Bug 31527

Summary: "reject_unknown_client" configuration problem of postfix on IPv6
Product: Ports & Packages Reporter: Hidenori Ishikawa <hideishi>
Component: Individual Port(s)Assignee: dwcjr
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description Hidenori Ishikawa 2001-10-27 07:30:00 UTC 
Postfix-20010228.5_1 contains smtpd client restriction ability, called
"smtpd_client_restrictions".
One of the options of that, "reject_unknown_client" denies access from
a client whose IP address cannot be reversely resolved.
However, because most of the IPv6 addresses are not able to be reversely
resolved, this function disables access from most of the IPv6 clients.
This is a serious problem for MX servers which is also IPv6 reachable.

Fix: Please use the following patch.

NOTE: this is the same method, used for "reject_maps_rbl".
How-To-Repeat: Install Postfix-20010228.5_1 package.
Add "smtpd_client_restrictions = reject_unknown_client" into main.cf.
Send any mail to that host from a host whose IPv6 address is not
reversely resolutional, via IPv6.
Possibly, your access will be denied.
Comment 1 Pete Fritchman freebsd_committer freebsd_triage 2001-10-30 11:07:53 UTC 
Responsible Changed
From-To: freebsd-ports->dwcjr

Over to maintainer
Comment 2 dwcjr 2001-10-30 19:22:05 UTC 
I will work on this, but have you tried submitting this to kame?
Comment 3 dwcjr 2001-11-06 14:54:10 UTC 
I just updated postfix to pl06 and it seems to have broken this patch, can
you please update and email to me or provide a link to the patch?  this
patch applies after a make patch has been done, correct?
Comment 4 dwcjr 2002-02-11 19:08:20 UTC 
IPv6 support hasn't been in postfix in quite some time, if you could
convince kame to update their patches I'd look at adding this again.
Comment 5 Munechika Sumikawa freebsd_committer freebsd_triage 2002-03-29 07:06:20 UTC 
State Changed
From-To: open->closed

The originator could not convince KAME developers.