1
2
3
4
5
6
7Network Working Group M. Nakamura
8Request for Comments: 3974 Kyoto University
9Category: Informational J. Hagino
10 IIJ Research Laboratory
11 January 2005
12
13
14 SMTP Operational Experience in Mixed IPv4/v6 Environments
15
16Status of This Memo
17
18 This memo provides information for the Internet community. It does
19 not specify an Internet standard of any kind. Distribution of this
20 memo is unlimited.
21
22Copyright Notice
23
24 Copyright (C) The Internet Society (2005).
25
26IESG Note:
27
28 The content of this RFC was at one time considered by the IETF, and
29 therefore it may resemble a current IETF work in progress or a
30 published IETF work. This RFC is not a candidate for any level of
31 Internet Standard. The IETF disclaims any knowledge of the fitness
32 of this RFC for any purpose, and in particular notes that the
33 decision to publish is not based on IETF review for such things as
34 security, congestion control, or inappropriate interaction with
35 deployed protocols. The RFC Editor has chosen to publish this
36 document at its discretion. Readers of this RFC should exercise
37 caution in evaluating its value for implementation and deployment.
38
39 This document contains a specific interpretation of the applicability
40 of the MX processing algorithm in RFC 2821, Section 5, to dual-stack
41 environments. Implementors are cautioned that they must reference
42 RFC 2821 for the full algorithm; this document is not to be
43 considered a full restatement of RFC 2821, and, in case of ambiguity,
44 RFC 2821 is authoritative.
45
46Abstract
47
48 This document discusses SMTP operational experiences in IPv4/v6 dual
49 stack environments. As IPv6-capable SMTP servers are deployed, it
50 has become apparent that certain configurations of MX records are
51 necessary for stable dual-stack (IPv4 and IPv6) SMTP operation. This
52 document clarifies the existing problems in the transition period
53 between IPv4 SMTP and IPv6 SMTP. It also defines operational
54 requirements for stable IPv4/v6 SMTP operation.
55
56
57
58Nakamura & Hagino Informational [Page 1]
59
60RFC 3974 SMTP in Dual Stack Environments January 2005
61
62
63 This document does not define any new protocol.
64
651. Introduction
66
67 Delivery of mail messages to the final mail drop is not always done
68 by direct IP communication between the submitter and final receiver,
69 and there may be some intermediate hosts that relay the messages. So
70 it is difficult to know at message submission (also at receiver side)
71 that all intermediate relay hosts are properly configured. It is not
72 easy to configure all systems consistently since the DNS
73 configuration used by mail message delivery systems is more complex
74 than other Internet services. During the transition period from IPv4
75 to IPv6, more care should be applied to IPv4/v6 interoperability.
76
77 This document talks about SMTP operational experiences in IPv4/v6
78 dual stack environments. As IPv6-capable SMTP servers are deployed,
79 it has become apparent that certain configurations of MX records are
80 necessary for stable dual-stack (IPv4 and IPv6) SMTP operation.
81
82 This document does not discuss the problems encountered when the
83 sending MTA and the receiving MTA have no common protocol (e.g., the
84 sending MTA is IPv4-only while the receiving MTA is IPv6-only). Such
85 a situation can be resolved by making either side dual-stack or by
86 making either side use a protocol translator (see Appendix A on
87 issues with protocol translator).
88
892. Basic DNS Resource Record Definitions for Mail Routing
90
91 Mail messages on the Internet are typically delivered based on the
92 Domain Name System [Mockapetris]. MX RRs are looked up in DNS to
93 retrieve the names of hosts running MTAs associated with the domain
94 part of the mail address. DNS lookup uses IN class for both IPv4 and
95 IPv6, and similarly IN MX records will be used for mail routing for
96 both IPv4 and IPv6. Hosts which have IPv6 connectivity and also want
97 to have the mails delivered using IPv6 must define IPv6 addresses for
98 the host name as well as IPv4 addresses [Thomson].
99
100 An MX RR has two parameters, a preference value and the name of
101 destination host. The name of the destination host will be used to
102 look up an IP address to initiate an SMTP connection [Partridge].
103
104
105
106
107
108
109
110
111
112
113
114Nakamura & Hagino Informational [Page 2]
115
116RFC 3974 SMTP in Dual Stack Environments January 2005
117
118
119 For example, an IPv6-only site may have the following DNS
120 definitions:
121
122 example.org. IN MX 1 mx1.example.org.
