Remote SMTP server rejects messages because of mismatch between outgoing ipv6 address and reverse hostname

mjl- / mox

modern full-featured open source secure mail server for low-maintenance self-hosted email

https://www.xmox.nl

MIT License

3.36k stars 89 forks source link

Remote SMTP server rejects messages because of mismatch between outgoing ipv6 address and reverse hostname #149

Closed lmeunier closed 2 months ago

lmeunier commented 3 months ago

Some remote SMTP server are rejecting messages sent by mox because the IPv6 address used for outgoing connections does not match the reverse DNS lookup of the same IPv6 address.

Apr 05 17:19:13 nixos-rpi mox[96706]: l=error m="permanent failure delivering from queue" err="permanent: 550 5.7.1 Client host rejected: cannot find your reverse hostname, [REDACTED_IPV6]" pkg=queue cid=18eaed64af0 from=robot@infra.example.org attempts=0 permanent=true code=550 secode=7.1 msgid=287 recipient=laurent@example.org

My ISP won't let me change the reverse DNS record for my ipv6, so I'm stuck to use only ipv4 for outgoing SMTP connections.

Is it possible the configure mox to use only ipv4 for outgoing SMTP connections? (and still accept incoming connections on ipv4 and ipv6).

mjl- commented 3 months ago

I don't think this is possible at the moment.

queue/direct.go calls smtpclient/dial.go to make connections (smtpclient.Dial). It has some logic for address selection (for using a specific local ip for outgoing connections, for switching between ipv4 and ipv6). But it currently will attempt to connect to ipv4 and ipv6 connections. It's probably best to either filter out ips from address family that shouldn't be used (ipv6 in this case) before calling smtpclient.Dial, or pass another flag to smtpclient.Dial so it can skip some address families. First option seems preferrable since smtpclient is a reusable component.

By default, mox tries to make outgoing connections from the same explicitly specified listening IP addresses, and only the first for each address family. That could be improved in the future.

Perhaps a good option for now is to just have mox.conf config file option to only make outgoing smtp connections over ipv4 or ipv6.

Some links:

Note about IPs taken from listeners: https://github.com/mjl-/mox/blob/8b2c978/config/config.go#L76
queue/direct.go calling smtpclient.Dial: https://github.com/mjl-/mox/blob/df105a0/queue/direct.go#L567
smtpclient.Dial: https://github.com/mjl-/mox/blob/d1b87cd/smtpclient/dial.go#L54

lmeunier commented 3 months ago

I take a look at config/config.go, maybe we could add a new transport option in the Transport struct for direct transports, and a new struct (named TransportDirect?) similar to the TransportSMTP struct, but used to give hints to queue/direct.go#deliverDirect() to, for example, filter out ipv4 or ipv6 addresses from from ips. The new "Direct" transport should be handled in queue/queue.go.

After that, I'll just have to configure mox this way:

in mox.conf: add a TransportDirect, configured to filter out ipv6 addresses, in the global Transports map
in domains.conf: add a global Route with ToDomain filled with domains whose SMTP servers reject my ipv6 address, this route is configured to use the previously created transport

What do you think?

mjl- commented 3 months ago

Sounds like a good plan, better than the new option I had in mind!

I think you may still want to disable ipv6 for all deliveries. While some mail servers will reject your messages over ipv6, others may not be giving that feedback but still mark them as spam, not giving you any feedback about it.

lmeunier commented 3 months ago

Thanks for the feedback. I'll try to push a PR in the next few days.