[pfx] Re: inet_interfaces unable to deal with IPv6 link-local addresses

Tue, 27 May 2025 18:48:24 -0700 

On Wed, May 28, 2025 at 03:14:32AM +0200, Daniel Roesen via Postfix-users wrote:

> Postfix fails to start up due to inability to deal with inet_interface =
> $myhostname resolving to (also) IPv6 link-local address(es):
> 
> postfix/postfix-script[1200]: starting the Postfix mail system
> postfix/master[1202]: fatal: bind fe80::20c:29ff:fec7:e39f port 25: Invalid 
> argument
> postfix/master[1201]: fatal: daemon initialization failure -- see logs for 
> details
> postfix/postfix-script[1203]: fatal: mail system startup failed

There is no current or planned support for scoped IPv6 addresses.

> Back in October 2024, Fedora Linux changed the /etc/nsswitch.conf
> setting for hosts to:
> 
> hosts:      files myhostname resolve [!UNAVAIL=return] dns

This is the core problem, and you should consider the symptoms a
blessing, because the [!UNAVAIL=return] turns all 4XX lookup
failures into hard errors, making email delivery unreliable.

With prejudice, you need to adjust your nsswitch.conf to be
server-appropriate.  I have:

    hosts: myhostname files dns

See: https://marc.info/?l=postfix-users&m=171381526626315&w=2

but I also have:

    $ postconf inet_interfaces
    inet_interfaces = all

which means that the lookup in question does not arise when determining
the addresses to listen on.  If that's what you need, also drop
"myhostname".

> When investigating, I found some discussion with nss-myhostname's
> author (L. Poettering) that seems to indicate that this behaviour
> is intentional. Debian ran into a similar problem around 2013 with
> their ping6, and Lennart (author of NSS myhostname) confirmed returning
> LL addresses is intentional:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705900#128
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705900#178
> 
> Postfix cannot deal with link-local according to the code in
> src/global/own_inet_addr.c I looked at. It doesn't expect link-local
> addresses get returned, has no provisions for dealing with address
> scopes so subsequent binding to those addresses fails due to missing
> address scope I guess.

You need to fix nsswitch.conf anyway, may as well make it fit for
purpose.

-- 
    Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to