Patrick Welche <prlw1@cam.ac.uk>
[netbsd-mini2440.git] / external / ibm-public / postfix / dist / proto / IPV6_README.html
blobcf5ed5eed35681c56035b53f9912c851dc3dc98d
1 <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
2 "http://www.w3.org/TR/html4/loose.dtd">
4 <html>
6 <head>
8 <title>Postfix IPv6 Support</title>
10 <meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
12 </head>
14 <body>
16 <h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
17 IPv6 Support</h1>
19 <hr>
21 <h2>Introduction</h2>
23 <p> Postfix 2.2 introduces support for the IPv6 (IP version 6)
24 protocol. IPv6 support for older Postfix versions was available as
25 an add-on patch. The section "<a href="#compat">Compatibility with
26 Postfix &lt;2.2 IPv6 support</a>" below discusses the differences
27 between these implementations. </p>
29 <p> The main feature of interest is that IPv6 uses 128-bit IP
30 addresses instead of the 32-bit addresses used by IPv4. It can
31 therefore accommodate a much larger number of hosts and networks
32 without ugly kluges such as NAT. A side benefit of the much larger
33 address space is that it makes random network scanning impractical.
34 </p>
36 <p> Postfix uses the same SMTP protocol over IPv6 as it already
37 uses over the older IPv4 network, and does AAAA record lookups in
38 the DNS in addition to the older A records. Information about IPv6
39 can be found at http://www.ipv6.org/. </p>
41 <p> This document provides information on the following topics:
42 </p>
44 <ul>
46 <li><a href="#platforms">Supported platforms</a>
48 <li><a href="#configuration">Configuration</a>
50 <li><a href="#limitations">Known limitations</a>
52 <li><a href="#compat">Compatibility with Postfix &lt;2.2 IPv6 support</a>
54 <li><a href="#porting">IPv6 Support for unsupported platforms</a>
56 <li><a href="#credits">Credits</a>
58 </ul>
60 <h2><a name="platforms">Supported Platforms</a></h2>
62 <p> Postfix version 2.2 supports IPv4 and IPv6 on the following
63 platforms: </p>
65 <ul>
67 <li> AIX 5.1+
68 <li> Darwin 7.3+
69 <li> FreeBSD 4+
70 <li> Linux 2.4+
71 <li> NetBSD 1.5+
72 <li> OpenBSD 2+
73 <li> Solaris 8+
74 <li> Tru64Unix V5.1+
76 </ul>
78 <p> On other platforms Postfix will simply use IPv4 as it has always
79 done. </p>
81 <p> See <a href="#porting">below</a> for tips how to port Postfix
82 IPv6 support to other environments. </p>
84 <h2><a name="configuration">Configuration</a></h2>
86 <p> Postfix IPv6 support introduces two new main.cf configuration
87 parameters, and introduces an important change in address syntax
88 notation in match lists such as mynetworks or
89 debug_peer_list. </p>
91 <p> Postfix IPv6 address syntax is a little tricky, because there
92 are a few places where you must enclose an IPv6 address inside
93 "<tt>[]</tt>" characters, and a few places where you must not. It is
94 a good idea to use "<tt>[]</tt>" only in the few places where you
95 have to. Check out the postconf(5) manual whenever you do IPv6
96 related configuration work with Postfix. </p>
98 <ul>
100 <li> <p> Instead of hard-coding 127.0.0.1 and ::1 loopback addresses
101 in master.cf, specify "inet_interfaces = loopback-only" in main.cf.
102 This way you can use the same master.cf file regardless of whether
103 or not Postfix will run on an IPv6-enabled system. </p>
105 <li> <p> The first new parameter is called inet_protocols. This
106 specifies what protocols Postfix will use when it makes or accepts
107 network connections, and also controls what DNS lookups Postfix
108 will use when it makes network connections. </p>
110 <blockquote>
111 <pre>
112 /etc/postfix/main.cf:
113 # You must stop/start Postfix after changing this parameter.
