diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 12:06:34 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 12:06:34 +0000 |
commit | 5e61585d76ae77fd5e9e96ebabb57afa4d74880d (patch) | |
tree | 2b467823aaeebc7ef8bc9e3cabe8074eaef1666d /proto/IPV6_README.html | |
parent | Initial commit. (diff) | |
download | postfix-5e61585d76ae77fd5e9e96ebabb57afa4d74880d.tar.xz postfix-5e61585d76ae77fd5e9e96ebabb57afa4d74880d.zip |
Adding upstream version 3.5.24.upstream/3.5.24upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | proto/IPV6_README.html | 387 |
1 files changed, 387 insertions, 0 deletions
diff --git a/proto/IPV6_README.html b/proto/IPV6_README.html new file mode 100644 index 0000000..25f8353 --- /dev/null +++ b/proto/IPV6_README.html @@ -0,0 +1,387 @@ +<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" + "http://www.w3.org/TR/html4/loose.dtd"> + +<html> + +<head> + +<title>Postfix IPv6 Support</title> + +<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> + +</head> + +<body> + +<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix +IPv6 Support</h1> + +<hr> + +<h2>Introduction</h2> + +<p> Postfix 2.2 introduces support for the IPv6 (IP version 6) +protocol. IPv6 support for older Postfix versions was available as +an add-on patch. The section "<a href="#compat">Compatibility with +Postfix <2.2 IPv6 support</a>" below discusses the differences +between these implementations. </p> + +<p> The main feature of interest is that IPv6 uses 128-bit IP +addresses instead of the 32-bit addresses used by IPv4. It can +therefore accommodate a much larger number of hosts and networks +without ugly kluges such as NAT. A side benefit of the much larger +address space is that it makes random network scanning impractical. +</p> + +<p> Postfix uses the same SMTP protocol over IPv6 as it already +uses over the older IPv4 network, and does AAAA record lookups in +the DNS in addition to the older A records. Information about IPv6 +can be found at http://www.ipv6.org/. </p> + +<p> This document provides information on the following topics: +</p> + +<ul> + +<li><a href="#platforms">Supported platforms</a> + +<li><a href="#configuration">Configuration</a> + +<li><a href="#limitations">Known limitations</a> + +<li><a href="#compat">Compatibility with Postfix <2.2 IPv6 support</a> + +<li><a href="#porting">IPv6 Support for unsupported platforms</a> + +<li><a href="#credits">Credits</a> + +</ul> + +<h2><a name="platforms">Supported Platforms</a></h2> + +<p> Postfix version 2.2 supports IPv4 and IPv6 on the following +platforms: </p> + +<ul> + +<li> AIX 5.1+ +<li> Darwin 7.3+ +<li> FreeBSD 4+ +<li> Linux 2.4+ +<li> NetBSD 1.5+ +<li> OpenBSD 2+ +<li> Solaris 8+ +<li> Tru64Unix V5.1+ + +</ul> + +<p> On other platforms Postfix will simply use IPv4 as it has always +done. </p> + +<p> See <a href="#porting">below</a> for tips how to port Postfix +IPv6 support to other environments. </p> + +<h2><a name="configuration">Configuration</a></h2> + +<p> Postfix IPv6 support introduces two new main.cf configuration +parameters, and introduces an important change in address syntax +notation in match lists such as mynetworks or +debug_peer_list. </p> + +<p> Postfix IPv6 address syntax is a little tricky, because there +are a few places where you must enclose an IPv6 address inside +"<tt>[]</tt>" characters, and a few places where you must not. It is +a good idea to use "<tt>[]</tt>" only in the few places where you +have to. Check out the postconf(5) manual whenever you do IPv6 +related configuration work with Postfix. </p> + +<ul> + +<li> <p> Instead of hard-coding 127.0.0.1 and ::1 loopback addresses +in master.cf, specify "inet_interfaces = loopback-only" in main.cf. +This way you can use the same master.cf file regardless of whether +or not Postfix will run on an IPv6-enabled system. </p> + +<li> <p> The first new parameter is called inet_protocols. This +specifies what protocols Postfix will use when it makes or accepts +network connections, and also controls what DNS lookups Postfix +will use when it makes network connections. </p> + +<blockquote> +<pre> +/etc/postfix/main.cf: + # You must stop/start Postfix after changing this parameter. + inet_protocols = ipv4 (DEFAULT: enable IPv4 only) + inet_protocols = all (enable IPv4, and IPv6 if supported) + inet_protocols = ipv4, ipv6 (enable both IPv4 and IPv6) + inet_protocols = ipv6 (enable IPv6 only) +</pre> +</blockquote> + +<p> By