xref: /netbsd-src/external/ibm-public/postfix/dist/proto/IPV6_README.html (revision 865c57e0098351fba0d2d2a97b33e7e0270e62c6) 
1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
2        "http://www.w3.org/TR/html4/loose.dtd">
3
4<html>
5
6<head>
7
8<title>Postfix IPv6 Support</title>
9
10<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
11
12</head>
13
14<body>
15
16<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
17IPv6 Support</h1>
18
19<hr>
20
21<h2>Introduction</h2>
22
23<p> Postfix 2.2 introduces support for the IPv6 (IP version 6)
24protocol. IPv6 support for older Postfix versions was available as
25an add-on patch. The section "<a href="#compat">Compatibility with
26Postfix &lt;2.2 IPv6 support</a>" below discusses the differences
27between these implementations. </p>
28
29<p> The main feature of interest is that IPv6 uses 128-bit IP
30addresses instead of the 32-bit addresses used by IPv4. It can
31therefore accommodate a much larger number of hosts and networks
32without ugly kluges such as NAT. A side benefit of the much larger
33address space is that it makes random network scanning impractical.
34</p>
35
36<p> Postfix uses the same SMTP protocol over IPv6 as it already
37uses over the older IPv4 network, and does AAAA record lookups in
38the DNS in addition to the older A records.  Information about IPv6
39can be found at http://www.ipv6.org/. </p>
40
41<p> This document provides information on the following topics:
42</p>
43
44<ul>
45
46<li><a href="#platforms">Supported platforms</a>
47
48<li><a href="#configuration">Configuration</a>
49
50<li><a href="#limitations">Known limitations</a>
51
52<li><a href="#compat">Compatibility with Postfix &lt;2.2 IPv6 support</a>
53
54<li><a href="#porting">IPv6 Support for unsupported platforms</a>
55
56<li><a href="#credits">Credits</a>
57
58</ul>
59
60<h2><a name="platforms">Supported Platforms</a></h2>
61
62<p> Postfix version 2.2 supports IPv4 and IPv6 on the following
63platforms:  </p>
64
65<ul>
66
67<li> AIX 5.1+
68<li> Darwin 7.3+
69<li> FreeBSD 4+
70<li> Linux 2.4+
71<li> NetBSD 1.5+
72<li> OpenBSD 2+
73<li> Solaris 8+
74<li> Tru64Unix V5.1+
75
76</ul>
77
78<p> On other platforms Postfix will simply use IPv4 as it has always
79done. </p>
80
81<p> See <a href="#porting">below</a> for tips how to port Postfix
82IPv6 support to other environments.  </p>
83
84<h2><a name="configuration">Configuration</a></h2>
85
86<p> Postfix IPv6 support introduces two new main.cf configuration
87parameters, and introduces an important change in address syntax
88notation in match lists such as mynetworks or
89debug_peer_list. </p>
90
91<p> Postfix IPv6 address syntax is a little tricky, because there
92are a few places where you must enclose an IPv6 address inside
93"<tt>[]</tt>" characters, and a few places where you must not. It is
94a good idea to use "<tt>[]</tt>" only in the few places where you
95have to. Check out the postconf(5) manual whenever you do IPv6
96related configuration work with Postfix.  </p>
97
98<ul>
99
100<li> <p> Instead of hard-coding 127.0.0.1 and ::1 loopback addresses
101in master.cf, specify "inet_interfaces = loopback-only" in main.cf.
102This way you can use the same master.cf file regardless of whether
103or not Postfix will run on an IPv6-enabled system. </p>
104
105<li> <p> The first new parameter is called inet_protocols.  This
106specifies what protocols Postfix will use when it makes or accepts
107network connections, and also controls what DNS lookups Postfix
108will use when it makes network connections.  </p>
109
110<blockquote>
111<pre>
112/etc/postfix/main.cf:
113    # You must stop/start Postfix after changing this parameter.
114    inet_protocols = all        (enable IPv4, and IPv6 if supported)
115    inet_protocols = ipv4       (enable IPv4 only)
116    inet_protocols = ipv4, ipv6 (enable both IPv4 and IPv6)
117    inet_protocols = ipv6       (enable IPv6 only)
118</pre>
119</blockquote>
120
121<p> The default is compile-time dependent: "all" when Postfix is built
122on a software distribution with IPv6 support, "ipv4" otherwise. </p>
123
124<p> Note 1: you must stop and start Postfix after changing the
125inet_protocols configuration parameter. </p>
126
127<p> Note 2: on older Linux and Solaris systems, the setting
128"inet_protocols = ipv6" will not prevent Postfix from
129accepting IPv4 connections. </p>
130
131<li> <p> The other new parameter is smtp_bind_address6.
