@@ -157,10 +157,32 @@ def starttls_scan(domain, smtp_timeout, smtp_localhost, smtp_ports, smtp_cache):
157157 # traffic sent to and from the SMTP server.
158158 smtp_connection .set_debuglevel (1 )
159159 logging .debug ('Testing ' + server_and_port + ' for STARTTLS support' )
160+
161+ # Look up the IPv4 address for mail_server.
162+ #
163+ # By default, smtplib looks for A and AAAA records
164+ # from DNS and uses the first one that it can connect
165+ # to. What I find when running in Lambda (at least in
166+ # my VPC that doesn't support IPv6) is that when DNS
167+ # returns IPv6 an address I get a low level "errno 97
168+ # - Address family not supported by protocol" error
169+ # and the other addresses returned by DNS are not
170+ # tried. Therefore the hostname is not scanned at
171+ # all.
172+ #
173+ # To get around this I look up the A record and use
174+ # that instead of the hostname in DNS when I call
175+ # smtp_connection.connect().
176+ addr_info = socket .getaddrinfo (
177+ mail_server , port , socket .AF_INET , socket .SOCK_STREAM
178+ )
179+ socket_address = addr_info [0 ][4 ]
180+ mail_server_ip_address = socket_address [0 ]
181+
160182 # Try to connect. This will tell us if something is
161183 # listening.
162184 try :
163- smtp_connection .connect (mail_server , port )
185+ smtp_connection .connect (mail_server_ip_address , port )
164186 domain .starttls_results [server_and_port ]['is_listening' ] = True
165187 except (socket .timeout , smtplib .SMTPConnectError ,
166188 smtplib .SMTPServerDisconnected ,
0 commit comments