default, Postfix uses IPv4 only, because most systems aren't +attached to an IPv6 network. </p> + +<ul> + +<li> <p> On systems with combined IPv4/IPv6 stacks, attempts to +deliver mail via IPv6 would always fail with "network unreachable", +and those attempts would only slow down Postfix. </p> + +<li> <p> Linux kernels don't even load IPv6 protocol support by +default. Any attempt to use it would fail immediately. </p> + +</ul> + +<p> Note 1: you must stop and start Postfix after changing the +inet_protocols configuration parameter. </p> + +<p> Note 2: if you see error messages like the following, then +you're running Linux and need to turn on IPv6 in the kernel: see +http://www.ipv6.org/ for hints and tips. Unlike other systems, +Linux does not have a combined stack for IPv4 and IPv6, and IPv6 +protocol support is not loaded by default. </p> + +<blockquote> +<pre> +postconf: warning: inet_protocols: IPv6 support is disabled: Address family not supported by protocol +postconf: warning: inet_protocols: configuring for IPv4 support only +</pre> +</blockquote> + +<p> Note 3: on older Linux and Solaris systems, the setting +"inet_protocols = ipv6" will not prevent Postfix from +accepting IPv4 connections. Postfix will present the client IP +addresses in IPv6 format, though. In all other cases, Postfix always +presents IPv4 client IP addresses in the traditional dotted quad +IPv4 format. </p> + +<li> <p> The other new parameter is smtp_bind_address6. +This sets the local interface address for outgoing IPv6 SMTP +connections, just like the smtp_bind_address parameter +does for IPv4: </p> + +<blockquote> +<pre> +/etc/postfix/main.cf: + smtp_bind_address6 = 2001:240:587:0:250:56ff:fe89:1 +</pre> +</blockquote> + +<li> <p> If you left the value of the mynetworks parameter at its +default (i.e. no mynetworks setting in main.cf) Postfix will figure +out by itself what its network addresses are. This is what a typical +setting looks like: </p> + +<blockquote> +<pre> +% postconf mynetworks +mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [fe80::]/10 [2001:240:587::]/64 +</pre> +</blockquote> + +<p> If you did specify the mynetworks parameter value in +main.cf, you need update the mynetworks value to include +the IPv6 networks the system is in. Be sure to specify IPv6 address +information inside "<tt>[]</tt>", like this: </p> + +<blockquote> +<pre> +/etc/postfix/main.cf: + mynetworks = ...<i>IPv4 networks</i>... [::1]/128 [2001:240:587::]/64 ... +</pre> +</blockquote> + +</ul> + +<p> <b> NOTE: when configuring Postfix match lists such as +mynetworks or debug_peer_list, you must specify +IPv6 address information inside "<tt>[]</tt>" in the main.cf parameter +value and in files specified with a "<i>/file/name</i>" pattern. +IPv6 addresses contain the ":" character, and would otherwise be +confused with a "<i>type:table</i>" pattern. </b> </p> + +<h2><a name="limitations">Known Limitations</a></h2> + +<ul> + +<li> <p> Postfix SMTP clients before version 2.8 try to connect +over IPv6 before trying IPv4. With more recent Postfix versions, +the order of IPv6 versus IPv4 outgoing connection attempts is +configurable with the smtp_address_preference parameter. </p> + +<li> <p> Postfix versions before 2.6 do not support DNSBL (real-time +blackhole list) lookups for IPv6 client IP addresses. </p> + +<li> <p> IPv6 does not have class A, B, C, etc. networks. With IPv6 +networks, the setting "mynetworks_style = class" has the +same effect as the setting "mynetworks_style = subnet". +</p> + +<li> <p> On Tru64Unix and AIX, Postfix can't figure out the local +subnet mask +and always assumes a /128 network. This is a problem only with +"mynetworks_style = subnet" and no explicit mynetworks +setting in main.cf. </p> + +</ul> + +<h2> <a name="compat">Compatibility with Postfix <2.2 IPv6 support</a> +</h2> + +<p> Postfix version 2.2 IPv6 support is based on the Postfix/IPv6 patch +by Dean Strik and others, but differs in a few minor ways. </p> + +<ul> + +<li> <p> main.cf: The inet_interfaces parameter does not support +the notation "ipv6:all" or "ipv4:all". Use the +inet_protocols parameter instead. </p> + +<li> <p> main.cf: Specify "inet_protocols = all" or +"inet_protocols = ipv4, ipv6" in order to enable both IPv4 +and IPv6 support. </p> + +<li> <p> main.cf: The inet_protocols parameter also controls +what DNS lookups Postfix will attempt to make when delivering or +receiving