Synapse can't connect to an IPv6-only mail server via hostname

[sandhose]

Description

Synapse only does IPv4 address resolution for the email.smtp_host when sending email.
This might be (arguably) an issue on Twisted side though.

Internally, our SMTP server is accessible only with IPv6 (because dual-stack services is not a thing in Kubernetes right now) ; while we could probably work around, I think it's still a bug worth fixing, because IPv6-only environments/clouds are getting more and more traction.

Steps to reproduce

• have a SMTP host with only an IPv6 (AAAA) entry
• configure it as the email.smtp_host on Synapse
• try to send an email

Here is the error we got from Sentry:

DNSLookupError: DNS lookup failed: postfix.mail.svc.cluster.local.
  File "synapse/handlers/identity.py", line 350, in send_threepid_validation
    await send_email_func(email_address, token, client_secret, session_id)
  File "synapse/push/mailer.py", line 207, in send_add_threepid_mail
    template_vars,
  File "synapse/push/mailer.py", line 323, in send_email
    requireTransportSecurity=self.hs.config.require_transport_security,

Additional informations

I figured that Synapse was only doing A resolution by capturing on the container net interface. I wondered why this was the case for SMTP but not in other parts like the federation HTTP client.

It seems that it is because Synapse uses twisted.mail.smtp.sendmail to send emails without doing explicit DNS resolution first, and sendmail directly does a reactor.connectTcp which chooses the address type (IPv4 or IPv6) based on the host. Because the host supplied to sendmail is a hostname and not an IP, Twisted considers it is an IPv4, not an IPv6.

I'm not sure if that should be fixed on Synapse or Twisted side.

Version information

• Homeserver: not matrix.org
• Version: 1.15.1
• Install method: Kubernetes/docker image
• Platform: Containers on bare-metal

cc @ludovicm67, my colleague who found this issue

[clokep]

I'm not sure if that should be fixed on Synapse or Twisted side.

The answer is probably "Twisted", but we would likely want a workaround in Synapse until people are able to update to a newer Twisted.

A (not awesome) workaround might be to put the IPv6 literal into the Synapse config instead of the hostname.

[kpfleming]

Just ran into this myself; confirmed the problem by adding an A record for my outbound mail server, and then Synapse was able to send my users email.

[margau]

Is the workaround with the IPv6 literal still working?
I get:

twisted.internet.error.DNSLookupError: DNS lookup failed: [2001:db8:dead:beef::1].

with the literal configured as smtp_host: "[2001:db8:dead:beef::1]" in the latest version.
I do not remember exactly, but I think it worked in an earlier version.

[ShadowJonathan]

The brackets in a ipv6 literal is mainly for HTTP URLs, what happens if you don't include brackets?

[glyph]

Has this one been filed on the Twisted side? sendmail ought to work with IPv6 servers, this seems like a pretty straightforward bug.

[richvdh]

Has this one been filed on the Twisted side? sendmail ought to work with IPv6 servers, this seems like a pretty straightforward bug.

Raised as https://twistedmatrix.com/trac/ticket/10258. Sorry it's a bit terse.

[telmich]

@evilham did you by any chance have a solution for this one in your stack?

[OtherSystems]

Any news? This bug has been open 2.5y now...

Tried IPv6 address directly, but then I get:
twisted.internet.error.ConnectionAborted: Connection was aborted locally using ITCPTransport.abortConnection.