# [Solved] Postfix - Ipv6  - Exchange 2007

## EtienneRutten

Hello,

I've some trouble with a postfix configuration :

Here is my config :

Exchange server 2007 (192.168.4.10) uses Postfix as SMTP connector (192.168.4.247).

I noticed that connection between Exchange and Postfix are made with Ipv6

If i put the inet_protocols = ipv4 in the main.cf,  mails are not send. (I don't see anything in the postfix logs and exchange returns an 451 4.4.0 error )

If i put the inet_protocols = ipv4, ipv6, mails are not send ...  ! but i can see in the logs :

Dec  4 16:41:23 linux2 postfix/smtpd[22259]: connect from unknown[fe80::cca2:277a:c86f:f712%eth2]

Dec  4 16:41:23 linux2 postfix/smtpd[22259]: NOQUEUE: reject: RCPT from unknown[fe80::cca2:277a:c86f:f712%eth2]: 554 5.7.1 <xxx@xxxx.xxx>: Relay access denied; from=<yyyy@yyyy.corp>

Dec  4 16:41:23 linux2 postfix/smtpd[22259]: disconnect from unknown[fe80::cca2:277a:c86f:f712%eth2]

I suppose i've to insert the Ipv6 address in the /etc/postfix/access table, but i don't know how to do it.

Here's a copy of my table for tests :

192.168.4.10<-->OK

fe80::cca2:277a:c86f:f712<----->OK

fe80::cca2:277a:c86f:f712%eth2<><------>OK

Poste10.rustus.corp<--->OK

Poste10><------>OK

I would appreciate your helping me ...Last edited by EtienneRutten on Wed Dec 16, 2009 10:23 am; edited 1 time in total

----------

## richard.scott

It looks like a limitation of postfix:

"The order of IPv6/IPv4 outgoing connection attempts is not yet configurable. Currently, IPv6 is tried before IPv4"

http://www.postfix.org/IPV6_README.html

If you don't need IPv6 then I'd disable it on the postfix box.

Rich

----------

## EtienneRutten

Thank you for your answer Richard,

I don't exactly understand your post : I don't want to configure the order of outgoing protocol, I only want to say to postfix that it must accept relay from my exchange server who's ipv6 address is : fe80::cca2:277a:c86f:f712

So the lines you can see in my /etc/postfix/access table should be something like :

fe80::cca2:277a:c86f:f712     OK

----------

## richard.scott

I think your having a relaying denied error, not an access error which is a different problem all together.

Your logs error is "Relay access denied" so try setting this in /etc/postfix/main.cf:

```
mynetworks_style = subnet
```

don't forget to reload the config   :Wink: 

Rich

----------

## EtienneRutten

 *Quote:*   

> 
> 
> mynetworks_style = subnet
> 
> 

 

Modification of main.cf then /etc/init.d/postfix restart and ...

still the same ....   :Evil or Very Mad: 

Dec 4 16:41:23 linux2 postfix/smtpd[22259]: connect from unknown[fe80::cca2:277a:c86f:f712%eth2]

Dec 4 16:41:23 linux2 postfix/smtpd[22259]: NOQUEUE: reject: RCPT from unknown[fe80::cca2:277a:c86f:f712%eth2]: 554 5.7.1 <xxx@xxxx.xxx>: Relay access denied; from=<yyyy@yyyy.corp>

Dec 4 16:41:23 linux2 postfix/smtpd[22259]: disconnect from unknown[fe80::cca2:277a:c86f:f712%eth2]

----------

## richard.scott

Try and add the domain the exchange server uses to this:

```
relay_domains =
```

somewhere in main.cf

----------

## EtienneRutten

Done but still the same ....   :Crying or Very sad: 

----------

## richard.scott

are any of the email addresses ( or domains) listed in your previous output ones handled by the exchange server?

i.e Dec 4 16:41:23 linux2 postfix/smtpd[22259]: NOQUEUE: reject: RCPT from unknown[fe80::cca2:277a:c86f:f712%eth2]: 554 5.7.1 <xxx@xxxx.xxx>: Relay access denied; from=<yyyy@yyyy.corp>

Also does your exchange server have any direct access on port 25 from the Internet?

