Re: smtpserver bind() query and logfile problems

[Matti Aarnio <mea@nic.funet.fi>]

On Wed, Jan 26, 2005 at 09:20:36AM +0000, Darryl L. Miles wrote:
> Matti Aarnio wrote:
> >On Tue, Jan 25, 2005 at 06:01:14PM +0000, Darryl L. Miles wrote:
...
> >I am not entirely sure of why you see v4 address duplicates.
> >  ...
> >Aaahh...  I think you have:
> >
> >PARAM BindSmtp          any
> >PARAM BindSmtpS         any
> >
> >or perhaps that older configuration style of:
> >
> >PARAM BindPort         25
> >PARAM BindAddress   iface:eth0
> >PARAM listen-ssmtp
> >
> My configuration (running on linux 2.6.x) is like:
> 
> #
> PARAM BindSmtp [192.168.0.1] 25
> #
> PARAM BindSmtpS [192.168.0.1] 465
> #
> #PARAM listen-ssmtp
> #
> 
> I have no IPV6 SMTP bound ports, mailq and sshd on the same host do bind 
> to IPV6 any6 addresses ok.

Yes, they do bind on any6, and IPv6/IPv4 dual-stack processing maps
the IPv6 socket to support mailq (and ssh) also for any accepted IPv4
address in the system.

> If I put in an explicit IPV4 address I woudn't not expect it to be tried 
> for IPV6, and vice-versa.  The sample IPV6 address syntax is [IPv6.0::0] 
> with fullstop not the same as your email example [IPv6:::1] with colon.  

I would not either.  It just had worked for me and I had never tried to
use IPv4 literal addresses there and check subtle details.  The parser
code used for bound addresses is derived from code used elsewere (code
re-use), and thus they have same supports - as much or little as they
make sense in some situations.

The IPv6 address literal notation specification did keep changing so
much, that I support both, and no longer remember which is official...
The example you do refer to was a printout from one test utility,
and it definitely isn't verified for any sort of correctness in syntax.

> The 'any' or 'any6' syntax is not demonstrated in the stock smtpserver.conf.

Some things are mentioned only in the man-page of   smtpserver(8)
And even there without much emphasis..  It will add them into stock
example as well.

> Is there anyway the smtpserver config parsing could be improved it took 
> me a while to figure out the IPs for the BindSmtp/BindSmtpS needed to be 
> inside [ and ] there are no warning or error just unwanted behaviour by 
> the daemon.

There are many things that it could use.  Not the least of rather radical
rewrite of the whole syntax..  Including things like:

    default {
      ...
    };

    server "fqdn.name" {
        BindSmtp [1.2.3.4] 25;
        PolicyDatabase BTree "/path/to/database";
        HeloRule "re-pattern" "!go away";
        HeloRule ""           "ftve";
    };

You do surely see, that these are very much alike  bind-8/9, and
ISC's DHCP-server configurations.

But "simplest" thing to do is to make sure that the system does
tell something in the log-file (very least) when it sees invalid
data input.


> I'm not sure iface: syntax is really that useful in the real world.  
> SMTP servers are specific named addresses due to relying on generally 
> slow changing DNS entries, anyone wanting to use the interface address 
> by interface name must be doing so because it changes and they don't 
> know it to be able to configure it manually.  If the IP of the SMTP 
> server changes it become difficult to use SMTP efficiently for mail (as 
> without authentication, which all inbound uses your email maybe 
> delivered to the wrong host, the one now using your old IP) and besides 
> I don't think the zmailer smtpserver can be sent a signal to re-bind to 
> our new interface address (in the sutation where it changes).  So I 
> really don't understand the practical uses for it.  Sounds like good 
> voodoo for the sake of voodoo.

Most of the time the voodoo has been "bind-to-wildcard, resolve
our bound spot at connect time" -- which can result in a bit odd
things..  (in a server group of identical but not clustered machines
can be used to do each others jobs, by downing IP of the one going
into maintenance and bringing the IP up in another machine.. presuming
they are within same LAN, etc..)

These days most of clustered servers are behind some Layer-4-aware
switch(es), and they do health-checks to remove unhealthy node from
the set of real-servers.

The iface: for smtpserver is due to an observation of "we do have
knowledge of IP addresses and interfaces in the system, let it be
possible to bind by network interface port name".
But while it is complete for IPv4, it definitely isn't complete for
IPv6...

> I have added SPF support into this rebuild of zmailer, there is a 
> duplicate section in the stock smtpserver.conf file, that maybe 
> confusing to first timers.  On a technical note (I should start a new 
> thread on this) I would also like to ability to promote ~all into -all 
> for a white-list of domains I can set, or work it the other way and have 
> another "spf-threshold" param for my local whitelist that I can set to 
> 'none'.

I do think that ball is for Eugene Crosser and Igor Milyakov..


....
> -- 
> Darryl L. Miles
> M: 07968 320 114
-- 
/Matti Aarnio	<mea@nic.funet.fi>
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi