1 <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "https://www.w3.org/TR/html4/loose.dtd"> 3 4 <html> 5 6 <head> 7 8 <title>Postfix IPv6 Support</title> 9 10 <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> 11 <link rel='stylesheet' type='text/css' href='postfix-doc.css'> 12 13 </head> 14 15 <body> 16 17 <h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix 18 IPv6 Support</h1> 19 20 <hr> 21 22 <h2>Introduction</h2> 23 24 <p> Postfix 2.2 introduces support for the IPv6 (IP version 6) 25 protocol. IPv6 support for older Postfix versions was available as 26 an add-on patch. The section "<a href="#compat">Compatibility with 27 Postfix <2.2 IPv6 support</a>" below discusses the differences 28 between these implementations. </p> 29 30 <p> The main feature of interest is that IPv6 uses 128-bit IP 31 addresses instead of the 32-bit addresses used by IPv4. It can 32 therefore accommodate a much larger number of hosts and networks 33 without ugly kluges such as NAT. A side benefit of the much larger 34 address space is that it makes random network scanning impractical. 35 </p> 36 37 <p> Postfix uses the same SMTP protocol over IPv6 as it already 38 uses over the older IPv4 network, and does AAAA record lookups in 39 the DNS in addition to the older A records. </p> 40 41 <p> This document provides information on the following topics: 42 </p> 43 44 <ul> 45 46 <li><a href="#platforms">Supported platforms</a> 47 48 <li><a href="#configuration">Configuration</a> 49 50 <li><a href="#limitations">Known limitations</a> 51 52 <li><a href="#compat">Compatibility with Postfix <2.2 IPv6 support</a> 53 54 <li><a href="#porting">IPv6 Support for unsupported platforms</a> 55 56 <li><a href="#credits">Credits</a> 57 58 </ul> 59 60 <h2><a name="platforms">Supported Platforms</a></h2> 61 62 <p> Postfix version 2.2 supports IPv4 and IPv6 on the following 63 platforms: </p> 64 65 <ul> 66 67 <li> AIX 5.1+ 68 <li> Darwin 7.3+ 69 <li> FreeBSD 4+ 70 <li> Linux 2.4+ 71 <li> NetBSD 1.5+ 72 <li> OpenBSD 2+ 73 <li> Solaris 8+ 74 <li> Tru64Unix V5.1+ 75 76 </ul> 77 78 <p> On other platforms Postfix will simply use IPv4 as it has always 79 done. </p> 80 81 <p> See "<a href="#porting">IPv6 Support for unsupported platforms</a>" 82 for tips to port Postfix IPv6 support to other environments. </p> 83 84 <h2><a name="configuration">Configuration</a></h2> 85 86 <p> Postfix IPv6 support introduces two new <a href="postconf.5.html">main.cf</a> configuration 87 parameters, and introduces an important change in address syntax 88 notation in match lists such as <a href="postconf.5.html#mynetworks">mynetworks</a> or 89 <a href="postconf.5.html#debug_peer_list">debug_peer_list</a>. </p> 90 91 <p> Postfix IPv6 address syntax is a little tricky, because there 92 are a few places where you must enclose an IPv6 address inside 93 "<tt>[]</tt>" characters, and a few places where you must not. It is 94 a good idea to use "<tt>[]</tt>" only in the few places where you 95 have to. Check out the <a href="postconf.5.html">postconf(5)</a> manual whenever you do IPv6 96 related configuration work with Postfix. </p> 97 98 <ul> 99 100 <li> <p> Instead of hard-coding 127.0.0.1 and ::1 loopback addresses 101 in <a href="master.5.html">master.cf</a>, specify "<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only" in <a href="postconf.5.html">main.cf</a>. 102 This way you can use the same <a href="master.5.html">master.cf</a> file regardless of whether 103 or not Postfix will run on an IPv6-enabled system. </p> 104 105 <li> <p> The first new parameter is called <a href="postconf.5.html#inet_protocols">inet_protocols</a>. This 106 specifies what protocols Postfix will use when it makes or accepts 107 network connections, and also controls what DNS lookups Postfix 108 will use when it makes network connections. </p> 109 110 <blockquote> 111 <pre> 112 /etc/postfix/<a href="postconf.5.html">main.cf</a>: 113 # You must stop/start Postfix after changing this parameter. 114 <a href="postconf.5.html#inet_protocols">inet_protocols</a> = all (enable IPv4, and IPv6 if supported) 115 <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4 (enable IPv4 only) 116 <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6 (enable both IPv4 and IPv6) 117 <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6 (enable IPv6 only) 118 </pre> 119 </blockquote> 120 121 <p> The default is compile-time dependent: "all" when Postfix is built 122 on a software distribution with IPv6 support, "ipv4" otherwise. </p> 123 124 <p> Note 1: you must stop and start Postfix after changing the 125 <a href="postconf.5.html#inet_protocols">inet_protocols</a> configuration parameter. </p> 126 127 <p> Note 2: on older Linux and Solaris systems, the setting 128 "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6" will not prevent Postfix from 129 accepting IPv4 connections. </p> 130 131 <p> For an unsupported test option to build Postfix without IPv6 132 support, see the NO_IPV6 option in the <a href="INSTALL.html">INSTALL</a> document. </p> 133 134 <li> <p> The other new parameter is <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a>. 