123 IN MX 10 mx10.example.org.
124 mx1.example.org. IN AAAA 2001:db8:ffff::1
125 mx10.example.org. IN AAAA 2001:db8:ffff::2
126
127 In the transition period from IPv4 to IPv6, there are many IPv4-only
128 sites, and such sites will not have mail interoperability with IPv6-
129 only sites. For the transition period, all mail domains should have
130 MX records such that MX targets with IPv4 and IPv6 addresses exist,
131 e.g.,
132
133 example.org. IN MX 1 mx1.example.org.
134 IN MX 10 mx10.example.org.
135 mx1.example.org. IN AAAA 2001:db8:ffff::1
136 IN A 192.0.2.1
137 mx10.example.org. IN AAAA 2001:db8:ffff::2
138 IN A 192.0.2.2
139
140 But, not every MX target may support dual-stack operation. Some host
141 entries may have only A RRs or AAAA RRs:
142
143 example.org. IN MX 1 mx1.example.org.
144 IN MX 10 mx10.example.org.
145 mx1.example.org. IN AAAA 2001:db8:ffff::1
146 mx10.example.org. IN A 192.0.2.1
147
148 The following sections discuss how the sender side should operate
149 with IPv4/v6 combined RRs (section 3), and how the receiver should
150 define RRs to maintain interoperability between IPv4 and IPv6
151 networks (section 4).
152
1533. SMTP Sender Algorithm in a Dual-Stack Environment
154
155 In a dual-stack environment, MX records for a domain resemble the
156 following:
157
158 example.org. IN MX 1 mx1.example.org.
159 IN MX 10 mx10.example.org.
160 mx1.example.org. IN A 192.0.2.1 ; dual-stack
161 IN AAAA 2001:db8:ffff::1
162 mx10.example.org. IN AAAA 2001:db8:ffff::2 ; IPv6-only
163
164 For a single MX record, there are multiple possible final states,
165 including: (a) one or more A records for the IPv4 destination, (b)
166 one or more AAAA records for the IPv6 destination, (c) a mixture of A
167
168
169
170Nakamura & Hagino Informational [Page 3]
171
172RFC 3974 SMTP in Dual Stack Environments January 2005
173
174
175 and AAAA records. Because multiple MX records may be defined using
176 different preference values, multiple addresses must be traversed
177 based on multiple MXs. Domains without MX records and failure
178 recovery cases must be handled properly as well.
179
180 The algorithm for a dual-stack SMTP sender is basically the same as
181 that for an IPv4-only sender, but it now includes AAAA lookups of MX
182 records for SMTP-over-IPv6 delivery. IPv4/v6 dual stack destinations
183 should be treated just like multihomed destinations, as described in
184 RFC 2821 [Klensin], section 5. When there is no destination address
185 record found (i.e., the sender MTA is IPv4-only and there are no A
186 records available), the case should be treated just like MX records
187 without address records, and deliveries should fail.
188
189 ; if the sender MTA is IPv4-only, email delivery to a.example.org
190 ; should fail with the same error as deliveries to b.example.org.
191 a.example.org. IN MX 1 mx1.a.example.org.
192 mx1.a.example.org. IN AAAA 2001:db8:ffff::1 ; IPv6-only
193 b.example.org. IN MX 1 mx1.b.example.org. ; no address
194
195 An algorithm for a dual-stack SMTP sender is as follows:
196
197 (1) Lookup the MX record for the destination domain. If a CNAME 5321:3838 ../smtpclient/gather.go:92
198 record is returned, go to the top of step (1) with replacing the
199 destination domain by the query's result. If any MX records are
200 returned, go to step (2) with the query's result (explicit MX).
201 If NODATA (i.e., empty answer with NOERROR(0) RCODE) is
202 returned, there is no MX record but the name is valid. Assume
203 that there is a record like "name. IN MX 0 name." (implicit MX)
204 and go to step (3). If HOST_NOT_FOUND (i.e., empty answer with
205 NXDOMAIN(3) RCODE) is returned, there is no such domain. Raise
206 a permanent email delivery failure. Finish. If SERVFAIL is
207 returned, retry after a certain period of time.
