Hello, I am running Cluebringer for a couple of years, now I experienced an IPv6 problem on version cluebringer-v2.1.x-201310261831
Google mail uses IPv6 only mail servers for sending mail to IPv6 capable servers. In that case following happens if Helo checks are enabled: Dec 11 11:37:42 ip6li cbpolicyd[18017]: module=CheckHelo, action=reject, host=2607:f8b0:4001:c03::242, helo=mail-ie0-x242.google.com, from=***@googlemail.com, [email protected], reason=resolve_noerror Dec 11 11:37:43 velianet cbpolicyd[18017]: module=CheckHelo, action=reject, host=2607:f8b0:4001:c03::235, helo=mail-ie0-x235.google.com, from=***+caf_=***@googlemail.com, [email protected], reason=resolve_noerror Expected behavior: IPv6 address should resolve and should be checked against AAAA record. A simple check shows that Googles mail servers are resolving: $ host 2607:f8b0:4001:c03::235 5.3.2.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.c.0.1.0.0.4.0.b.8.f.7.0.6.2.ip6.arpa domain name pointer mail-ie0-x235.google.com. $ host mail-ie0-x235.google.com. mail-ie0-x235.google.com has IPv6 address 2607:f8b0:4001:c03::235 I think there is a bug in Cluebringer check helo subsystem for IPv6. Following cases needed to be considered: IPv4: Check for PTR and check A record IPv6: Check for PRT and check AAAA record Workaround: Disable helo checks on Cluebringer so that native IPv6 installations are not bothered by Cluebringer helo checks. best regards Christian Felsing _______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