135 This sets the local interface address for outgoing IPv6 SMTP 136 connections, just like the <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> parameter 137 does for IPv4: </p> 138 139 <blockquote> 140 <pre> 141 /etc/postfix/<a href="postconf.5.html">main.cf</a>: 142 <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> = 2001:240:587:0:250:56ff:fe89:1 143 </pre> 144 </blockquote> 145 146 <li> <p> If you left the value of the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter at its 147 default (i.e. no <a href="postconf.5.html#mynetworks">mynetworks</a> setting in <a href="postconf.5.html">main.cf</a>) Postfix will figure 148 out by itself what its network addresses are. This is what a typical 149 setting looks like: </p> 150 151 <blockquote> 152 <pre> 153 % postconf <a href="postconf.5.html#mynetworks">mynetworks</a> 154 <a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [fe80::]/10 [2001:240:587::]/64 155 </pre> 156 </blockquote> 157 158 <p> If you did specify the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter value in 159 <a href="postconf.5.html">main.cf</a>, you need to update the <a href="postconf.5.html#mynetworks">mynetworks</a> value to include 160 the IPv6 networks the system is in. Be sure to specify IPv6 address 161 information inside "<tt>[]</tt>", like this: </p> 162 163 <blockquote> 164 <pre> 165 /etc/postfix/<a href="postconf.5.html">main.cf</a>: 166 <a href="postconf.5.html#mynetworks">mynetworks</a> = ...<i>IPv4 networks</i>... [::1]/128 [2001:240:587::]/64 ... 167 </pre> 168 </blockquote> 169 170 </ul> 171 172 <p> <b> NOTE: when configuring Postfix match lists such as 173 <a href="postconf.5.html#mynetworks">mynetworks</a> or <a href="postconf.5.html#debug_peer_list">debug_peer_list</a>, you must specify 174 IPv6 address information inside "<tt>[]</tt>" in the <a href="postconf.5.html">main.cf</a> parameter 175 value and in files specified with a "<i>/file/name</i>" pattern. 176 IPv6 addresses contain the ":" character, and would otherwise be 177 confused with a "<i><a href="DATABASE_README.html">type:table</a></i>" pattern. </b> </p> 178 179 <h2><a name="limitations">Known Limitations</a></h2> 180 181 <ul> 182 183 <li> <p> Postfix SMTP clients before version 2.8 try to connect 184 over IPv6 before trying IPv4. With more recent Postfix versions, 185 the order of IPv6 versus IPv4 outgoing connection attempts is 186 configurable with the <a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> parameter. </p> 187 188 <li> <p> Postfix versions before 2.6 do not support DNSBL (DNS 189 blocklist) lookups for IPv6 client IP addresses. </p> 190 191 <li> <p> IPv6 does not have class A, B, C, etc. networks. With IPv6 192 networks, the setting "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = class" has the 193 same effect as the setting "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet". 194 </p> 195 196 <li> <p> On Tru64Unix and AIX, Postfix can't figure out the local 197 subnet mask 198 and always assumes a /128 network. This is a problem only with 199 "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet" and no explicit <a href="postconf.5.html#mynetworks">mynetworks</a> 200 setting in <a href="postconf.5.html">main.cf</a>. </p> 201 202 </ul> 203 204 <h2> <a name="compat">Compatibility with Postfix <2.2 IPv6 support</a> 205 </h2> 206 207 <p> Postfix version 2.2 IPv6 support is based on the Postfix/IPv6 patch 208 by Dean Strik and others, but differs in a few minor ways. </p> 209 210 <ul> 211 212 <li> <p> <a href="postconf.5.html">main.cf</a>: The <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> parameter does not support 213 the notation "ipv6:all" or "ipv4:all". Use the 214 <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter instead. </p> 215 216 <li> <p> <a href="postconf.5.html">main.cf</a>: Specify "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = all" or 217 "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6" in order to enable both IPv4 218 and IPv6 support. </p> 219 220 <li> <p> <a href="postconf.5.html">main.cf</a>: The <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter also controls 221 what DNS lookups Postfix will attempt to make when delivering or 222 receiving mail. </p> 223 224 <li> <p> <a href="postconf.5.html">main.cf</a>: Specify "<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only" 225 to listen on loopback network interfaces only. </p> 226 227 <li> <p> The <a href="postconf.5.html#lmtp_bind_address">lmtp_bind_address</a> and <a href="postconf.5.html#lmtp_bind_address6">lmtp_bind_address6</a> 228 features were omitted. Postfix version 2.3 merged the LMTP client 229 into the SMTP client, so there was no reason to keep adding features 230 to the LMTP client. </p> 231 232 <li> <p> The SMTP server now requires that IPv6 addresses in SMTP 233 commands are specified as [ipv6:<i>ipv6address</i>], as 234 described in <a href="https://tools.ietf.org/html/rfc2821">RFC 2821</a>. </p> 235 236 <li> <p> The IPv6 network address matching code was rewritten from 237 the ground up, and is expected to be closer to the specification. 