mail. </p> + +<li> <p> main.cf: Specify "inet_interfaces = loopback-only" +to listen on loopback network interfaces only. </p> + +<li> <p> The lmtp_bind_address and lmtp_bind_address6 +features were omitted. The Postfix LMTP client will be absorbed +into the SMTP client, so there is no reason to keep adding features +to the LMTP client. </p> + +<li> <p> The SMTP server now requires that IPv6 addresses in SMTP +commands are specified as [ipv6:<i>ipv6address</i>], as +described in RFC 2821. </p> + +<li> <p> The IPv6 network address matching code was rewritten from +the ground up, and is expected to be closer to the specification. +The result may be incompatible with the Postfix/IPv6 patch. +</p> + +</ul> + +<h2><a name="porting">IPv6 Support for unsupported platforms</a></h2> + +<p> Getting Postfix IPv6 working on other platforms involves the +following steps: </p> + +<ul> + +<li> <p> Specify how Postfix should find the local network interfaces. +Postfix needs this information to avoid mailer loops and to find out +if mail for <i>user@[ipaddress]</i> is a local or remote destination. </p> + +<p> If your system has the getifaddrs() routine then add +the following to your platform-specific section in +src/util/sys_defs.h: </p> + +<blockquote> +<pre> +#ifndef NO_IPV6 +# define HAS_IPV6 +# define HAVE_GETIFADDRS +#endif +</pre> +</blockquote> + +<p> Otherwise, if your system has the SIOCGLIF ioctl() +command in /usr/include/*/*.h, add the following to your +platform-specific section in src/util/sys_defs.h: </p> + +<blockquote> +<pre> +#ifndef NO_IPV6 +# define HAS_IPV6 +# define HAS_SIOCGLIF +#endif +</pre> +</blockquote> + +<p> Otherwise, Postfix will have to use the old SIOCGIF commands +and get along with reduced IPv6 functionality (it won't be able to +figure out your IPv6 netmasks, which are needed for "mynetworks_style += subnet". Add this to your platform-specific section in +src/util/sys_defs.h: </p> + +<blockquote> +<pre> +#ifndef NO_IPV6 +# define HAS_IPV6 +#endif +</pre> +</blockquote> + +<li> <p> Test if Postfix can figure out its interface information. </p> + +<p> After compiling Postfix in the usual manner, step into the +src/util directory and type "<b>make inet_addr_local</b>". +Running this file by hand should produce all the interface addresses +and network masks, for example: </p> + +<blockquote> +<pre> +% make +% cd src/util +% make inet_addr_local +[... some messages ...] +% ./inet_addr_local +[... some messages ...] +./inet_addr_local: inet_addr_local: configured 2 IPv4 addresses +./inet_addr_local: inet_addr_local: configured 4 IPv6 addresses +168.100.189.2/255.255.255.224 +127.0.0.1/255.0.0.0 +fe80:1::2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff:: +2001:240:587:0:2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff:: +fe80:5::1/ffff:ffff:ffff:ffff:: +::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff +</pre> +</blockquote> + +<p> The above is for an old FreeBSD machine. Other systems produce +slightly different results, but you get the idea. </p> + +</ul> + +<p> If none of all this produces a usable result, send email to the +postfix-users@postfix.org mailing list and we'll try to help you +through this. </p> + +<h2><a name="credits">Credits</a></h2> + +<p> The following information is in part based on information that +was compiled by Dean Strik. </p> + +<ul> + +<li> <p> Mark Huizer wrote the original Postfix IPv6 patch. </p> + +<li> <p> Jun-ichiro 'itojun' Hagino of the KAME project made +substantial improvements. Since then, we speak of the KAME patch. +</p> + +<li> <p> The PLD Linux Distribution ported the code to other stacks +(notably USAGI). We speak of the PLD patch. A very important +feature of the PLD patch was that it can work with Lutz Jaenicke's +TLS patch for Postfix. </p> + +<li> <p> Dean Strik extended IPv6 support to platforms other than +KAME and USAGI, updated the patch to keep up with Postfix development, +and provided a combined IPv6 + TLS patch. Information about his +effort can be found on Dean Strik's Postfix website at +http://www.ipnet6.org/postfix/. </p> + +<li> <p> Wietse Venema took Dean Strik's IPv6 patch, merged it into +Postfix 2.2, and took the opportunity to eliminate all IPv4-specific +code from Postfix that could be removed. For systems without IPv6 +support in the kernel and system libraries, Postfix has a simple +compatibility layer, so that it will use IPv4 as before. </p> + +</ul> + +</body> + +</html> |