1 1.1 tron <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 1.1.1.5 christos "https://www.w3.org/TR/html4/loose.dtd"> 3 1.1 tron 4 1.1 tron <html> 5 1.1 tron 6 1.1 tron <head> 7 1.1 tron 8 1.1 tron <title>Postfix IPv6 Support</title> 9 1.1 tron 10 1.1.1.3 christos <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> 11 1.1.1.4 christos <link rel='stylesheet' type='text/css' href='postfix-doc.css'> 12 1.1 tron 13 1.1 tron </head> 14 1.1 tron 15 1.1 tron <body> 16 1.1 tron 17 1.1 tron <h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix 18 1.1 tron IPv6 Support</h1> 19 1.1 tron 20 1.1 tron <hr> 21 1.1 tron 22 1.1 tron <h2>Introduction</h2> 23 1.1 tron 24 1.1 tron <p> Postfix 2.2 introduces support for the IPv6 (IP version 6) 25 1.1 tron protocol. IPv6 support for older Postfix versions was available as 26 1.1 tron an add-on patch. The section "<a href="#compat">Compatibility with 27 1.1 tron Postfix <2.2 IPv6 support</a>" below discusses the differences 28 1.1 tron between these implementations. </p> 29 1.1 tron 30 1.1 tron <p> The main feature of interest is that IPv6 uses 128-bit IP 31 1.1 tron addresses instead of the 32-bit addresses used by IPv4. It can 32 1.1 tron therefore accommodate a much larger number of hosts and networks 33 1.1 tron without ugly kluges such as NAT. A side benefit of the much larger 34 1.1 tron address space is that it makes random network scanning impractical. 35 1.1 tron </p> 36 1.1 tron 37 1.1 tron <p> Postfix uses the same SMTP protocol over IPv6 as it already 38 1.1 tron uses over the older IPv4 network, and does AAAA record lookups in 39 1.1.1.5 christos the DNS in addition to the older A records. </p> 40 1.1 tron 41 1.1 tron <p> This document provides information on the following topics: 42 1.1 tron </p> 43 1.1 tron 44 1.1 tron <ul> 45 1.1 tron 46 1.1 tron <li><a href="#platforms">Supported platforms</a> 47 1.1 tron 48 1.1 tron <li><a href="#configuration">Configuration</a> 49 1.1 tron 50 1.1 tron <li><a href="#limitations">Known limitations</a> 51 1.1 tron 52 1.1 tron <li><a href="#compat">Compatibility with Postfix <2.2 IPv6 support</a> 53 1.1 tron 54 1.1 tron <li><a href="#porting">IPv6 Support for unsupported platforms</a> 55 1.1 tron 56 1.1 tron <li><a href="#credits">Credits</a> 57 1.1 tron 58 1.1 tron </ul> 59 1.1 tron 60 1.1 tron <h2><a name="platforms">Supported Platforms</a></h2> 61 1.1 tron 62 1.1 tron <p> Postfix version 2.2 supports IPv4 and IPv6 on the following 63 1.1 tron platforms: </p> 64 1.1 tron 65 1.1 tron <ul> 66 1.1 tron 67 1.1 tron <li> AIX 5.1+ 68 1.1 tron <li> Darwin 7.3+ 69 1.1 tron <li> FreeBSD 4+ 70 1.1 tron <li> Linux 2.4+ 71 1.1 tron <li> NetBSD 1.5+ 72 1.1 tron <li> OpenBSD 2+ 73 1.1 tron <li> Solaris 8+ 74 1.1 tron <li> Tru64Unix V5.1+ 75 1.1 tron 76 1.1 tron </ul> 77 1.1 tron 78 1.1 tron <p> On other platforms Postfix will simply use IPv4 as it has always 79 1.1 tron done. </p> 80 1.1 tron 81 1.1.1.4 christos <p> See "<a href="#porting">IPv6 Support for unsupported platforms</a>" 82 1.1.1.4 christos for tips to port Postfix IPv6 support to other environments. </p> 83 1.1 tron 84 1.1 tron <h2><a name="configuration">Configuration</a></h2> 85 1.1 tron 86 1.1 tron <p> Postfix IPv6 support introduces two new <a href="postconf.5.html">main.cf</a> configuration 87 1.1 tron parameters, and introduces an important change in address syntax 88 1.1 tron notation in match lists such as <a href="postconf.5.html#mynetworks">mynetworks</a> or 89 1.1 tron <a href="postconf.5.html#debug_peer_list">debug_peer_list</a>. </p> 90 1.1 tron 91 1.1 tron <p> Postfix IPv6 address syntax is a little tricky, because there 92 1.1 tron are a few places where you must enclose an IPv6 address inside 93 1.1 tron "<tt>[]</tt>" characters, and a few places where you must not. It is 94 1.1 tron a good idea to use "<tt>[]</tt>" only in the few places where you 95 1.1 tron have to. Check out the <a href="postconf.5.html">postconf(5)</a> manual whenever you do IPv6 96 1.1 tron related configuration work with Postfix. </p> 97 1.1 tron 98 1.1 tron <ul> 99 1.1 tron 100 1.1 tron <li> <p> Instead of hard-coding 127.0.0.1 and ::1 loopback addresses 101 1.1 tron in <a href="master.5.html">master.cf</a>, specify "<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only" in <a href="postconf.5.html">main.cf</a>. 102 1.1 tron This way you can use the same <a href="master.5.html">master.cf</a> file regardless of whether 103 1.1 tron or not Postfix will run on an IPv6-enabled system. </p> 104 1.1 tron 105 1.1 tron <li> <p> The first new parameter is called <a href="postconf.5.html#inet_protocols">inet_protocols</a>. This 106 1.1 tron specifies what protocols Postfix will use when it makes or accepts 107 1.1 tron network connections, and also controls what DNS lookups Postfix 108 1.1 tron will use when it makes network connections. </p> 109 1.1 tron 110 1.1 tron <blockquote> 111 1.1 tron <pre> 112 1.1 tron /etc/postfix/<a href="postconf.5.html">main.cf</a>: 113 1.1 tron # You must stop/start Postfix after changing this parameter. 