summaryrefslogtreecommitdiffstats
path: root/proto/IPV6_README.html
blob: 01ea51baeeb2d8112e617927cfd3e5c739117905 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
        "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<title>Postfix IPv6 Support</title>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

</head>

<body>

<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
IPv6 Support</h1>

<hr>

<h2>Introduction</h2>

<p> Postfix 2.2 introduces support for the IPv6 (IP version 6)
protocol. IPv6 support for older Postfix versions was available as
an add-on patch. The section "<a href="#compat">Compatibility with
Postfix &lt;2.2 IPv6 support</a>" below discusses the differences
between these implementations. </p>

<p> The main feature of interest is that IPv6 uses 128-bit IP
addresses instead of the 32-bit addresses used by IPv4. It can
therefore accommodate a much larger number of hosts and networks
without ugly kluges such as NAT. A side benefit of the much larger
address space is that it makes random network scanning impractical.
</p>

<p> Postfix uses the same SMTP protocol over IPv6 as it already
uses over the older IPv4 network, and does AAAA record lookups in
the DNS in addition to the older A records.  Information about IPv6
can be found at http://www.ipv6.org/. </p>

<p> This document provides information on the following topics:
</p>

<ul>

<li><a href="#platforms">Supported platforms</a>

<li><a href="#configuration">Configuration</a>

<li><a href="#limitations">Known limitations</a>

<li><a href="#compat">Compatibility with Postfix &lt;2.2 IPv6 support</a>

<li><a href="#porting">IPv6 Support for unsupported platforms</a>

<li><a href="#credits">Credits</a>

</ul>

<h2><a name="platforms">Supported Platforms</a></h2>

<p> Postfix version 2.2 supports IPv4 and IPv6 on the following
platforms:  </p>

<ul>

<li> AIX 5.1+
<li> Darwin 7.3+
<li> FreeBSD 4+
<li> Linux 2.4+
<li> NetBSD 1.5+
<li> OpenBSD 2+
<li> Solaris 8+
<li> Tru64Unix V5.1+

</ul>

<p> On other platforms Postfix will simply use IPv4 as it has always
done. </p>

<p> See <a href="#porting">below</a> for tips how to port Postfix
IPv6 support to other environments.  </p>

<h2><a name="configuration">Configuration</a></h2>

<p> Postfix IPv6 support introduces two new main.cf configuration
parameters, and introduces an important change in address syntax
notation in match lists such as mynetworks or
debug_peer_list. </p>

<p> Postfix IPv6 address syntax is a little tricky, because there
are a few places where you must enclose an IPv6 address inside
"<tt>[]</tt>" characters, and a few places where you must not. It is
a good idea to use "<tt>[]</tt>" only in the few places where you
have to. Check out the postconf(5) manual whenever you do IPv6
related configuration work with Postfix.  </p>

<ul>

<li> <p> Instead of hard-coding 127.0.0.1 and ::1 loopback addresses
in master.cf, specify "inet_interfaces = loopback-only" in main.cf.
This way you can use the same master.cf file regardless of whether
or not Postfix will run on an IPv6-enabled system. </p>

<li> <p> The first new parameter is called inet_protocols.  This
specifies what protocols Postfix will use when it makes or accepts
network connections, and also controls what DNS lookups Postfix
will use when it makes network connections.  </p>

<blockquote>
<pre>
/etc/postfix/main.cf:
    # You must stop/start Postfix after changing this parameter.
    inet_protocols = all        (enable IPv4, and IPv6 if supported)
    inet_protocols = ipv4       (enable IPv4 only)
    inet_protocols = ipv4, ipv6 (enable both IPv4 and IPv6)
    inet_protocols = ipv6       (enable IPv6 only)
</pre>
</blockquote>

<p> The default is compile-time dependent: "all" when Postfix is built
on a software distribution with IPv6 support, "ipv4" otherwise. </p>

<p> Note 1: you must stop and start Postfix after changing the
inet_protocols configuration parameter. </p>