132This sets the local interface address for outgoing IPv6 SMTP
133connections, just like the smtp_bind_address parameter
134does for IPv4: </p>
135
136<blockquote>
137<pre>
138/etc/postfix/main.cf:
139    smtp_bind_address6 = 2001:240:587:0:250:56ff:fe89:1
140</pre>
141</blockquote>
142
143<li> <p> If you left the value of the mynetworks parameter at its
144default (i.e. no mynetworks setting in main.cf) Postfix will figure
145out by itself what its network addresses are. This is what a typical
146setting looks like: </p>
147
148<blockquote>
149<pre>
150% postconf mynetworks
151mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [fe80::]/10 [2001:240:587::]/64
152</pre>
153</blockquote>
154
155<p> If you did specify the mynetworks parameter value in
156main.cf, you need to update the mynetworks value to include
157the IPv6 networks the system is in. Be sure to specify IPv6 address
158information inside "<tt>[]</tt>", like this: </p>
159
160<blockquote>
161<pre>
162/etc/postfix/main.cf:
163    mynetworks = ...<i>IPv4 networks</i>... [::1]/128 [2001:240:587::]/64 ...
164</pre>
165</blockquote>
166
167</ul>
168
169<p> <b> NOTE: when configuring Postfix match lists such as
170mynetworks or debug_peer_list, you must specify
171IPv6 address information inside "<tt>[]</tt>" in the main.cf parameter
172value and in files specified with a "<i>/file/name</i>" pattern.
173IPv6 addresses contain the ":" character, and would otherwise be
174confused with a "<i>type:table</i>" pattern. </b>  </p>
175
176<h2><a name="limitations">Known Limitations</a></h2>
177
178<ul>
179
180<li> <p> Postfix SMTP clients before version 2.8 try to connect
181over IPv6 before trying IPv4.  With more recent Postfix versions,
182the order of IPv6 versus IPv4 outgoing connection attempts is
183configurable with the smtp_address_preference parameter.  </p>
184
185<li> <p> Postfix versions before 2.6 do not support DNSBL (DNS
186blocklist) lookups for IPv6 client IP addresses. </p>
187
188<li> <p> IPv6 does not have class A, B, C, etc. networks. With IPv6
189networks, the setting "mynetworks_style = class" has the
190same effect as the setting "mynetworks_style = subnet".
191</p>
192
193<li> <p> On Tru64Unix and AIX, Postfix can't figure out the local
194subnet mask
195and always assumes a /128 network. This is a problem only with
196"mynetworks_style = subnet" and no explicit mynetworks
197setting in main.cf. </p>
198
199</ul>
200
201<h2> <a name="compat">Compatibility with Postfix &lt;2.2 IPv6 support</a>
202</h2>
203
204<p> Postfix version 2.2 IPv6 support is based on the Postfix/IPv6 patch
205by Dean Strik and others, but differs in a few minor ways. </p>
206
207<ul>
208
209<li> <p> main.cf: The inet_interfaces parameter does not support
210the notation  "ipv6:all" or "ipv4:all". Use the
211inet_protocols parameter instead. </p>
212
213<li> <p> main.cf: Specify "inet_protocols = all" or
214"inet_protocols = ipv4, ipv6" in order to enable both IPv4
215and IPv6 support. </p>
216
217<li> <p> main.cf: The inet_protocols parameter also controls
218what DNS lookups Postfix will attempt to make when delivering or
219receiving mail. </p>
220
221<li> <p> main.cf: Specify "inet_interfaces = loopback-only"
222to listen on loopback network interfaces only. </p>
223
224<li> <p> The lmtp_bind_address and lmtp_bind_address6
225features were omitted. Postfix version 2.3 merged the LMTP client
226into the SMTP client, so there was no reason to keep adding features
227to the LMTP client. </p>
228
229<li> <p> The SMTP server now requires that IPv6 addresses in SMTP
230commands are specified as [ipv6:<i>ipv6address</i>], as
231described in RFC 2821. </p>
232
233<li> <p> The IPv6 network address matching code was rewritten from
234the ground up, and is expected to be closer to the specification.
