1

I have the following problem. I need to send report emails for one of our customers to his customers. Our customer provided an SMTP endpoint for that and added the IPv4 Address of our server to his whitelist.

However when I started testing the SMTP settings, I got this error: 4.7.26 Service does not accept messages sent over IPv6.

So I tried the following:

  • ssh -4 127.0.0.1 -N -L1025:smtp.mycustomer.com:25
  • Ony my test script I changed the host to 127.0.0.1 and port to 1025

When I executed the test script, I got once again the same error. So clearly -4 means only use IPv4 to connect to the SSH server, but internally the SSH server is resolving smtp.mycustomer.com to the IPv6.

I also tried ssh with -o "AddressFamily inet" but that didn't work. The man page says Specifies which address family to use when connecting, so I presume that the command line option -4 is shorthand for -o "AddressFamily inet".

When I do the tunnel with IPv4 address instead:

  • ssh -4 127.0.0.1 -N -L1025:<ipv4 addr>:25

then the script is able to send the email.

I know that by enabling the line

precedence ::ffff:0:0/96  100

in /etc/gai.conf I can force getaddrinfo(3) to resolve to IPv4, but this would resolve all DNS queries to IPv4. I don't want to do that. Looking at glibc source code, /etc/gai.conf is hardcoded, I don't see an environment variable I could use to specify a custom gai.conf file.

How can I tell ssh to resolve the domains with IPv4 when specifying a LocalForward? Is this even possible? Or is there a way (without having to configure your own DNS server) to force IPv4 for certain domains only?

Improve this question
5
  • Try mapping the domain to its IPv4 address if possible in /etc/hosts xxx.xxx.xxx.xxx smtp.mycustomer.com Commented Mar 7 at 13:22
  • The best way is to actually contact the company that whitelisted the IP and ask them to either whitelist your IPv6 or remove the AAAA record Commented Mar 7 at 14:51
  • @ReflectYourCharacter Of course I thought about that, but I don't like having to hardcore IP addresses in /etc/hosts unless strictly necessary. Commented Mar 7 at 16:10
  • @Ferrybig of course that would the best thing to do, but I need to start sending 5k reports today, so I don't have the time to ask for that. Commented Mar 7 at 16:12
  • Thank you all for your suggestions. I ended up doing this (of course with more errors checks): host = socket.getaddrinfo(host, port, family=socket.AF_INET)[0][4][0] and passing ssl._create_unverified_context() to aiosmtplib. I know, not pretty, but I need to send today the reports, I have time fix connection issues with the customer later. Commented Mar 7 at 16:15

1 Answer 1

Reset to default
2

The ssh_config man page states:

AddressFamily - Specifies which address family to use when connecting. Valid arguments are any (the default), inet (use IPv4 only), or inet6 (use IPv6 only).

So in the ~/.ssh/config file in the forwarding host you could add to the global config or inside a Host stanza:

AddressFamily inet
Improve this answer
2
  • I tried that already, it didn't work. Commented Mar 7 at 16:16
  • worked fine for me!! Commented Jul 8 at 22:39

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.