----------

## EtienneRutten

 *Quote:*   

> Also does your exchange server have any direct access on port 25 from the Internet?

 

No,  the exchange has only one send connector that is my linux box 

 *Quote:*   

> are any of the email addresses ( or domains) listed in your previous output ones handled by the exchange server?
> 
> i.e Dec 4 16:41:23 linux2 postfix/smtpd[22259]: NOQUEUE: reject: RCPT from unknown[fe80::cca2:277a:c86f:f712%eth2]: 554 5.7.1 <xxx@xxxx.xxx>: Relay access denied; from=<yyyy@yyyy.corp> 

 

The "from" one (yyyy@yyyy.corp) is handled by the exchange and the xxx@xxxx.xxx is an external address (my professionnal one)

PS : I can send you a copy of my config files if it is easier for you ...

----------

## richard.scott

did you send the email from xxx@xxxx.xxx from your local network or from the Internet?

If you sent it from your local network, you need to make sure that xxxx.xxx is in the relay_domains = list.

----------

## EtienneRutten

 *Quote:*   

> did you send the email from xxx@xxxx.xxx from your local network or from the Internet?

 

No, in the line 

Dec 4 16:41:23 linux2 postfix/smtpd[22259]: NOQUEUE: reject: RCPT from unknown[fe80::cca2:277a:c86f:f712%eth2]: 554 5.7.1 <xxx@xxxx.xxx>: Relay access denied; from=<yyyy@yyyy.corp> 

xxx@xxx.xxx is the person who should receive the message and yyyy@yyyy.corp is the expeditor.

To explain my config : Internet <-> Postfix (smtp) 192.168.4.247 <-> Exchange 2007 192.168.4.10 <-> Outlook Client 192.168.4.0 my domain is yyyy.corp

So I want to be able to send a mail from a outlook client in my LAN to the exchange (wich is in my LAN and the exchange should transfer the message to the Postfix. The postfix should then relay to the smtp of my ISP.

----------

## richard.scott

 *EtienneRutten wrote:*   

> xxx@xxx.xxx is the person who should receive the message and yyyy@yyyy.corp is the expeditor.

 

so xxx.xxx and yyy.corp are two different domains?

are they both in relay_domains =?

----------

## EtienneRutten

 *Quote:*   

> so xxx.xxx and yyy.corp are two different domains? 

 

Yes those are different domains

for example : xxx.xxx = onecompany.com or oneISP.com and yyy.corp = mydomain.corp

 *Quote:*   

> are they both in relay_domains =?

 

No because xxx.xxx is the receiver, so i can't put all the domains in the relay_domains : I can't set all the gmail, hotmail, all companymail and all ispmail domains !

If I want to send a mail to your private mail, i don"t have to put your mail domain in the relay_domains.

----------

## richard.scott

ok, can you post your main.cf then?

----------

## EtienneRutten

Here it is !

thank you ...

```

myhostname = linux2.rustus.corp

mydomain = rustus.corp

mydestination = linux2.rustus.corp, localhost, linux2

mynetworks = 127.0.0.0/8, 192.168.4.0/24

mynetworks_style = subnet

smtpd_client_restrictions = check_client_access hash:/etc/postfix/access

queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

data_directory = /var/lib/postfix

mail_owner = postfix

unknown_local_recipient_reject_code = 550

debug_peer_level = 2

debugger_command =

         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

         ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail

newaliases_path = /usr/bin/newaliases

mailq_path = /usr/bin/mailq

```

----------

## richard.scott

It doesn't list any relay_domains? 

Was that missed out in the cut-and-paste or is it not there?

