasons, but actual sending out is just not happening any
> time soon.

I don't see any big difference in IPv6 for mail servers and web pages
(different stats state IPV6 usage between 6 and 15% ATM, growing
exponentially).

Checking my current logfiles of the last few days and stripping all
duplicate entries (IP addresses or domain names indicate they are same) I
get following results (for outgoing TLS connections):

Server 1: 5 / 24 == 17% IPv6
Server 2: 12 / 137 = 8% IPv6

Note, that all of the IPv6 servers are also in the IPv4 list because of
the way postfix handles sending.

The percentage of IPv6 connections is much higher, as many mails go the
IPv6 hosts (especially because of google hosts), whereas all the others
get only little mail. Probably stats are lower for non TLS connections,
but who cares about these...

So while a suggestion not to care about IPv6 may have been valid in 2014.
It is simply wrong in 2017.

P.S. For server 2 simply counting IP addresses it is 78 / 330 = 19% IPv6.

Ciao
--
http://www.dstoecker.eu/ (PGP key available)
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fallback to IPV4 in case of IPV6 is not available

A. Schulze


Am 26.03.2017 um 21:21 schrieb Dirk Stöcker:

> Checking my current logfiles of the last few days and stripping all duplicate entries (IP addresses or domain names indicate they are same) I get following results (for outgoing TLS connections):
>
> Server 1: 5 / 24 == 17% IPv6
> Server 2: 12 / 137 = 8% IPv6
>
> Note, that all of the IPv6 servers are also in the IPv4 list because of the way postfix handles sending.
>
> The percentage of IPv6 connections is much higher, as many mails go the IPv6 hosts (especially because of google hosts), whereas all the others get only little mail. Probably stats are lower for non TLS connections, but who cares about these...
>
> So while a suggestion not to care about IPv6 may have been valid in 2014. It is simply wrong in 2017.
>
> P.S. For server 2 simply counting IP addresses it is 78 / 330 = 19% IPv6.

Hello,

Dirk remind me I wrote a script years ago to gather delivery statistic by inet_protocol.
It happily mix german and english, misses documentation, may not be perfect at all but give a quick view on your delivery profile.

cat /var/log/mail.log | postdelivery_via_v4_or_v6

Andreas

postdelivery_via_v4_or_v6 (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fallback to IPV4 in case of IPV6 is not available

Doug Barton
In reply to this post by Dirk Stöcker
On 03/26/2017 12:21 PM, Dirk Stöcker wrote:
> So while a suggestion not to care about IPv6 may have been valid in
> 2014. It is simply wrong in 2017.

Here here!  And keep in mind that mobile providers are primarily v6
nowadays, so those numbers are only going up.

Doug
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fallback to IPV4 in case of IPV6 is not available

Benny Pedersen-2
Doug Barton skrev den 2017-03-26 22:16:
> On 03/26/2017 12:21 PM, Dirk Stöcker wrote:
>> So while a suggestion not to care about IPv6 may have been valid in
>> 2014. It is simply wrong in 2017.
>
> Here here!  And keep in mind that mobile providers are primarily v6
> nowadays, so those numbers are only going up.

it might be that i live in china where one cant get ipv6 mobile and a uk
plug for power, my current isp with mobile cant deliver any ipv6 on
mobile since it needs more bandwidth on 4G, not even there adsl lines
have enough bandwidth, thay say, and now sixxs and he.net stopped users
signup to get vpn with tunnels of ipv6, sadly :(

my phones have rfc1918 addr locally
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fallback to IPV4 in case of IPV6 is not available

Doug Barton
On 03/26/2017 02:48 PM, Benny Pedersen wrote:

> Doug Barton skrev den 2017-03-26 22:16:
>> On 03/26/2017 12:21 PM, Dirk Stöcker wrote:
>>> So while a suggestion not to care about IPv6 may have been valid in
>>> 2014. It is simply wrong in 2017.
>>
>> Here here!  And keep in mind that mobile providers are primarily v6
>> nowadays, so those numbers are only going up.
>
> it might be that i live in china where one cant get ipv6 mobile and a uk
> plug for power, my current isp with mobile cant deliver any ipv6 on
> mobile since it needs more bandwidth on 4G,

Not sure where this claim is coming from. What additional bandwidth does
IPv6 require?

> not even there adsl lines
> have enough bandwidth, thay say, and now sixxs and he.net stopped users
> signup to get vpn with tunnels of ipv6, sadly :(

Sixxs is shutting down, yes. But not HE:

https://tunnelbroker.net/

Doug
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fallback to IPV4 in case of IPV6 is not available

Rick Zeman-3
In reply to this post by Paul C
On Sat, Mar 25, 2017 at 2:48 PM, Paul C <[hidden email]> wrote:

> I wish the world would use ipv6 enough for this to be worth doing, but
> it's not going to have much benefit to you as there's almost no one
> using it for smtp, from the last time I checked which was a few months
> ago, google uses it perfectly, verizon too (maybe a few more cable
> domains), yahoo looked like they were trying lol, website and some
> services were v6 this year but smtp was not when I checked, hotmail
> doesn't use it anywhere from what i can see, aol never will and almost
> no self hosted mail server will have it. My guess is (unless gmail is
> where most mail goes) that you might see a few percent like 1-5% of
> mail ever use it. Not a bad research project or knowing v6, or if you
> have other reasons, but actual sending out is just not happening any
> time soon.

Comcast, surprisingly, is way ahead of the residential game:

Apr  1 16:17:12 miniserv postfix/smtp[79694]: Untrusted TLS connection
established to smtp.comcast.net[2001:558:fe21:2a::5]:587: TLSv1.2 with
cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Apr  1 16:17:12 miniserv postfix/smtp[79694]: 252483CACE40:
to=<[hidden email]>, relay=smtp.comcast.net[2001:558:fe21:2a::5]:587,
delay=1.6, delays=0/0/1.3/0.25, dsn=2.0.0, status=sent (250 2.0.0
uPSRcVCa8qoNEuPSSchbjZ mail accepted for delivery)
Apr  1 16:17:12 miniserv postfix/qmgr[62620]: 252483CACE40: removed
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fallback to IPV4 in case of IPV6 is not available

Viktor Dukhovni

> On Apr 1, 2017, at 4:19 PM, Rick Zeman <[hidden email]> wrote:
>
> Comcast, surprisingly, is way ahead of the residential game:

I am not surprised.  In addition to having IPv6 they also have
DNSSEC deployed, and have published working DANE TLSA records
for their MX hosts.  Bottom line, SMTP at Comcast is actively
maintained to modern standards.

--
        Viktor.

Loading...