Mailing List Archive: IPv6 lookup issues what am I doing wrong?

IPv6 lookup issues what am I doing wrong?

May 9, 2019, 1:50 AM

Post #1 of 5 (384 views)

Hello,

Using exim 4.92, I have a couple of IPv6 configuration issues I hope someone can help with.

The following works fine for IPv4, by that I mean it sets the smtp_active_hostname correctly for all IPv4 interfaces. However, it does not work for IPv6
smtp_active_hostname = ${lookup{$received_ip_address}lsearch{/etc/exim/smtp_active_hostname}}

I have even tried changing the separator in the file to ; and the lookup to
smtp_active_hostname = <; ${lookup{$received_ip_address}lsearch{/etc/exim/smtp_active_hostname}}

I know the $received_ip_address is populated correctly because crude debugging (log_message = $received_ip_address) shows the correct IPv4 or IPv6 address.

I have a similar issue with
tls_certificate = /etc/exim/$received_ip_address.cer
tls_privatekey = /etc/exim/$received_ip_address.key
tls_dhparam = /etc/exim/$received_ip_address.dh
The certificate is found for IPv4 connections, but not IPv6.

Can anyone point me in the correct direction to fix the issues.
Any help would be much appreciated.

Many thanks,

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: IPv6 lookup issues what am I doing wrong? [ In reply to ]

exim-users at exim

May 9, 2019, 2:21 AM

Post #2 of 5 (384 views)

Permalink

On 09/05/2019 09:50, Spencer Marshall via Exim-users wrote:
> Can anyone point me in the correct direction to fix the issues.
> Any help would be much appreciated.

Test it using -bh -oMi and -d. If that doesn't help, move on
to the actual daemon with -d and use swaks as a client.

--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: IPv6 lookup issues what am I doing wrong? [ In reply to ]

exim-users at exim

May 9, 2019, 4:01 AM

Post #3 of 5 (384 views)

Permalink

On 09/05/2019 09:50, Spencer Marshall via Exim-users wrote:
> I have a similar issue with
> tls_certificate = /etc/exim/$received_ip_address.cer

tls_certificate takes a list, and the default list separator
is a colon. If you use an expansion expected to result in
colons, in this case an ipv6 address, you need to change
the separator:

tls_certificate = <; /etc/exim/$received_ip_address.cer

> tls_privatekey = /etc/exim/$received_ip_address.key
> tls_dhparam = /etc/exim/$received_ip_address.dh
> The certificate is found for IPv4 connections, but not IPv6.
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: IPv6 lookup issues what am I doing wrong? [ In reply to ]

exim-users at exim

May 9, 2019, 4:12 AM

Post #4 of 5 (384 views)

Permalink

Thank you. In case anyone else encounters the same issue, the following worked for me. note the dhparam does not require the list separater
tls_certificate = <;/etc/exim/$received_ip_address.cer
tls_privatekey = <;/etc/exim/$received_ip_address.key
tls_dhparam = /etc/exim/$received_ip_address.dh
tls_verify_certificates = /etc/ssl/certs

________________________________
From: Exim-users <exim-users-bounces+spencer.marshall=transversal.com@exim.org> on behalf of Jeremy Harris via Exim-users <exim-users@exim.org>
Sent: 09 May 2019 11:01
To: exim-users@exim.org
Subject: Re: [exim] IPv6 lookup issues what am I doing wrong?

On 09/05/2019 09:50, Spencer Marshall via Exim-users wrote:
> I have a similar issue with
> tls_certificate = /etc/exim/$received_ip_address.cer

tls_certificate takes a list, and the default list separator
is a colon. If you use an expansion expected to result in
colons, in this case an ipv6 address, you need to change
the separator:

tls_certificate = <; /etc/exim/$received_ip_address.cer

> tls_privatekey = /etc/exim/$received_ip_address.key
> tls_dhparam = /etc/exim/$received_ip_address.dh
> The certificate is found for IPv4 connections, but not IPv6.
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: IPv6 lookup issues what am I doing wrong? [ In reply to ]

exim-users at exim

May 9, 2019, 2:26 PM

Post #5 of 5 (384 views)

Permalink

Hello.

On Thu, May 09, 2019 at 08:50:14AM +0000, Spencer Marshall via Exim-users wrote:
> The following works fine for IPv4, by that I mean it sets the smtp_active_hostname correctly for all IPv4 interfaces. However, it does not work for IPv6
> smtp_active_hostname = ${lookup{$received_ip_address}lsearch{/etc/exim/smtp_active_hostname}}

Look here:
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-file_and_database_lookups.html#SECTsinglekeylookups
For lsearch/iplsearch lookup types each file record should be written as:

"abcd::cdab": data for abcd::cdab
"abcd:abcd::/32" data for abcd:abcd::/32

You can test it as
exim4 -be '${lookup{abcd::abcd}lsearch{/path/to/file}}'
exim4 -be '${lookup{abcd::abcd}iplsearch{/path/to/file}}'
--
Eugene Berdnikov

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/