Sendmail issue with IPv6

cname-recorddomain-name-systemipv6mx-recordsendmail

I have an email server configured with multiple-instance of sendmail running each on different IPv4 and IPv6 addresses.
Everything is running smooth until a point where for some domains/emails (apparently random) sendmail try to send the email from the IPv6 address instead of the IPv4 and I begin to receive messages like:

SYSERR(root): makeconnection: cannot bind socket [IPv6:2001:db8::2]: Address family not supported by protocol
to=<xxx@bad-domain.example>, delay=04:23:07, xdelay=00:00:00, mailer=esmtp, pri=11918385, relay=bad-domain.example. [198.51.100.5], dsn=4.0.0, stat=Deferred: Address family not supported by protocol

The IPv6 and IPv4 addresses was obfuscated.

What I observed, but I'm not sure that this is the issue, the MX record for the bad-domain is a CNAME instead of direct A or AAAA record.

I'm using Sendmail 8.14.5 on Fedora 16 all the IP's are statically configured (IPv4 + IPv6)
If the base issue can't be solved there is a way to instruct sendmail to use only IPv4 for a list of specified domains ?

An extract from the sendmail.mc:

CLIENT_OPTIONS(`Family=inet,Addr=192.0.2.2')dnl
CLIENT_OPTIONS(`Family=inet6,Addr=2001:db8::2')dnl
DAEMON_OPTIONS(`Name=MTA-v4,Family=inet,Addr=192.0.2.2')dnl
DAEMON_OPTIONS(`Name=MTA-v6,Family=inet6,Addr=2001:db8::2')dnl

some example for bad-domain:
donpac.ru, montevideo.com.uy, dalia-ingenierie.fr, opela.cz, orange.net, poisl.com.br, tamil.com, zerong.cn

LE:
all seems to have a CNAME as MX record and no one of the CNAME's resolv to IPv6

Best Answer

Whilst the comments above seem to suggest that this isn't a v4-by-domain issue, I had cause to need to do exactly what you describe, today, and found this question whilst searching.

The method I found to force v4 delivery on a domain-by-domain basis is to enable mailertable, by having

FEATURE(`mailertable')

in my sendmail.mc (if it's already there, you don't need to add it again). Then I force v4-based delivery by overriding the DNS And instructing delivery to go to a v4 address in the mailertable file; this is from /etc/mail/mailertable:

.example.com    esmtp:[260.240.18.38]
example.com     esmtp:[260.240.18.38]

I don't normally redact domain names, but I don't wish to embarrass the colleagues who have wrongly implemented smtp-over-ipv6, and thus need me to force delivery over v4. The IP address is obviously false, also; but in production it's the v4 address of their primary MX, taken from the DNS.

Where are the logs?

The default location depends on your linux/unix system, but the most common places are

/var/log/maillog
/var/log/mail.log
/var/adm/maillog
/var/adm/syslog/mail.log

If it's not there, look up /etc/syslog.conf. You should see something like this

mail.*         -/var/log/maillog

sendmail writes logs to the mail facility of syslog. Therefore, which file it gets written to depends on how syslog was configured.

If you system uses syslog-ng (instead of the more "traditional" syslog), then you'll have to look up your syslog-ng.conf file. You'll should something like this:

# This files are the log come from the mail subsystem.
#
destination mail     { file("/var/log/mail.log"); };
destination maillog  { file("/var/log/maillog"); };
destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr  { file("/var/log/mail.err"); };

Unable to send out emails?

One of the most common reason I've seen for a freshly installed sendmail not being able to send out emails is the DAEMON_OPTIONS being set to listen only on 127.0.0.1

See /etc/mail/sendmail.mc

dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

If that's your case, remove the "Addr=127.0.0.1" part, rebuild your conf file and you're good to go!

DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl

[root@server]$ m4 sendmail.mc > /etc/sendmail.cf
[root@server]$/etc/init.d/sendmail restart

If you've been making changes to /etc/sendmail.cf manually thus far (instead of the *.m4 file) you can make similar changes in /etc/sendmail.cf. The offending line will look like this:

O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA

Change it to:

O DaemonPortOptions=Port=smtp, Name=MTA

Linux – ipv6: `ifconfig` shows “Scope:Link” . What is “Scope:Link”

Link scope, fe80::/10 (it's practically implemented as a /64, but the whole /10 is reserved), is isolated to devices on a layer 2 segment. You can use a device's fe80 address to communicate within the segment, but you'll need an address with a different scope to do any communication that requires routing outside of the segment.

Regarding your edit: While the idea of a private addressing is certainly in place in IPv4 (169.254/16 and the RFC 1918 ranges), the implementation of those is somewhat different due to the prevalence of NAT. In contrast, link-scope addresses and the fc00::/7 range (which is roughly equivalent to the RFC1918 ranges of IPv4) exist and are used alongside the global address of each device.

Special handling is in place in many implementations to account for an address' scope that wasn't needed in IPv4 implementations.

Best Answer

Related Solutions

Where to check log of sendmail

Where are the logs?

Unable to send out emails?

Linux – ipv6: `ifconfig` shows “Scope:Link” . What is “Scope:Link”

Related Topic