| blob | d60b0e5f0e7fe9786e7bc39f9c8028c14db73d96 |
3 -------------------------------------------------------------------------------
7 Postfix 2.2 introduces support for the IPv6 (IP version 6) protocol. IPv6
8 support for older Postfix versions was available as an add-on patch. The
9 section "Compatibility with Postfix <2.2 IPv6 support" below discusses the
10 differences between these implementations.
12 The main feature of interest is that IPv6 uses 128-bit IP addresses instead of
13 the 32-bit addresses used by IPv4. It can therefore accommodate a much larger
14 number of hosts and networks without ugly kluges such as NAT. A side benefit of
15 the much larger address space is that it makes random network scanning
16 impractical.
18 Postfix uses the same SMTP protocol over IPv6 as it already uses over the older
19 IPv4 network, and does AAAA record lookups in the DNS in addition to the older
20 A records. Information about IPv6 can be found at http://www.ipv6.org/.
22 This document provides information on the following topics:
24 * Supported platforms
25 * Configuration
26 * Known limitations
27 * Compatibility with Postfix <2.2 IPv6 support
28 * IPv6 Support for unsupported platforms
29 * Credits
33 Postfix version 2.2 supports IPv4 and IPv6 on the following platforms:
35 * AIX 5.1+
36 * Darwin 7.3+
37 * FreeBSD 4+
38 * Linux 2.4+
39 * NetBSD 1.5+
40 * OpenBSD 2+
41 * Solaris 8+
42 * Tru64Unix V5.1+
44 On other platforms Postfix will simply use IPv4 as it has always done.
46 See below for tips how to port Postfix IPv6 support to other environments.
50 Postfix IPv6 support introduces two new main.cf configuration parameters, and
51 introduces an important change in address syntax notation in match lists such
52 as mynetworks or debug_peer_list.
54 Postfix IPv6 address syntax is a little tricky, because there are a few places
55 where you must enclose an IPv6 address inside "[]" characters, and a few places
56 where you must not. It is a good idea to use "[]" only in the few places where
57 you have to. Check out the postconf(5) manual whenever you do IPv6 related
58 configuration work with Postfix.
60 * Instead of hard-coding 127.0.0.1 and ::1 loopback addresses in master.cf,
61 specify "inet_interfaces = loopback-only" in main.cf. This way you can use
62 the same master.cf file regardless of whether or not Postfix will run on an
63 IPv6-enabled system.
65 * The first new parameter is called inet_protocols. This specifies what
66 protocols Postfix will use when it makes or accepts network connections,
67 and also controls what DNS lookups Postfix will use when it makes network
68 connections.
70 /etc/postfix/main.cf:
71 # You must stop/start Postfix after changing this parameter.
72 inet_protocols = ipv4 (DEFAULT: enable IPv4 only)
73 inet_protocols = all (enable IPv4, and IPv6 if supported)
74 inet_protocols = ipv4, ipv6 (enable both IPv4 and IPv6)
75 inet_protocols = ipv6 (enable IPv6 only)
77 By default, Postfix uses IPv4 only, because most systems aren't attached to
78 an IPv6 network.
80 o On systems with combined IPv4/IPv6 stacks, attempts to deliver mail via
81 IPv6 would always fail with "network unreachable", and those attempts
82 would only slow down Postfix.
84 o Linux kernels don't even load IPv6 protocol support by default. Any
85 attempt to use it would fail immediately.
87 Note 1: you must stop and start Postfix after changing the inet_protocols
88 configuration parameter.
90 Note 2: if you see error messages like the following, then you're running
91 Linux and need to turn on IPv6 in the kernel: see http://www.ipv6.org/ for
92 hints and tips. Unlike other systems, Linux does not have a combined stack
93 for IPv4 and IPv6, and IPv6 protocol support is not loaded by default.
95 postconf: warning: inet_protocols: IPv6 support is disabled: Address
96 family not supported by protocol
97 postconf: warning: inet_protocols: configuring for IPv4 support only
99 Note 3: on older Linux and Solaris systems, the setting "inet_protocols =
100 ipv6" will not prevent Postfix from accepting IPv4 connections. Postfix
101 will present the client IP addresses in IPv6 format, though. In all other
102 cases, Postfix always presents IPv4 client IP addresses in the traditional
103 dotted quad IPv4 format.
