Postfix doesn't fall back on other IP addresses
in [Postfix]
|
Prev: outbound sender
Next: order in cidr_table
From: Erik Logtenberg on 4 Mar 2010 11:56 Hi, I noticed that Postfix doesn't fall back on other IP addresses associated with a certain MX-server when it fails to accept mail, but only uses the firs IP address it finds. If that fails, Postfix will move on to the next MX-server, but won't try any other available IP addresses for each of the MX-servers. This can be particularly troublesome for MX-servers with both IPv4 and IPv6 addresses, where Postfix will only use the IPv6 address (assuming postfix is configured with both IPv4 and IPv6 enabled), but won't fall back on the IPv4 address if IPv6 fails. For clarity, the setup I'm describing looks as follows: example.com. IN MX 10 mx1.example.com. example.com. IN MX 10 mx2.example.com. mx1.example.com. IN A some.IPv4.add.ress mx1.example.com. IN AAAA some:IPv6:add:ress mx2.example.com. IN A some.IPv4.add.ress mx2.example.com. IN AAAA some:IPv6:add:ress Postfix will try the IPv6-address of mx1, and if that fails it'll ignore the IPv4-address of mx1, but will skip to mx2 right away. It'll try the IPv6 address of mx2 and if that also fails, then this delivery attempt defers alltogether. If for some reason there is something wrong with IPv6 connectivity (which unfortunately appears to happen quite often now that IPv6 becomes more widely spread but people don't always quite understand it yet), then postfix won't be able to deliver mail at all because of this behaviour. As long as there is at least one IPv4-only MX-server, one wouldn't notice this behaviour. However as soon as you're being "really good" and equip all your MX-servers with IPv6 addresses, then all of a sudden postfix setups with broken IPv6 connectivity will stop delivering mail. In my humble opinion, it would be way better if postfix would only give up on an MX after it tried all available IP addresses. Or at the very least after trying at least one IPv4 and one IPv6 address, but I'd strongly prefer trying all available IP addresses before giving up. Any thoughts? Kind regards, Erik Logtenberg.
From: Wietse Venema on 4 Mar 2010 16:27 Erik Logtenberg: > Hi, > > I noticed that Postfix doesn't fall back on other IP addresses > associated with a certain MX-server when it fails to accept mail, but > only uses the firs IP address it finds. If that fails, Postfix will move > on to the next MX-server, but won't try any other available IP addresses > for each of the MX-servers. Do show concrete evidence, please, as requested in the mailing list welcome message. As distributed by me, Postfix tries up to $smtp_mx_address_limit (default: 5) server IP addresses, and it stops after $smtp_mx_session_limit (default: 2) SMTP sessions. Note: that is five IP addresses and two sessions. Of course it is possible that some distributor modifies Postfix to enforce their personal preferences on all users, but that is not my problem. We still have a choice of operating systems. Wietse
From: Erik Logtenberg on 4 Mar 2010 17:10 Hi Wietse, Ah, seems you were right after all: most bugs are indeed solved by reading the manual ;) Anyway, I think now I understand what's going on. The distribution that I use (Fedora 12) left those two settings to their default. In this specific case the setting of 5 IP's just isn't high enough, since this host has 22 IP addresses, 11 of which are IPv6. So after trying the first 5 (all IPv6), postfix hasn't tried any IPv4 address yet. I see in the documentation that I can actually disable this limitation. Is there a good reason why I shouldn't want to do this? Any kind of denial of service attack that disabling this limit would make possible? Kind regards, Erik. On 03/04/2010 10:27 PM, Wietse Venema wrote: > Erik Logtenberg: >> Hi, >> >> I noticed that Postfix doesn't fall back on other IP addresses >> associated with a certain MX-server when it fails to accept mail, but >> only uses the firs IP address it finds. If that fails, Postfix will move >> on to the next MX-server, but won't try any other available IP addresses >> for each of the MX-servers. > > Do show concrete evidence, please, as requested in the mailing > list welcome message. > > As distributed by me, Postfix tries up to $smtp_mx_address_limit > (default: 5) server IP addresses, and it stops after > $smtp_mx_session_limit (default: 2) SMTP sessions. > > Note: that is five IP addresses and two sessions. > > Of course it is possible that some distributor modifies Postfix to > enforce their personal preferences on all users, but that is not > my problem. We still have a choice of operating systems. > > Wietse
From: Wietse Venema on 4 Mar 2010 17:25 Erik Logtenberg: > Hi Wietse, > > Ah, seems you were right after all: most bugs are indeed solved by > reading the manual ;) > > Anyway, I think now I understand what's going on. The distribution that > I use (Fedora 12) left those two settings to their default. In this > specific case the setting of 5 IP's just isn't high enough, since this > host has 22 IP addresses, 11 of which are IPv6. So after trying the > first 5 (all IPv6), postfix hasn't tried any IPv4 address yet. > > I see in the documentation that I can actually disable this limitation. > Is there a good reason why I shouldn't want to do this? Any kind of > denial of service attack that disabling this limit would make possible? People who configure MX records should read the SMTP RFC, in particular section 5. "Address Resolution and Mail Handling. By design, Postfix enforces sane limits on ALL information. In the case of SMTP server IP addresses. Such limits protect Postfix against abusive sites. Wietse > Kind regards, > > Erik. > > > On 03/04/2010 10:27 PM, Wietse Venema wrote: > > Erik Logtenberg: > >> Hi, > >> > >> I noticed that Postfix doesn't fall back on other IP addresses > >> associated with a certain MX-server when it fails to accept mail, but > >> only uses the firs IP address it finds. If that fails, Postfix will move > >> on to the next MX-server, but won't try any other available IP addresses > >> for each of the MX-servers. > > > > Do show concrete evidence, please, as requested in the mailing > > list welcome message. > > > > As distributed by me, Postfix tries up to $smtp_mx_address_limit > > (default: 5) server IP addresses, and it stops after > > $smtp_mx_session_limit (default: 2) SMTP sessions. > > > > Note: that is five IP addresses and two sessions. > > > > Of course it is possible that some distributor modifies Postfix to > > enforce their personal preferences on all users, but that is not > > my problem. We still have a choice of operating systems. > > > > Wietse > > >
From: Victor Duchovni on 4 Mar 2010 17:41
On Thu, Mar 04, 2010 at 11:10:37PM +0100, Erik Logtenberg wrote: > Anyway, I think now I understand what's going on. The distribution that > I use (Fedora 12) left those two settings to their default. In this > specific case the setting of 5 IP's just isn't high enough, since this > host has 22 IP addresses, 11 of which are IPv6. So after trying the > first 5 (all IPv6), postfix hasn't tried any IPv4 address yet. If your system has no useful IPv6 connectivity, disable IPv6 in Postfix. http://www.postfix.org/inet_protocols -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note. |