114 inet_protocols = ipv4 (DEFAULT: enable IPv4 only)
115 inet_protocols = all (enable IPv4, and IPv6 if supported)
116 inet_protocols = ipv4, ipv6 (enable both IPv4 and IPv6)
117 inet_protocols = ipv6 (enable IPv6 only)
118 </pre>
119 </blockquote>
121 <p> By default, Postfix uses IPv4 only, because most systems aren't
122 attached to an IPv6 network. </p>
124 <ul>
126 <li> <p> On systems with combined IPv4/IPv6 stacks, attempts to
127 deliver mail via IPv6 would always fail with "network unreachable",
128 and those attempts would only slow down Postfix. </p>
130 <li> <p> Linux kernels don't even load IPv6 protocol support by
131 default. Any attempt to use it would fail immediately. </p>
133 </ul>
135 <p> Note 1: you must stop and start Postfix after changing the
136 inet_protocols configuration parameter. </p>
138 <p> Note 2: if you see error messages like the following, then
139 you're running Linux and need to turn on IPv6 in the kernel: see
140 http://www.ipv6.org/ for hints and tips. Unlike other systems,
141 Linux does not have a combined stack for IPv4 and IPv6, and IPv6
142 protocol support is not loaded by default. </p>
144 <blockquote>
145 <pre>
146 postconf: warning: inet_protocols: IPv6 support is disabled: Address family not supported by protocol
147 postconf: warning: inet_protocols: configuring for IPv4 support only
148 </pre>
149 </blockquote>
151 <p> Note 3: on older Linux and Solaris systems, the setting
152 "inet_protocols = ipv6" will not prevent Postfix from
153 accepting IPv4 connections. Postfix will present the client IP
154 addresses in IPv6 format, though. In all other cases, Postfix always
155 presents IPv4 client IP addresses in the traditional dotted quad
156 IPv4 format. </p>
158 <li> <p> The other new parameter is smtp_bind_address6.
159 This sets the local interface address for outgoing IPv6 SMTP
160 connections, just like the smtp_bind_address parameter
161 does for IPv4: </p>
163 <blockquote>
164 <pre>
165 /etc/postfix/main.cf:
166 smtp_bind_address6 = 2001:240:587:0:250:56ff:fe89:1
167 </pre>
168 </blockquote>
170 <li> <p> If you left the value of the mynetworks parameter at its
171 default (i.e. no mynetworks setting in main.cf) Postfix will figure
172 out by itself what its network addresses are. This is what a typical
173 setting looks like: </p>
175 <blockquote>
176 <pre>
177 % postconf mynetworks
178 mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [fe80::]/10 [2001:240:587::]/64
179 </pre>
180 </blockquote>
182 <p> If you did specify the mynetworks parameter value in
183 main.cf, you need update the mynetworks value to include
184 the IPv6 networks the system is in. Be sure to specify IPv6 address
185 information inside "<tt>[]</tt>", like this: </p>
187 <blockquote>
188 <pre>
189 /etc/postfix/main.cf:
190 mynetworks = ...<i>IPv4 networks</i>... [::1]/128 [2001:240:587::]/64 ...
191 </pre>
192 </blockquote>
194 </ul>
196 <p> <b> NOTE: when configuring Postfix match lists such as
197 mynetworks or debug_peer_list, you must specify
198 IPv6 address information inside "<tt>[]</tt>" in the main.cf parameter
199 value and in files specified with a "<i>/file/name</i>" pattern.
200 IPv6 addresses contain the ":" character, and would otherwise be
201 confused with a "<i>type:table</i>" pattern. </b> </p>
203 <h2><a name="limitations">Known Limitations</a></h2>
205 <ul>
207 <li> <p> The order of IPv6/IPv4 outgoing connection attempts is
208 not yet configurable. Currently, IPv6 is tried before IPv4. </p>
210 <li> <p> Postfix currently does not support DNSBL (real-time
211 blackhole list) lookups for IPv6 client IP addresses; currently
212 there are no blacklists that cover the IPv6 address space. </p>
214 <li> <p> IPv6 does not have class A, B, C, etc. networks. With IPv6
215 networks, the setting "mynetworks_style = class" has the
216 same effect as the setting "mynetworks_style = subnet".
217 </p>
219 <li> <p> On Tru64Unix and AIX, Postfix can't figure out the local
220 subnet mask
221 and always assumes a /128 network. This is a problem only with
222 "mynetworks_style = subnet" and no explicit mynetworks
223 setting in main.cf. </p>
225 </ul>
227 <h2> <a name="compat">Compatibility with Postfix &lt;2.2 IPv6 support</a>
228 </h2>
230 <p> Postfix version 2.2 IPv6 support is based on the Postfix/IPv6 patch
231 by Dean Strik and others, but differs in a few minor ways. </p>
233 <ul>
235 <li> <p> main.cf: The inet_interfaces parameter does not support
236 the notation "ipv6:all" or "ipv4:all". Use the
237 inet_protocols parameter instead. </p>
239 <li> <p> main.cf: Specify "inet_protocols = all" or
240 "inet_protocols = ipv4, ipv6" in order to enable both IPv4
241 and IPv6 support. </p>
243 <li> <p> main.cf: The inet_protocols parameter also controls
244 what DNS lookups Postfix will attempt to make when delivering or
245 receiving mail. </p>
247 <li> <p> main.cf: Specify "inet_interfaces = loopback-only"
248 to listen on loopback network interfaces only. </p>
250 <li> <p> The lmtp_bind_address and lmtp_bind_address6
251 features were omitted. The Postfix LMTP client will be absorbed
252 into the SMTP client, so there is no reason to keep adding features
253 to the LMTP client. </p>
255 <li> <p> The SMTP server now requires that IPv6 addresses in SMTP
256 commands are specified as [ipv6:<i>ipv6address</i>], as
257 described in RFC 2821. </p>
259 <li> <p> The IPv6 network address matching code was rewritten from
260 the ground up, and is expected to be closer to the specification.
