IPv6 + Socks Issues

tom · February 13, 2025, 12:36am

Also, is the socks server at 172.xx.xx.xx accessible from your KumoMTA node? like can you NC ot telnet to it?

tom · February 13, 2025, 1:01am

Im not sure I see a problem here. Source IP2 seems to be selected because it is the next one in the round-robin cycle.
I guess what you are saying is that the error is here due to the IPv6 Source 2 has a problem sending to the IPv4 destination:

tom · February 13, 2025, 1:01am

Correct?

laurel-vole · February 13, 2025, 1:47am

yes that’s correct

laurel-vole · February 13, 2025, 1:48am

the socks server is on the same network as the mta node

laurel-vole · February 13, 2025, 1:51am

and it totally makes sense that it’s the round-robin cycle

laurel-vole · February 13, 2025, 1:52am

but, because i have to specify the socks5 source address, it will send a v4 MX to a source that i’ve defined as a v6 source address

laurel-vole · February 13, 2025, 1:52am

and same the other way, v6 mx to a source that’s defined with a v4 source address

laurel-vole · February 13, 2025, 1:53am

the way the documentation reads, i can’t leave out the socks5_proxy_source_address field and have the proxy figure it out

laurel-vole · February 13, 2025, 2:06am

we’re doing a bigger full send tomorrow, so i can get you more data. My intuition says that in the current state of email there won’t be any domains that are only v6 only MX and hybrid v4/v6 domains with both published will work no issues

laurel-vole · February 13, 2025, 2:06am

it’s the ones that are only v4 round-robin’ing to the v6 proxy source

laurel-vole · February 13, 2025, 10:39pm

@faithful-ostrich i can’t find an ipv6 example of the socks5 setup - does the socks5_proxy_source_address need to be formatted as a string or the ipv6 literal form? would it make a difference if it’s currently partially working?

laurel-vole · February 13, 2025, 10:39pm

like i would expect it fail with a config error if it wasn’t going to work

wez · February 13, 2025, 10:48pm

source address is always either an ipv4 or ipv6 address string. The config file won’t load if you put in an invalid address string

laurel-vole · February 13, 2025, 10:49pm

ok

laurel-vole · February 13, 2025, 10:50pm

hm, do you have any suggestions on a way to work around the issue we’re having then?

wez · February 13, 2025, 10:53pm

Source selection happens before we do MX resolution, so you cannot use the MX information to adjust the source.
However, you can configure source-specific options to skip eg: IPv6 or IPv4 addresses.

How do I skip IPv6 MX hosts for outbound SMTP? - KumoMTA Docs shows how to do this by default, but you can set up skip_hosts on a per source basis by setting skip_hosts when you build up your egress path config.

skip_hosts - KumoMTA Docs has very light docs showing lua vs. toml for this in general, but you can do something like this in your shaping.toml:

["example.com".sources."ip-1"]
skip_hosts = ["::/0"]

["example.com".sources."ip-2"]
skip_hosts = ["0.0.0.0/0"] # I didn't test this, but a v4 cidr should work here

laurel-vole · February 13, 2025, 10:56pm

gotcha

laurel-vole · February 13, 2025, 10:56pm

if we weren’t using socks5 would we avoid this issue or would it still rear its head

laurel-vole · February 13, 2025, 10:56pm

should we just not use ipv6?