208
209 (2) Compare each host name in MX records with the names of the
210 sending host. If there is match, drop MX records which have an
211 equal or larger value than the lowest-preference matching MX
212 record (including itself). If multiple MX records remain, sort
213 the MX records in ascending order based on their preference
214 values. Loop over steps (3) to (9) on each host name in MX
215 records in a sequence. If no MX records remain, the sending
216 host must be the primary MX host. Other routing rules should be
217 applied. Finish.
218
219 (3) If the sending MTA has IPv4 capability, lookup the A records.
220 Keep the resulting addresses until step (5).
221
222
223
224
225
226Nakamura & Hagino Informational [Page 4]
227
228RFC 3974 SMTP in Dual Stack Environments January 2005
229
230
231 (4) If the sending MTA has IPv6 capability, lookup the AAAA records.
232
233 NOTE: IPv6 addresses for hosts defined by MX records may be
234 informed in an additional information section of the DNS
235 queries' result as well as IPv4 addresses. If there is no
236 additional address information for the MX hosts, separate
237 queries for A or AAAA records should be sent. There is no way
238 to query A and AAAA records at once in current DNS
239 implementation.
240
241 (5) If there is no A and no AAAA record present, try the next MX
242 record (go to step (3)). Note that the next MX record could
243 have the same preference.
244
245 NOTE: If one or more address records are found, an
246 implementation may sort addresses based on the implementation's
247 preference of A or AAAA records. To encourage the transition
248 from IPv4 SMTP to IPv6 SMTP, AAAA records should take
249 precedence. The sorting may only reorder addresses from MX
250 records of the same preference. RFC 2821 section 5 paragraph 4
251 suggests randomization of destination addresses. Randomization
252 should only happen among A records, and among AAAA records (do
253 not mix A and AAAA records).
254
255 (6) For each of the addresses, loop over steps (7) to (9).
256
257 (7) Try to make a TCP connection to the destination's SMTP port
258 (25). The client needs to follow timeouts documented in RFC
259 2821 section 4.5.3.2. If successful, go to step (9).
260
261 (8) If unsuccessful and there is another available address, try the
262 next available address. Go to step (7). If all addresses are
263 not reachable and if a list of MX records is being traversed,
264 try the next MX record (go to step (3)). If there is no list of
265 MX records, or if the end of the list of MX records has been
266 reached, raise a temporary email delivery failure. Finish.
267
268 (9) Attempt to deliver the email over the connection established, as ../queue/direct.go:194
269 specified in RFC 2821. If a transient failure condition is
270 reported, try the next MX record (go to step (3)). If an error
271 condition is reported, raise a permanent email delivery error,
272 and do not try further MX records. Finish. If successful, SMTP
273 delivery has succeeded. Finish.
274
275
276
277
278
279
280
281
282Nakamura & Hagino Informational [Page 5]
283
284RFC 3974 SMTP in Dual Stack Environments January 2005
285
286
2874. MX Configuration in the Recipient Domain
288
2894.1. Ensuring Reachability for Both Protocol Versions
290
291 If a site has dual-stack reachability, the site should configure both
292 A and AAAA records for its MX hosts (NOTE: MX hosts can be outside of
293 the site). This will help both IPv4 and IPv6 senders in reaching the
294 site efficiently.
295
2964.2. Reachability Between the Primary and Secondary MX
297
298 When registering MX records in a DNS database in a dual-stack
299 environment, reachability between MX hosts must be considered
300 carefully. Suppose all inbound email is to be gathered at the
301 primary MX host, "mx1.example.org.":
302
303 example.org. IN MX 1 mx1.example.org.
304 IN MX 10 mx10.example.org.
305 IN MX 100 mx100.example.org.
306
307 If "mx1.example.org" is an IPv6-only node, and the others are IPv4-
308 only nodes, there is no reachability between the primary MX host and
309 the other MX hosts. When email reaches one of the lower MX hosts, it
310 cannot be relayed to the primary MX host based on MX preferencing
311 mechanism. Therefore, mx1.example.org will not be able to collect
312 all the emails (unless there is another transport mechanism(s)
313 between lower-preference MX hosts and mx1.example.org).
314
315 ; This configuration is troublesome.
316 ; No secondary MX can reach mx1.example.org.
