Erik Logtenberg:
> Hi Wietse,
>
> Ah, seems you were right after all: most bugs are indeed solved by
> reading the manual ;)
>
> Anyway, I think now I understand what's going on. The distribution that
> I use (Fedora 12) left those two settings to their default. In this
> specific case the setting of 5 IP's just isn't high enough, since this
> host has 22 IP addresses, 11 of which are IPv6. So after trying the
> first 5 (all IPv6), postfix hasn't tried any IPv4 address yet.
>
> I see in the documentation that I can actually disable this limitation.
> Is there a good reason why I shouldn't want to do this? Any kind of
> denial of service attack that disabling this limit would make possible?
People who configure MX records should read the SMTP RFC, in
particular section 5. "Address Resolution and Mail Handling.
By design, Postfix enforces sane limits on ALL information. In the
case of SMTP server IP addresses. Such limits protect Postfix
against abusive sites.
Wietse
> Kind regards,
>
> Erik.
>
>
> On 03/04/2010 10:27 PM, Wietse Venema wrote:
> > Erik Logtenberg:
> >> Hi,
> >>
> >> I noticed that Postfix doesn't fall back on other IP addresses
> >> associated with a certain MX-server when it fails to accept mail, but
> >> only uses the firs IP address it finds. If that fails, Postfix will move
> >> on to the next MX-server, but won't try any other available IP addresses
> >> for each of the MX-servers.
> >
> > Do show concrete evidence, please, as requested in the mailing
> > list welcome message.
> >
> > As distributed by me, Postfix tries up to $smtp_mx_address_limit
> > (default: 5) server IP addresses, and it stops after
> > $smtp_mx_session_limit (default: 2) SMTP sessions.
> >
> > Note: that is five IP addresses and two sessions.
> >
> > Of course it is possible that some distributor modifies Postfix to
> > enforce their personal preferences on all users, but that is not
> > my problem. We still have a choice of operating systems.
> >
> > Wietse
>
>
>