238 The result may be incompatible with the Postfix/IPv6 patch. 239 </p> 240 241 </ul> 242 243 <h2><a name="porting">IPv6 Support for unsupported platforms</a></h2> 244 245 <p> Getting Postfix IPv6 working on other platforms involves the 246 following steps: </p> 247 248 <ul> 249 250 <li> <p> Specify how Postfix should find the local network interfaces. 251 Postfix needs this information to avoid mailer loops and to find out 252 if mail for <i>user@[ipaddress]</i> is a local or remote destination. </p> 253 254 <p> If your system has the getifaddrs() routine then add 255 the following to your platform-specific section in 256 src/util/sys_defs.h: </p> 257 258 <blockquote> 259 <pre> 260 #ifndef NO_IPV6 261 # define HAS_IPV6 262 # define HAVE_GETIFADDRS 263 #endif 264 </pre> 265 </blockquote> 266 267 <p> Otherwise, if your system has the SIOCGLIF ioctl() 268 command in /usr/include/*/*.h, add the following to your 269 platform-specific section in src/util/sys_defs.h: </p> 270 271 <blockquote> 272 <pre> 273 #ifndef NO_IPV6 274 # define HAS_IPV6 275 # define HAS_SIOCGLIF 276 #endif 277 </pre> 278 </blockquote> 279 280 <p> Otherwise, Postfix will have to use the old SIOCGIF commands 281 and get along with reduced IPv6 functionality (it won't be able to 282 figure out your IPv6 netmasks, which are needed for "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> 283 = subnet". Add this to your platform-specific section in 284 src/util/sys_defs.h: </p> 285 286 <blockquote> 287 <pre> 288 #ifndef NO_IPV6 289 # define HAS_IPV6 290 #endif 291 </pre> 292 </blockquote> 293 294 <li> <p> Test if Postfix can figure out its interface information. </p> 295 296 <p> After compiling Postfix in the usual manner, step into the 297 src/util directory and type "<b>make inet_addr_local</b>". 298 Running this file by hand should produce all the interface addresses 299 and network masks, for example: </p> 300 301 <blockquote> 302 <pre> 303 % make 304 % cd src/util 305 % make inet_addr_local 306 [... some messages ...] 307 % ./inet_addr_local 308 [... some messages ...] 309 ./inet_addr_local: inet_addr_local: configured 2 IPv4 addresses 310 ./inet_addr_local: inet_addr_local: configured 4 IPv6 addresses 311 168.100.189.2/255.255.255.224 312 127.0.0.1/255.0.0.0 313 fe80:1::2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff:: 314 2001:240:587:0:2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff:: 315 fe80:5::1/ffff:ffff:ffff:ffff:: 316 ::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 317 </pre> 318 </blockquote> 319 320 <p> The above is for an old FreeBSD machine. Other systems produce 321 slightly different results, but you get the idea. </p> 322 323 </ul> 324 325 <p> If none of all this produces a usable result, send email to the 326 postfix-users (a] postfix.org mailing list and we'll try to help you 327 through this. </p> 328 329 <h2><a name="credits">Credits</a></h2> 330 331 <p> The following information is in part based on information that 332 was compiled by Dean Strik. </p> 333 334 <ul> 335 336 <li> <p> Mark Huizer wrote the original Postfix IPv6 patch. </p> 337 338 <li> <p> Jun-ichiro 'itojun' Hagino of the KAME project made 339 substantial improvements. Since then, we speak of the KAME patch. 340 </p> 341 342 <li> <p> The PLD Linux Distribution ported the code to other stacks 343 (notably USAGI). We speak of the PLD patch. A very important 344 feature of the PLD patch was that it can work with Lutz Jaenicke's 345 TLS patch for Postfix. </p> 346 347 <li> <p> Dean Strik extended IPv6 support to platforms other than 348 KAME and USAGI, updated the patch to keep up with Postfix development, 349 and provided a combined IPv6 + TLS patch. Information about his 350 effort is found in an archived copy of Dean Strik's Postfix website at 351 <a href="https://web.archive.org/web/20080603102834/http://www.ipnet6.org/postfix/">https://web.archive.org/web/20080603102834/http://www.ipnet6.org/postfix/</a>. </p> 352 353 <li> <p> Wietse Venema took Dean Strik's IPv6 patch, merged it into 354 Postfix 2.2, and took the opportunity to eliminate all IPv4-specific 355 code from Postfix that could be removed. For systems without IPv6 356 support in the kernel and system libraries, Postfix has a simple 357 compatibility layer, so that it will use IPv4 as before. </p> 358 359 </ul> 360 361 </body> 362 363 </html> 364
Indexes created Sun Jun 07 00:24:08 UTC 2026