105 * The other new parameter is smtp_bind_address6. This sets the local
106 interface address for outgoing IPv6 SMTP connections, just like the
107 smtp_bind_address parameter does for IPv4:
109 /etc/postfix/main.cf:
110 smtp_bind_address6 = 2001:240:587:0:250:56ff:fe89:1
112 * If you left the value of the mynetworks parameter at its default (i.e. no
113 mynetworks setting in main.cf) Postfix will figure out by itself what its
114 network addresses are. This is what a typical setting looks like:
116 % postconf mynetworks
117 mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [fe80::]/10 [2001:
118 240:587::]/64
120 If you did specify the mynetworks parameter value in main.cf, you need
121 update the mynetworks value to include the IPv6 networks the system is in.
122 Be sure to specify IPv6 address information inside "[]", like this:
124 /etc/postfix/main.cf:
125 mynetworks = ...IPv4 networks... [::1]/128 [2001:240:587::]/64 ...
127 N\bNO\bOT\bTE\bE:\b: w\bwh\bhe\ben\bn c\bco\bon\bnf\bfi\big\bgu\bur\bri\bin\bng\bg P\bPo\bos\bst\btf\bfi\bix\bx m\bma\bat\btc\bch\bh l\bli\bis\bst\bts\bs s\bsu\buc\bch\bh a\bas\bs m\bmy\byn\bne\bet\btw\bwo\bor\brk\bks\bs o\bor\br
128 d\bde\beb\bbu\bug\bg_\b_p\bpe\bee\ber\br_\b_l\bli\bis\bst\bt,\b, y\byo\bou\bu m\bmu\bus\bst\bt s\bsp\bpe\bec\bci\bif\bfy\by I\bIP\bPv\bv6\b6 a\bad\bdd\bdr\bre\bes\bss\bs i\bin\bnf\bfo\bor\brm\bma\bat\bti\bio\bon\bn i\bin\bns\bsi\bid\bde\be "\b"[\b[]\b]"\b" i\bin\bn t\bth\bhe\be
129 m\bma\bai\bin\bn.\b.c\bcf\bf p\bpa\bar\bra\bam\bme\bet\bte\ber\br v\bva\bal\blu\bue\be a\ban\bnd\bd i\bin\bn f\bfi\bil\ble\bes\bs s\bsp\bpe\bec\bci\bif\bfi\bie\bed\bd w\bwi\bit\bth\bh a\ba "\b"/\b/f\bfi\bil\ble\be/\b/n\bna\bam\bme\be"\b" p\bpa\bat\btt\bte\ber\brn\bn.\b.
130 I\bIP\bPv\bv6\b6 a\bad\bdd\bdr\bre\bes\bss\bse\bes\bs c\bco\bon\bnt\bta\bai\bin\bn t\bth\bhe\be "\b":\b:"\b" c\bch\bha\bar\bra\bac\bct\bte\ber\br,\b, a\ban\bnd\bd w\bwo\bou\bul\bld\bd o\bot\bth\bhe\ber\brw\bwi\bis\bse\be b\bbe\be c\bco\bon\bnf\bfu\bus\bse\bed\bd w\bwi\bit\bth\bh
135 * The order of IPv6/IPv4 outgoing connection attempts is not yet
136 configurable. Currently, IPv6 is tried before IPv4.
138 * Postfix currently does not support DNSBL (real-time blackhole list) lookups
139 for IPv6 client IP addresses; currently there are no blacklists that cover
140 the IPv6 address space.
142 * IPv6 does not have class A, B, C, etc. networks. With IPv6 networks, the
143 setting "mynetworks_style = class" has the same effect as the setting
144 "mynetworks_style = subnet".
146 * On Tru64Unix and AIX, Postfix can't figure out the local subnet mask and
147 always assumes a /128 network. This is a problem only with
148 "mynetworks_style = subnet" and no explicit mynetworks setting in main.cf.
150 C\bCo\bom\bmp\bpa\bat\bti\bib\bbi\bil\bli\bit\bty\by w\bwi\bit\bth\bh P\bPo\bos\bst\btf\bfi\bix\bx <\b<2\b2.\b.2\b2 I\bIP\bPv\bv6\b6 s\bsu\bup\bpp\bpo\bor\brt\bt
152 Postfix version 2.2 IPv6 support is based on the Postfix/IPv6 patch by Dean
153 Strik and others, but differs in a few minor ways.
155 * main.cf: The inet_interfaces parameter does not support the notation "ipv6:
156 all" or "ipv4:all". Use the inet_protocols parameter instead.
158 * main.cf: Specify "inet_protocols = all" or "inet_protocols = ipv4, ipv6" in
159 order to enable both IPv4 and IPv6 support.