<p> Note 2: on older Linux and Solaris systems, the setting
"inet_protocols = ipv6" will not prevent Postfix from
accepting IPv4 connections. </p>

<li> <p> The other new parameter is smtp_bind_address6.
This sets the local interface address for outgoing IPv6 SMTP
connections, just like the smtp_bind_address parameter
does for IPv4: </p>

<blockquote>
<pre>
/etc/postfix/main.cf:
    smtp_bind_address6 = 2001:240:587:0:250:56ff:fe89:1
</pre>
</blockquote>

<li> <p> If you left the value of the mynetworks parameter at its
default (i.e. no mynetworks setting in main.cf) Postfix will figure
out by itself what its network addresses are. This is what a typical
setting looks like: </p>

<blockquote>
<pre>
% postconf mynetworks
mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [fe80::]/10 [2001:240:587::]/64 
</pre>
</blockquote>

<p> If you did specify the mynetworks parameter value in
main.cf, you need to update the mynetworks value to include
the IPv6 networks the system is in. Be sure to specify IPv6 address
information inside "<tt>[]</tt>", like this: </p>

<blockquote>
<pre>
/etc/postfix/main.cf:
    mynetworks = ...<i>IPv4 networks</i>... [::1]/128 [2001:240:587::]/64 ...
</pre>
</blockquote>

</ul>

<p> <b> NOTE: when configuring Postfix match lists such as
mynetworks or debug_peer_list, you must specify
IPv6 address information inside "<tt>[]</tt>" in the main.cf parameter
value and in files specified with a "<i>/file/name</i>" pattern.
IPv6 addresses contain the ":" character, and would otherwise be
confused with a "<i>type:table</i>" pattern. </b>  </p>

<h2><a name="limitations">Known Limitations</a></h2>

<ul>

<li> <p> Postfix SMTP clients before version 2.8 try to connect
over IPv6 before trying IPv4.  With more recent Postfix versions,
the order of IPv6 versus IPv4 outgoing connection attempts is
configurable with the smtp_address_preference parameter.  </p>

<li> <p> Postfix versions before 2.6 do not support DNSBL (DNS
blocklist) lookups for IPv6 client IP addresses. </p>

<li> <p> IPv6 does not have class A, B, C, etc. networks. With IPv6
networks, the setting "mynetworks_style = class" has the
same effect as the setting "mynetworks_style = subnet".
</p>

<li> <p> On Tru64Unix and AIX, Postfix can't figure out the local
subnet mask
and always assumes a /128 network. This is a problem only with
"mynetworks_style = subnet" and no explicit mynetworks
setting in main.cf. </p>

</ul>

<h2> <a name="compat">Compatibility with Postfix &lt;2.2 IPv6 support</a>
</h2>

<p> Postfix version 2.2 IPv6 support is based on the Postfix/IPv6 patch
by Dean Strik and others, but differs in a few minor ways. </p>

<ul>

<li> <p> main.cf: The inet_interfaces parameter does not support
the notation  "ipv6:all" or "ipv4:all". Use the
inet_protocols parameter instead. </p>

<li> <p> main.cf: Specify "inet_protocols = all" or
"inet_protocols = ipv4, ipv6" in order to enable both IPv4
and IPv6 support. </p>

<li> <p> main.cf: The inet_protocols parameter also controls
what DNS lookups Postfix will attempt to make when delivering or
receiving mail. </p>

<li> <p> main.cf: Specify "inet_interfaces = loopback-only"
to listen on loopback network interfaces only. </p>

<li> <p> The lmtp_bind_address and lmtp_bind_address6
features were omitted. Postfix version 2.3 merged the LMTP client
into the SMTP client, so there was no reason to keep adding features
to the LMTP client. </p>

<li> <p> The SMTP server now requires that IPv6 addresses in SMTP
commands are specified as [ipv6:<i>ipv6address</i>], as
described in RFC 2821. </p>

