docs(CLAUDE): drop stale 'container has no IPv6' claim; align with LESSONS 8-9
The sidecar gained real IPv6 egress (commit 34422ba / LESSONS.md 9), but the
outbound pitfall still asserted 'no IPv6 / no AAAA->A fallback'. Reword to
reflect the fix while keeping the tailnet-relay guidance.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Wayne Hayes
parent
f8aa6c39c7
commit
d292fb0307
10
CLAUDE.md
10
CLAUDE.md
@ -81,10 +81,12 @@ healthcheck, ephemeral OAuth auth). Don't drift it. Tag: `tag:stalwart`.
|
||||
re-init. And never test a password over `127.0.0.1` against these Postgres
|
||||
containers: pg_hba `trust`s loopback and accepts ANY password. Test over the
|
||||
tailnet (scram) or you'll fool yourself.
|
||||
- **Outbound :25 is usually blocked on VPS.** Set `STALWART_SMARTHOST`. The
|
||||
relay address **must be an IPv4 literal or a tailnet IP** — never a dual-stack
|
||||
hostname. The container has no IPv6 and will not fall back from AAAA to A;
|
||||
relaying over the tailnet (`100.x:587`) also bypasses all VPS SMTP port blocks.
|
||||
- **Outbound :25 is usually blocked on VPS.** Set `STALWART_SMARTHOST`, and
|
||||
prefer relaying over the tailnet (`100.x:587`) — it bypasses the VPS SMTP-port
|
||||
blocks and, having no AAAA, sidesteps the v6-first trap. The sidecar now has
|
||||
its **own IPv6 egress** (LESSONS.md 9), so dual-stack targets resolve too;
|
||||
before that fix an AAAA-only path would hang (`os error 101`) with no fallback
|
||||
to A. See LESSONS.md 8–9.
|
||||
- **Mail forces WAN ports.** `:25` must be world-reachable for inbound
|
||||
federation — this is the one place the tailnet-only model can't hold. Keep
|
||||
submission/IMAP tailnet-only if you want a tighter surface.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user