I think you need:

```
relay_domains = rustus.corp 
```

Last edited by richard.scott on Tue Dec 08, 2009 3:55 pm; edited 1 time in total

----------

## EtienneRutten

--Last edited by EtienneRutten on Tue Dec 08, 2009 3:55 pm; edited 1 time in total

----------

## EtienneRutten

Here it is (problem with remote cut and paste ...) Sorry !

```

myhostname = linux2.rustus.corp

mydomain = rustus.corp

mydestination = linux2.rustus.corp, localhost, linux2

mynetworks = 127.0.0.0/8, 192.168.4.0/24

mynetworks_style = subnet

smtpd_client_restrictions = check_client_access hash:/etc/postfix/access

queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

data_directory = /var/lib/postfix

mail_owner = postfix

unknown_local_recipient_reject_code = 550

debug_peer_level = 2

debugger_command =

         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

         ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail

newaliases_path = /usr/bin/newaliases

mailq_path = /usr/bin/mailq

setgid_group = postdrop

html_directory = /usr/share/doc/postfix-2.5.7/html

manpage_directory = /usr/share/man

sample_directory = /etc/postfix

readme_directory = /usr/share/doc/postfix-2.5.7/readme

home_mailbox = .maildir/

relay_transport = smtp:[192.168.4.10]

relayhost = smtp.cybernet.be

relay_domains = rustus.corp

transport_maps = hash:/etc/postfix/transport

#sender_canonical_maps = hash:/etc/postfix/canonical

smtp_generic_maps = hash:/etc/postfix/generic

inet_protocols = ipv4, ipv6

```

----------

## richard.scott

does mydestination also have your exchange email domain?

----------

## EtienneRutten

 *Quote:*   

> does mydestination also have your exchange email domain?

 

No, should I have to do something like :

```
mydestination = linux2.rustus.corp, localhost, linux2, rustus.corp
```

----------

## EtienneRutten

I have tried with these settings (Mydestinations = rustus.corp)

It doesn't change anything.

I feel that it could be an Ipv6 Problem : 

When I didn't put the ipv6 parameter in the inet_protocols, I didn't receive anything in the logs but if i forced the queue in exchange, the messages were sent. 

To force the messages in exchange, i had to go to the tools, queue viewer and retry; And the messages were sent only if i made this operation. If i waited for a new automic submit from exchange nothing occured.

I think I have to put something in the /etc/postfix/access file to put the Ipv6 address has an "Ok" server, but i don't know how to proceed...

----------

## cach0rr0

Hi

Try removing this line:

```

smtpd_client_restrictions = check_client_access hash:/etc/postfix/access 

```

and see if the relaying errors persist. 

note you dont need to start postfix, only "postfix reload"

If you need to restrict who can connect to this Postfix instance, it is best done at the network level (even iptables will work)

----------

## EtienneRutten

After some troubles with my HDD, I'm coming back with my problems ...   :Embarassed:  But good news : I found a solution !   :Very Happy: 

as cach0rr0 said I removed the "smtpd_client_restrictions " And I inserted the bold characters in the main.cf. 

mynetworks = 127.0.0.0/8, 192.168.4.0/24, Poste10.rustus.corp

Here's my last main.cf

```
command_directory = /usr/sbin

config_directory = /etc/postfix

daemon_directory = /usr/lib/postfix

data_directory = /var/lib/postfix

debug_peer_level = 2

home_mailbox = .maildir/

html_directory = /usr/share/doc/postfix-2.6.5/html

inet_interfaces = all

inet_protocols = ipv4, ipv6

mail_owner = postfix

mailq_path = /usr/bin/mailq

manpage_directory = /usr/share/man

mydestination = linux2.rustus.corp, localhost, linux2, rustus.corp

mydomain = rustus.corp

myhostname = linux2.rustus.corp

mynetworks = 127.0.0.0/8, 192.168.4.0/24, Poste10.rustus.corp

mynetworks_style = subnet

newaliases_path = /usr/bin/newaliases

queue_directory = /var/spool/postfix

readme_directory = /usr/share/doc/postfix-2.6.5/readme

relay_domains = rustus.corp

relay_transport = smtp:[192.168.4.10]

relayhost = smtp.cybernet.be

sample_directory = /etc/postfix

sendmail_path = /usr/sbin/sendmail

setgid_group = postdrop

smtp_generic_maps = hash:/etc/postfix/generic

transport_maps = hash:/etc/postfix/transport

unknown_local_recipient_reject_code = 550

```

The logs are now OK !

NB : I have also put the name of the exchange (poste10) in the /etc/hosts file

----------