<li> <p> The IPv6 network address matching code was rewritten from
the ground up, and is expected to be closer to the specification.
The result may be incompatible with the Postfix/IPv6 patch.
</p>

</ul>

<h2><a name="porting">IPv6 Support for unsupported platforms</a></h2>

<p> Getting Postfix IPv6 working on other platforms involves the
following steps: </p>

<ul>

<li> <p> Specify how Postfix should find the local network interfaces.
Postfix needs this information to avoid mailer loops and to find out
if mail for <i>user@[ipaddress]</i> is a local or remote destination. </p>

<p> If your system has the getifaddrs() routine then add
the following to your platform-specific section in
src/util/sys_defs.h:  </p>

<blockquote>
<pre>
#ifndef NO_IPV6
# define HAS_IPV6
# define HAVE_GETIFADDRS
#endif
</pre>
</blockquote>

<p> Otherwise, if your system has the SIOCGLIF ioctl()
command in /usr/include/*/*.h, add the following to your
platform-specific section in src/util/sys_defs.h: </p>

<blockquote>
<pre>
#ifndef NO_IPV6
# define HAS_IPV6
# define HAS_SIOCGLIF
#endif
</pre> 
</blockquote>

<p> Otherwise, Postfix will have to use the old SIOCGIF commands
and get along with reduced IPv6 functionality (it won't be able to
figure out your IPv6 netmasks, which are needed for "mynetworks_style
= subnet". Add this to your platform-specific section in
src/util/sys_defs.h: </p>

<blockquote>
<pre>
#ifndef NO_IPV6
# define HAS_IPV6
#endif
</pre> 
</blockquote>

<li> <p> Test if Postfix can figure out its interface information. </p>

<p> After compiling Postfix in the usual manner, step into the
src/util directory and type "<b>make inet_addr_local</b>".
Running this file by hand should produce all the interface addresses
and network masks, for example: </p>

<blockquote>
<pre>
% make
% cd src/util
% make inet_addr_local
[... some messages ...]
% ./inet_addr_local
[... some messages ...]
./inet_addr_local: inet_addr_local: configured 2 IPv4 addresses
./inet_addr_local: inet_addr_local: configured 4 IPv6 addresses
168.100.189.2/255.255.255.224
127.0.0.1/255.0.0.0
fe80:1::2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
2001:240:587:0:2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
fe80:5::1/ffff:ffff:ffff:ffff::
::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
</pre>
</blockquote>

<p> The above is for an old FreeBSD machine. Other systems produce
slightly different results, but you get the idea. </p>

</ul>

<p> If none of all this produces a usable result, send email to the
postfix-users@postfix.org mailing list and we'll try to help you
through this. </p>

<h2><a name="credits">Credits</a></h2>

<p> The following information is in part based on information that
was compiled by Dean Strik. </p>

<ul>

<li> <p> Mark Huizer wrote the original Postfix IPv6 patch. </p>

<li> <p> Jun-ichiro 'itojun' Hagino of the KAME project made
substantial improvements. Since then, we speak of the KAME patch.
</p>

<li> <p> The PLD Linux Distribution ported the code to other stacks
(notably USAGI).  We speak of the PLD patch. A very important
feature of the PLD patch was that it can work with Lutz Jaenicke's
TLS patch for Postfix.  </p>

<li> <p> Dean Strik extended IPv6 support to platforms other than
KAME and USAGI, updated the patch to keep up with Postfix development,
and provided a combined IPv6 + TLS patch.  Information about his
effort can be found on Dean Strik's Postfix website at
http://www.ipnet6.org/postfix/. </p>

<li> <p> Wietse Venema took Dean Strik's IPv6 patch, merged it into
Postfix 2.2, and took the opportunity to eliminate all IPv4-specific
code from Postfix that could be removed.  For systems without IPv6
support in the kernel and system libraries, Postfix has a simple
compatibility layer, so that it will use IPv4 as before.  </p>

</ul>

</body>

</html>