bpkroth
unread,Jan 13, 2012, 11:38:16 AM1/13/12You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to
I've got a mail server dedicated to handling outbound mail to the rest
of the world. It has service IPs (both IPv4 and IPv6) that I use
DAEMON_OPTIONS (DaemonPortOptions) and CLIENT_OPTIONS
(ClientPortOptions) to force it to use for all inbound and outbound
connections. Examples are below (addresses mangled slightly).
DAEMON_OPTIONS(`Name=MTA-v4, M=AEfr, Port=smtp, Family=inet,
Address=10.2.0.54')dnl
DAEMON_OPTIONS(`Name=MTA-v6, M=Efr, Port=smtp, Family=inet6,
Address=fded::9592:1317:8309:5893')
DAEMON_OPTIONS(`Name=MTA-v4-local, Port=smtp, Family=inet,
Address=127.0.0.1')
DAEMON_OPTIONS(`Name=MTA-v6-local, Port=smtp, Family=inet6, Address=::
1')
CLIENT_OPTIONS(`Family=inet, Address=10.2.0.54')dnl
CLIENT_OPTIONS(`Family=inet6, Address=fded::0:9592:1317:8309:5893')
Internally it receives everything on IPv6 addresses, so I can't
specify M=b on the DAEMON_OPTIONS, else most mail won't go out since
most external mx servers don't have IPv6 advertised.
However, sometimes (perhaps 1 out of 50 messages?), the CLIENT_OPTIONS
are ignored and a connection is made to a remote server over the
machine's management ip (10.2.0.175 - it's on the same interface eth0
and subnet - the service ip is on eth0:1).
To prevent this I've temporarily added iptables rules to reject
outbound port 25 connections from the management ip. No errors show
up in the sendmail logs, and the mail appears to still be successfully
delivered over the service ip.
Can anyone explain what's going on here? Is it a bug? I tried
reading through some of the source code, but can't quite see why this
should be happening.
Let me know if you need any more info.
Thanks,
Brian