317 example.org. IN MX 1 mx1.example.org. ; IPv6-only
318 IN MX 10 mx10.example.org. ; IPv4-only
319 IN MX 100 mx100.example.org. ; IPv4-only
320
321 The easiest possible configuration is to configure the primary MX
322 host as a dual-stack node. By doing so, secondary MX hosts will have
323 no problem reaching the primary MX host.
324
325 ; This configuration works well.
326 ; The secondary MX hosts are able to relay email to the primary MX
327 ; host without any problems.
328 example.org. IN MX 1 mx1.example.org. ; dual-stack
329 IN MX 10 mx10.example.org. ; IPv4-only
330 IN MX 100 mx100.example.org. ; IPv6-only
331
332 It may not be necessary for the primary MX host and lower MX hosts to
333 directly reach one another with IPv4 or IPv6 transport. For example,
334 it is possible to establish a routing path with UUCP or an IPv4/v6
335
336
337
338Nakamura & Hagino Informational [Page 6]
339
340RFC 3974 SMTP in Dual Stack Environments January 2005
341
342
343 translator. It is also possible to drop messages into a single
344 mailbox with shared storage using NFS or something else offered by a
345 dual-stack server. It is the receiver site's responsibility that all
346 messages delivered to MX hosts arrive at the recipient's mail drop.
347 In such cases, a dual-stack MX host may not be listed in the MX list.
348
3495. Operational Experience
350
351 Many of the existing IPv6-ready MTA's appear to work in the way
352 documented in section 3.
353
354 There were, however, cases where IPv6-ready MTA's were confused by
355 broken DNS servers. When attempting to obtain a canonical hostname,
356 some broken name servers return SERVFAIL (RCODE 2), a temporary
357 failure on AAAA record lookups. Upon this temporary failure, the
358 email is queued for a later attempt. In the interest of IPv4/v6
359 interoperability, these broken DNS servers should be fixed. A
360 document by Yasuhiro Morishita [Morishita] has more detail on
361 misconfigured/misbehaving DNS servers and their negative side
362 effects.
363
3646. Open Issues
365
366 o How should scoped addresses (i.e., link-local addresses) in email
367 addresses be interpreted on MTA's? We suggest prohibiting the use
368 of IPv6 address literals in destination specification.
369
370 o A future specification of SMTP (revision of RFC 2821) should be
371 updated to include IPv6 concerns presented in this memo, such as
372 (1) the additional query of AAAA RRs where A RRs and/or MX RRs are
373 suggested, and (2) the ordering between IPv6 destination and IPv4
374 destination.
375
3767. Security Considerations
377
378 It could be problematic if the route-addr email address format
379 [Crocker] (or "obs-route" address format in [Resnick]) is used across
380 multiple scope zones. MTAs would need to reject email with route-
381 addr email address formats that cross scope zone borders.
382
383
384
385
386
387
388
389
390
391
392
393
394Nakamura & Hagino Informational [Page 7]
395
396RFC 3974 SMTP in Dual Stack Environments January 2005
397
398
399Appendix A. Considerations on Translators
400
401 IPv6-only MTA to IPv4-only MTA cases could use help from IPv6-to-IPv4
402 translators such as [Hagino]. Normally there are no special SMTP
403 considerations for translators needed. If there is SMTP traffic from
404 an IPv6 MTA to an IPv4 MTA over an IPv6-to-IPv4 translator, the IPv4
405 MTA will consider this normal IPv4 SMTP traffic.
406
407 Protocols like IDENT [St.Johns] may require special consideration
408 when translators are used. Also, there are MTAs which perform strict
409 checks on the SMTP HELO/EHLO "domain" parameter (perform
410 reverse/forward DNS lookups and see if the "domain" really associates
411 to the SMTP client's IP address). In such a case, we need a special
412 consideration when translators will be used (for instance, override
413 "domain" parameter by translator's FQDN/address).
414
415 Even without a translator, it seems that there are some MTA
416 implementations in the wild which send IPv6 address literals in a
417 HELO/EHLO message (like "HELO [IPv6:blah]"), even when it is using
418 IPv4 transport, or vice versa. If the SMTP peer is IPv4-only, it
419 won't understand the "[IPv6:blah]" syntax and mails won't go out of
420 the (broken) MTA. These implementations have to be corrected.
