in the process of turning on IPv6,
send to public 'net via my outbound smtp instance,
smtp-out-ext unix - - n - - smtp
-o syslog_name=postfix/smtp-out-ext
-o smtp_line_length_limit=990
-o smtp_tls_security_level=dane
-o
smtp_tls_policy_maps=${default_database_type}:${config_directory}/local/outbound_tls_policy
-o smtp_tls_loglevel=1
-o smtp_helo_name=mx1.example.net
-o smtp_bind_address=$var_MX1_IPv4
i notice now, with every/only sent message to gmail/google, a bunch of "ignoring DNS
RR:" log entries,
2022-01-03T11:31:06.194561-05:00 mx1 postfix/smtp-out-ext/smtp[14518]:
ignoring DNS RR: gmail-smtp-in.l.google.com. 284 IN AAAA 2607:f8b0:400d:c0d::1a
2022-01-03T11:31:06.195531-05:00 mx1 postfix/smtp-out-ext/smtp[14518]:
ignoring DNS RR: alt1.gmail-smtp-in.l.google.com. 30 IN AAAA
2800:3f0:4003:c00::1a
2022-01-03T11:31:06.196617-05:00 mx1 postfix/smtp-out-ext/smtp[14518]:
ignoring DNS RR: alt2.gmail-smtp-in.l.google.com. 235 IN AAAA
2a00:1450:400b:c00::1b
2022-01-03T11:31:06.197766-05:00 mx1 postfix/smtp-out-ext/smtp[14518]:
ignoring DNS RR: alt3.gmail-smtp-in.l.google.com. 136 IN AAAA
2a00:1450:400c:c0b::1a
2022-01-03T11:31:06.198683-05:00 mx1 postfix/smtp-out-ext/smtp[14518]:
ignoring DNS RR: alt4.gmail-smtp-in.l.google.com. 35 IN AAAA
2a00:1450:4013:c16::1b
2022-01-03T11:31:06.287943-05:00 mx1 postfix/smtp-out-ext/smtp[14518]:
Untrusted TLS connection established to
gmail-smtp-in.l.google.com[173.194.175.26]:25: TLSv1.3 with cipher
TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519
server-signature ECDSA (P-256) server-digest SHA256
2022-01-03T11:31:06.655409-05:00 mx1 postfix/smtp-out-ext/smtp[14518]:
4DEDAQ3aFed1a: to=<####@gmail.com>,
relay=gmail-smtp-in.l.google.com[173.194.175.26]:25, delay=0.57,
delays=0.1/0.01/0.13/0.33, dsn=2.0.0, status=sent (250 2.0.0 OK 1641228163
e3sda542e62dq1e.468 - gsmtp)
2022-01-03T11:31:06.655941-05:00 mx1 postfix/qmgr[14487]:
4DEDAQ3aFed1a: removed
the msg hails from
./postfix/src/dns/dns_rr_filter.c
...
/* dns_rr_action - execute action from filter map */
static DNS_RR *dns_rr_action(const char *cmd, DNS_RR *rr, const
char *rr_text)
{
const char *cmd_args = cmd + strcspn(cmd, " \t");
int cmd_len = cmd_args - cmd;
while (*cmd_args && ISSPACE(*cmd_args))
cmd_args++;
#define STREQUAL(x,y,l) (strncasecmp((x), (y), (l)) == 0 &&
(y)[l] == 0)
105 if (STREQUAL(cmd, "IGNORE", cmd_len)) {
106 msg_info("ignoring DNS RR: %s", rr_text);
return (0);
} else {
msg_warn("%s: unknown DNS filter action: \"%s\"",
dns_rr_filter_maps->title, cmd);
return (dns_rr_filter_error);
}
return (rr);
}
...
looking for that IGNORE in my setup finds,
cat ./local/smtp_dns_reply_filter.pcre
# <- Wietse Venema:
# force IPv4 for all domains that have Google as an MX host.
# This drops all AAAA records from Google MX hosts,
# effectively forcing Postfix to deliver over IPv4.
# /domain ttl IN AAAA address/ action, all case-insensitive.
# Note: the domain name ends in ".".
/^\S+\.google.com\.\s+\S+\s+\S+\s+AAAA\s+/ IGNORE
where
grep smtp_dns_reply_filter main.cf
smtp_dns_reply_filter =
pcre:/usr/local/etc/postfix/local/smtp_dns_reply_filter.pcre
per the comment, i must've added that 'on advice' here at ML.
unfortunately, my notes are missing any ML date/reference (looking for it ...)
:-/
afaik, could've been 'my' problem, or google's.
i _suspect_ it's due to (for now) my public postfix IP binds service only on
IPv4 -- i.e.,
-o smtp_bind_address=$var_MX1_IPv4
offhand, is that generally needed/beneficial for google.com MXs?
