From owner-freebsd-ports Fri Oct 26 23:30: 8 2001 Delivered-To: freebsd-ports@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id F15BA37B403 for ; Fri, 26 Oct 2001 23:30:00 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f9R6U0m58805; Fri, 26 Oct 2001 23:30:00 -0700 (PDT) (envelope-from gnats) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 2BA2937B403 for ; Fri, 26 Oct 2001 23:20:13 -0700 (PDT) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f9R6KDV56989; Fri, 26 Oct 2001 23:20:13 -0700 (PDT) (envelope-from nobody) Message-Id: <200110270620.f9R6KDV56989@freefall.freebsd.org> Date: Fri, 26 Oct 2001 23:20:13 -0700 (PDT) From: Hidenori Ishikawa To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: ports/31527: "reject_unknown_client" configuration problem of postfix on IPv6 Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 31527 >Category: ports >Synopsis: "reject_unknown_client" configuration problem of postfix on IPv6 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Oct 26 23:30:00 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Hidenori Ishikawa >Release: 4.4-RELEASE >Organization: Chiba BSD Users Group >Environment: FreeBSD melchior.geofront.magisystem.net 4.4-RELEASE FreeBSD 4.4-RELEASE #0: Sun Sep 16 10:55:49 JST 2001 root@casper.geofront.magisystem.net:/raid0/src/4.4-RELEASE/src/sys/compile/SMP-4.4-RELEASE i386 >Description: Postfix-20010228.5_1 contains smtpd client restriction ability, called "smtpd_client_restrictions". One of the options of that, "reject_unknown_client" denies access from a client whose IP address cannot be reversely resolved. However, because most of the IPv6 addresses are not able to be reversely resolved, this function disables access from most of the IPv6 clients. This is a serious problem for MX servers which is also IPv6 reachable. >How-To-Repeat: Install Postfix-20010228.5_1 package. Add "smtpd_client_restrictions = reject_unknown_client" into main.cf. Send any mail to that host from a host whose IPv6 address is not reversely resolutional, via IPv6. Possibly, your access will be denied. >Fix: Please use the following patch. NOTE: this is the same method, used for "reject_maps_rbl". --- src/smtpd/smtpd_check.c.orig Sat Oct 27 14:11:01 2001 +++ src/smtpd/smtpd_check.c Sat Oct 27 14:49:05 2001 @@ -685,9 +685,16 @@ static int reject_unknown_client(SMTPD_STATE *state) { char *myname = "reject_unknown_client"; + struct in_addr a; if (msg_verbose) msg_info("%s: %s %s", myname, state->name, state->addr); + + /* + * IPv4 only for now + */ + if (inet_pton(AF_INET, state->addr, &a) != 1) + return SMTPD_CHECK_DUNNO; if (strcasecmp(state->name, "unknown") == 0) return (smtpd_check_reject(state, MAIL_ERROR_POLICY, >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message