161 * main.cf: The inet_protocols parameter also controls what DNS lookups
162 Postfix will attempt to make when delivering or receiving mail.
164 * main.cf: Specify "inet_interfaces = loopback-only" to listen on loopback
165 network interfaces only.
167 * The lmtp_bind_address and lmtp_bind_address6 features were omitted. The
168 Postfix LMTP client will be absorbed into the SMTP client, so there is no
169 reason to keep adding features to the LMTP client.
171 * The SMTP server now requires that IPv6 addresses in SMTP commands are
172 specified as [ipv6:ipv6address], as described in RFC 2821.
174 * The IPv6 network address matching code was rewritten from the ground up,
175 and is expected to be closer to the specification. The result may be
176 incompatible with the Postfix/IPv6 patch.
178 I\bIP\bPv\bv6\b6 S\bSu\bup\bpp\bpo\bor\brt\bt f\bfo\bor\br u\bun\bns\bsu\bup\bpp\bpo\bor\brt\bte\bed\bd p\bpl\bla\bat\btf\bfo\bor\brm\bms\bs
180 Getting Postfix IPv6 working on other platforms involves the following steps:
182 * Specify how Postfix should find the local network interfaces. Postfix needs
183 this information to avoid mailer loops and to find out if mail for user@
184 [ipaddress] is a local or remote destination.
186 If your system has the getifaddrs() routine then add the following to your
187 platform-specific section in src/util/sys_defs.h:
189 #ifndef NO_IPV6
190 # define HAS_IPV6
191 # define HAVE_GETIFADDRS
192 #endif
194 Otherwise, if your system has the SIOCGLIF ioctl() command in /usr/include/
195 */*.h, add the following to your platform-specific section in src/util/
196 sys_defs.h:
198 #ifndef NO_IPV6
199 # define HAS_IPV6
200 # define HAS_SIOCGLIF
201 #endif
203 Otherwise, Postfix will have to use the old SIOCGIF commands and get along
204 with reduced IPv6 functionality (it won't be able to figure out your IPv6
205 netmasks, which are needed for "mynetworks_style = subnet". Add this to
206 your platform-specific section in src/util/sys_defs.h:
208 #ifndef NO_IPV6
209 # define HAS_IPV6
210 #endif
212 * Test if Postfix can figure out its interface information.
214 After compiling Postfix in the usual manner, step into the src/util
215 directory and type "m\bma\bak\bke\be i\bin\bne\bet\bt_\b_a\bad\bdd\bdr\br_\b_l\blo\boc\bca\bal\bl". Running this file by hand should
216 produce all the interface addresses and network masks, for example:
218 % make
219 % cd src/util
220 % make inet_addr_local
221 [... some messages ...]
222 % ./inet_addr_local
223 [... some messages ...]
224 ./inet_addr_local: inet_addr_local: configured 2 IPv4 addresses
225 ./inet_addr_local: inet_addr_local: configured 4 IPv6 addresses
226 168.100.189.2/255.255.255.224
227 127.0.0.1/255.0.0.0
228 fe80:1::2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
229 2001:240:587:0:2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
230 fe80:5::1/ffff:ffff:ffff:ffff::
231 ::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
233 The above is for an old FreeBSD machine. Other systems produce slightly
234 different results, but you get the idea.
236 If none of all this produces a usable result, send email to the postfix-
237 users@postfix.org mailing list and we'll try to help you through this.
241 The following information is in part based on information that was compiled by
242 Dean Strik.
244 * Mark Huizer wrote the original Postfix IPv6 patch.
246 * Jun-ichiro 'itojun' Hagino of the KAME project made substantial
247 improvements. Since then, we speak of the KAME patch.
249 * The PLD Linux Distribution ported the code to other stacks (notably USAGI).
250 We speak of the PLD patch. A very important feature of the PLD patch was
251 that it can work with Lutz Jaenicke's TLS patch for Postfix.
253 * Dean Strik extended IPv6 support to platforms other than KAME and USAGI,
254 updated the patch to keep up with Postfix development, and provided a
255 combined IPv6 + TLS patch. Information about his effort can be found on
256 Dean Strik's Postfix website at http://www.ipnet6.org/postfix/.
258 * Wietse Venema took Dean Strik's IPv6 patch, merged it into Postfix 2.2, and
259 took the opportunity to eliminate all IPv4-specific code from Postfix that
260 could be removed. For systems without IPv6 support in the kernel and system
261 libraries, Postfix has a simple compatibility layer, so that it will use
262 IPv4 as before.