Date: Fri, 26 Oct 2001 23:20:13 -0700 (PDT) From: Hidenori Ishikawa <hideishi@magisystem.net> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/31527: "reject_unknown_client" configuration problem of postfix on IPv6 Message-ID: <200110270620.f9R6KDV56989@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 31527
>Category: ports
>Synopsis: "reject_unknown_client" configuration problem of postfix on IPv6
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Fri Oct 26 23:30:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: Hidenori Ishikawa
>Release: 4.4-RELEASE
>Organization:
Chiba BSD Users Group
>Environment:
FreeBSD melchior.geofront.magisystem.net 4.4-RELEASE FreeBSD 4.4-RELEASE #0: Sun Sep 16 10:55:49 JST 2001 root@casper.geofront.magisystem.net:/raid0/src/4.4-RELEASE/src/sys/compile/SMP-4.4-RELEASE i386
>Description:
Postfix-20010228.5_1 contains smtpd client restriction ability, called
"smtpd_client_restrictions".
One of the options of that, "reject_unknown_client" denies access from
a client whose IP address cannot be reversely resolved.
However, because most of the IPv6 addresses are not able to be reversely
resolved, this function disables access from most of the IPv6 clients.
This is a serious problem for MX servers which is also IPv6 reachable.
>How-To-Repeat:
Install Postfix-20010228.5_1 package.
Add "smtpd_client_restrictions = reject_unknown_client" into main.cf.
Send any mail to that host from a host whose IPv6 address is not
reversely resolutional, via IPv6.
Possibly, your access will be denied.
>Fix:
Please use the following patch.
NOTE: this is the same method, used for "reject_maps_rbl".
--- src/smtpd/smtpd_check.c.orig Sat Oct 27 14:11:01 2001
+++ src/smtpd/smtpd_check.c Sat Oct 27 14:49:05 2001
@@ -685,9 +685,16 @@
static int reject_unknown_client(SMTPD_STATE *state)
{
char *myname = "reject_unknown_client";
+ struct in_addr a;
if (msg_verbose)
msg_info("%s: %s %s", myname, state->name, state->addr);
+
+ /*
+ * IPv4 only for now
+ */
+ if (inet_pton(AF_INET, state->addr, &a) != 1)
+ return SMTPD_CHECK_DUNNO;
if (strcasecmp(state->name, "unknown") == 0)
return (smtpd_check_reject(state, MAIL_ERROR_POLICY,
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200110270620.f9R6KDV56989>