261 The result may be incompatible with the Postfix/IPv6 patch.
262 </p>
264 </ul>
266 <h2><a name="porting">IPv6 Support for unsupported platforms</a></h2>
268 <p> Getting Postfix IPv6 working on other platforms involves the
269 following steps: </p>
271 <ul>
273 <li> <p> Specify how Postfix should find the local network interfaces.
274 Postfix needs this information to avoid mailer loops and to find out
275 if mail for <i>user@[ipaddress]</i> is a local or remote destination. </p>
277 <p> If your system has the getifaddrs() routine then add
278 the following to your platform-specific section in
279 src/util/sys_defs.h: </p>
281 <blockquote>
282 <pre>
283 #ifndef NO_IPV6
284 # define HAS_IPV6
285 # define HAVE_GETIFADDRS
286 #endif
287 </pre>
288 </blockquote>
290 <p> Otherwise, if your system has the SIOCGLIF ioctl()
291 command in /usr/include/*/*.h, add the following to your
292 platform-specific section in src/util/sys_defs.h: </p>
294 <blockquote>
295 <pre>
296 #ifndef NO_IPV6
297 # define HAS_IPV6
298 # define HAS_SIOCGLIF
299 #endif
300 </pre>
301 </blockquote>
303 <p> Otherwise, Postfix will have to use the old SIOCGIF commands
304 and get along with reduced IPv6 functionality (it won't be able to
305 figure out your IPv6 netmasks, which are needed for "mynetworks_style
306 = subnet". Add this to your platform-specific section in
307 src/util/sys_defs.h: </p>
309 <blockquote>
310 <pre>
311 #ifndef NO_IPV6
312 # define HAS_IPV6
313 #endif
314 </pre>
315 </blockquote>
317 <li> <p> Test if Postfix can figure out its interface information. </p>
319 <p> After compiling Postfix in the usual manner, step into the
320 src/util directory and type "<b>make inet_addr_local</b>".
321 Running this file by hand should produce all the interface addresses
322 and network masks, for example: </p>
324 <blockquote>
325 <pre>
326 % make
327 % cd src/util
328 % make inet_addr_local
329 [... some messages ...]
330 % ./inet_addr_local
331 [... some messages ...]
332 ./inet_addr_local: inet_addr_local: configured 2 IPv4 addresses
333 ./inet_addr_local: inet_addr_local: configured 4 IPv6 addresses
334 168.100.189.2/255.255.255.224
335 127.0.0.1/255.0.0.0
336 fe80:1::2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
337 2001:240:587:0:2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
338 fe80:5::1/ffff:ffff:ffff:ffff::
339 ::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
340 </pre>
341 </blockquote>
343 <p> The above is for an old FreeBSD machine. Other systems produce
344 slightly different results, but you get the idea. </p>
346 </ul>
348 <p> If none of all this produces a usable result, send email to the
349 postfix-users@postfix.org mailing list and we'll try to help you
350 through this. </p>
352 <h2><a name="credits">Credits</a></h2>
354 <p> The following information is in part based on information that
355 was compiled by Dean Strik. </p>
357 <ul>
359 <li> <p> Mark Huizer wrote the original Postfix IPv6 patch. </p>
361 <li> <p> Jun-ichiro 'itojun' Hagino of the KAME project made
362 substantial improvements. Since then, we speak of the KAME patch.
363 </p>
365 <li> <p> The PLD Linux Distribution ported the code to other stacks
366 (notably USAGI). We speak of the PLD patch. A very important
367 feature of the PLD patch was that it can work with Lutz Jaenicke's
368 TLS patch for Postfix. </p>
370 <li> <p> Dean Strik extended IPv6 support to platforms other than
371 KAME and USAGI, updated the patch to keep up with Postfix development,
372 and provided a combined IPv6 + TLS patch. Information about his
373 effort can be found on Dean Strik's Postfix website at
374 http://www.ipnet6.org/postfix/. </p>
376 <li> <p> Wietse Venema took Dean Strik's IPv6 patch, merged it into
377 Postfix 2.2, and took the opportunity to eliminate all IPv4-specific
378 code from Postfix that could be removed. For systems without IPv6
379 support in the kernel and system libraries, Postfix has a simple
380 compatibility layer, so that it will use IPv4 as before. </p>
382 </ul>
384 </body>
386 </html>