421
422Normative References
423
424 [Mockapetris] Mockapetris, P., "Domain names - implementation and
425 specification", STD 13, RFC 1035, November 1987.
426
427 [Thomson] Thomson, S., Huitema, C., Ksinant, V., and M. Souissi,
428 "DNS Extensions to Support IP Version 6", RFC 3596,
429 October 2003.
430
431 [Partridge] Partridge, C., "Mail routing and the domain system",
432 STD 10, RFC 974, January 1986.
433
434 [Klensin] Klensin, J., "Simple Mail Transfer Protocol", RFC 2821,
435 April 2001.
436
437 [Crocker] Crocker, D., "Standard for the format of ARPA Internet
438 text messages", STD 11, RFC 822, August 1982.
439
440 [Resnick] Resnick, P., "Internet Message Format", RFC 2822, April
441 2001.
442
443 [Hagino] Hagino, J. and H. Snyder, "IPv6 Multihoming Support at
444 Site Exit Routers", RFC 3178, October 2001.
445
446
447
448
449
450Nakamura & Hagino Informational [Page 8]
451
452RFC 3974 SMTP in Dual Stack Environments January 2005
453
454
455 [St.Johns] Johns, M. St., "Identification Protocol", RFC 1413,
456 February 1993.
457
458Informative References
459
460 [Morishita] Morishita, Y. and T. Jinmei, "Common Misbehavior
461 against DNS Queries for IPv6 Addresses", Work in
462 Progress, June 2003.
463
464Acknowledgements
465
466 This document was written based on discussions with Japanese IPv6
467 users and help from the WIDE research group. Here is a (probably
468 incomplete) list of people who contributed to the document: Gregory
469 Neil Shapiro, Arnt Gulbrandsen, Mohsen Souissi, JJ Behrens, John C
470 Klensin, Michael A. Patton, Robert Elz, Dean Strik, Pekka Savola, and
471 Rob Austein.
472
473Authors' Addresses
474
475 Motonori NAKAMURA
476 Academic Center for Computing and Media Studies, Kyoto University
477 Yoshida-honmachi, Sakyo, Kyoto 606-8501, JAPAN
478
479 Fax: +81-75-753-7450
480 EMail: motonori@media.kyoto-u.ac.jp
481
482
483 Jun-ichiro itojun HAGINO
484 Research Laboratory, Internet Initiative Japan Inc.
485 1-105, Kanda Jinbo-cho,
486 Chiyoda-ku,Tokyo 101-0051, JAPAN
487
488 Phone: +81-3-5205-6464
489 Fax: +81-3-5205-6466
490 EMail: itojun@iijlab.net
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506Nakamura & Hagino Informational [Page 9]
507
508RFC 3974 SMTP in Dual Stack Environments January 2005
509
510
511Full Copyright Statement
512
513 Copyright (C) The Internet Society (2005).
514
515 This document is subject to the rights, licenses and restrictions
516 contained in BCP 78, and at www.rfc-editor.org, and except as set
517 forth therein, the authors retain all their rights.
518
519 This document and the information contained herein are provided on an
520 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
521 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
522 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
523 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
524 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
525 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
526
527Intellectual Property
528
529 The IETF takes no position regarding the validity or scope of any
530 Intellectual Property Rights or other rights that might be claimed to
531 pertain to the implementation or use of the technology described in
532 this document or the extent to which any license under such rights
533 might or might not be available; nor does it represent that it has
534 made any independent effort to identify any such rights. Information
535 on the ISOC's procedures with respect to rights in ISOC Documents can
536 be found in BCP 78 and BCP 79.
537
538 Copies of IPR disclosures made to the IETF Secretariat and any
539 assurances of licenses to be made available, or the result of an
540 attempt made to obtain a general license or permission for the use of
541 such proprietary rights by implementers or users of this
542 specification can be obtained from the IETF on-line IPR repository at
543 http://www.ietf.org/ipr.
544
545 The IETF invites any interested party to bring to its attention any
546 copyrights, patents or patent applications, or other proprietary
547 rights that may cover technology that may be required to implement
548 this standard. Please address the information to the IETF at ietf-
549 ipr@ietf.org.
550
551Acknowledgement
552
553 Funding for the RFC Editor function is currently provided by the
554 Internet Society.
555
556
557
558
559
560
561
562Nakamura & Hagino Informational [Page 10]
563
564