235The result may be incompatible with the Postfix/IPv6 patch.
236</p>
237
238</ul>
239
240<h2><a name="porting">IPv6 Support for unsupported platforms</a></h2>
241
242<p> Getting Postfix IPv6 working on other platforms involves the
243following steps: </p>
244
245<ul>
246
247<li> <p> Specify how Postfix should find the local network interfaces.
248Postfix needs this information to avoid mailer loops and to find out
249if mail for <i>user@[ipaddress]</i> is a local or remote destination. </p>
250
251<p> If your system has the getifaddrs() routine then add
252the following to your platform-specific section in
253src/util/sys_defs.h:  </p>
254
255<blockquote>
256<pre>
257#ifndef NO_IPV6
258# define HAS_IPV6
259# define HAVE_GETIFADDRS
260#endif
261</pre>
262</blockquote>
263
264<p> Otherwise, if your system has the SIOCGLIF ioctl()
265command in /usr/include/*/*.h, add the following to your
266platform-specific section in src/util/sys_defs.h: </p>
267
268<blockquote>
269<pre>
270#ifndef NO_IPV6
271# define HAS_IPV6
272# define HAS_SIOCGLIF
273#endif
274</pre>
275</blockquote>
276
277<p> Otherwise, Postfix will have to use the old SIOCGIF commands
278and get along with reduced IPv6 functionality (it won't be able to
279figure out your IPv6 netmasks, which are needed for "mynetworks_style
280= subnet". Add this to your platform-specific section in
281src/util/sys_defs.h: </p>
282
283<blockquote>
284<pre>
285#ifndef NO_IPV6
286# define HAS_IPV6
287#endif
288</pre>
289</blockquote>
290
291<li> <p> Test if Postfix can figure out its interface information. </p>
292
293<p> After compiling Postfix in the usual manner, step into the
294src/util directory and type "<b>make inet_addr_local</b>".
295Running this file by hand should produce all the interface addresses
296and network masks, for example: </p>
297
298<blockquote>
299<pre>
300% make
301% cd src/util
302% make inet_addr_local
303[... some messages ...]
304% ./inet_addr_local
305[... some messages ...]
306./inet_addr_local: inet_addr_local: configured 2 IPv4 addresses
307./inet_addr_local: inet_addr_local: configured 4 IPv6 addresses
308168.100.189.2/255.255.255.224
309127.0.0.1/255.0.0.0
310fe80:1::2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
3112001:240:587:0:2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
312fe80:5::1/ffff:ffff:ffff:ffff::
313::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
314</pre>
315</blockquote>
316
317<p> The above is for an old FreeBSD machine. Other systems produce
318slightly different results, but you get the idea. </p>
319
320</ul>
321
322<p> If none of all this produces a usable result, send email to the
323postfix-users@postfix.org mailing list and we'll try to help you
324through this. </p>
325
326<h2><a name="credits">Credits</a></h2>
327
328<p> The following information is in part based on information that
329was compiled by Dean Strik. </p>
330
331<ul>
332
333<li> <p> Mark Huizer wrote the original Postfix IPv6 patch. </p>
334
335<li> <p> Jun-ichiro 'itojun' Hagino of the KAME project made
336substantial improvements. Since then, we speak of the KAME patch.
337</p>
338
339<li> <p> The PLD Linux Distribution ported the code to other stacks
340(notably USAGI).  We speak of the PLD patch. A very important
341feature of the PLD patch was that it can work with Lutz Jaenicke's
342TLS patch for Postfix.  </p>
343
344<li> <p> Dean Strik extended IPv6 support to platforms other than
345KAME and USAGI, updated the patch to keep up with Postfix development,
346and provided a combined IPv6 + TLS patch.  Information about his
347effort can be found on Dean Strik's Postfix website at
348http://www.ipnet6.org/postfix/. </p>
349
350<li> <p> Wietse Venema took Dean Strik's IPv6 patch, merged it into
351Postfix 2.2, and took the opportunity to eliminate all IPv4-specific
352code from Postfix that could be removed.  For systems without IPv6
353support in the kernel and system libraries, Postfix has a simple
354compatibility layer, so that it will use IPv4 as before.  </p>
355
356</ul>
357
358</body>
359
360</html>
361