114 1.1 tron <a href="postconf.5.html#inet_protocols">inet_protocols</a> = all (enable IPv4, and IPv6 if supported) 115 1.1.1.3 christos <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4 (enable IPv4 only) 116 1.1 tron <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6 (enable both IPv4 and IPv6) 117 1.1 tron <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6 (enable IPv6 only) 118 1.1 tron </pre> 119 1.1 tron </blockquote> 120 1.1 tron 121 1.1.1.3 christos <p> The default is compile-time dependent: "all" when Postfix is built 122 1.1.1.3 christos on a software distribution with IPv6 support, "ipv4" otherwise. </p> 123 1.1 tron 124 1.1 tron <p> Note 1: you must stop and start Postfix after changing the 125 1.1 tron <a href="postconf.5.html#inet_protocols">inet_protocols</a> configuration parameter. </p> 126 1.1 tron 127 1.1.1.3 christos <p> Note 2: on older Linux and Solaris systems, the setting 128 1.1 tron "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6" will not prevent Postfix from 129 1.1.1.3 christos accepting IPv4 connections. </p> 130 1.1 tron 131 1.1.1.4 christos <p> For an unsupported test option to build Postfix without IPv6 132 1.1.1.4 christos support, see the NO_IPV6 option in the <a href="INSTALL.html">INSTALL</a> document. </p> 133 1.1.1.4 christos 134 1.1 tron <li> <p> The other new parameter is <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a>. 135 1.1 tron This sets the local interface address for outgoing IPv6 SMTP 136 1.1 tron connections, just like the <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> parameter 137 1.1 tron does for IPv4: </p> 138 1.1 tron 139 1.1 tron <blockquote> 140 1.1 tron <pre> 141 1.1 tron /etc/postfix/<a href="postconf.5.html">main.cf</a>: 142 1.1 tron <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> = 2001:240:587:0:250:56ff:fe89:1 143 1.1 tron </pre> 144 1.1 tron </blockquote> 145 1.1 tron 146 1.1 tron <li> <p> If you left the value of the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter at its 147 1.1 tron default (i.e. no <a href="postconf.5.html#mynetworks">mynetworks</a> setting in <a href="postconf.5.html">main.cf</a>) Postfix will figure 148 1.1 tron out by itself what its network addresses are. This is what a typical 149 1.1 tron setting looks like: </p> 150 1.1 tron 151 1.1 tron <blockquote> 152 1.1 tron <pre> 153 1.1 tron % postconf <a href="postconf.5.html#mynetworks">mynetworks</a> 154 1.1 tron <a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [fe80::]/10 [2001:240:587::]/64 155 1.1 tron </pre> 156 1.1 tron </blockquote> 157 1.1 tron 158 1.1 tron <p> If you did specify the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter value in 159 1.1.1.3 christos <a href="postconf.5.html">main.cf</a>, you need to update the <a href="postconf.5.html#mynetworks">mynetworks</a> value to include 160 1.1 tron the IPv6 networks the system is in. Be sure to specify IPv6 address 161 1.1 tron information inside "<tt>[]</tt>", like this: </p> 162 1.1 tron 163 1.1 tron <blockquote> 164 1.1 tron <pre> 165 1.1 tron /etc/postfix/<a href="postconf.5.html">main.cf</a>: 166 1.1 tron <a href="postconf.5.html#mynetworks">mynetworks</a> = ...<i>IPv4 networks</i>... [::1]/128 [2001:240:587::]/64 ... 167 1.1 tron </pre> 168 1.1 tron </blockquote> 169 1.1 tron 170 1.1 tron </ul> 171 1.1 tron 172 1.1 tron <p> <b> NOTE: when configuring Postfix match lists such as 173 1.1 tron <a href="postconf.5.html#mynetworks">mynetworks</a> or <a href="postconf.5.html#debug_peer_list">debug_peer_list</a>, you must specify 174 1.1 tron IPv6 address information inside "<tt>[]</tt>" in the <a href="postconf.5.html">main.cf</a> parameter 175 1.1 tron value and in files specified with a "<i>/file/name</i>" pattern. 176 1.1 tron IPv6 addresses contain the ":" character, and would otherwise be 177 1.1 tron confused with a "<i><a href="DATABASE_README.html">type:table</a></i>" pattern. </b> </p> 178 1.1 tron 179 1.1 tron <h2><a name="limitations">Known Limitations</a></h2> 180 1.1 tron 181 1.1 tron <ul> 182 1.1 tron 183 1.1.1.2 tron <li> <p> Postfix SMTP clients before version 2.8 try to connect 184 1.1.1.2 tron over IPv6 before trying IPv4. With more recent Postfix versions, 185 1.1.1.2 tron the order of IPv6 versus IPv4 outgoing connection attempts is 186 1.1.1.2 tron configurable with the <a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> parameter. </p> 187 1.1 tron 188 1.1.1.3 christos <li> <p> Postfix versions before 2.6 do not support DNSBL (DNS 189 1.1.1.3 christos blocklist) lookups for IPv6 client IP addresses. </p> 190 1.1 tron 191 1.1 tron <li> <p> IPv6 does not have class A, B, C, etc. networks. With IPv6 192 1.1 tron networks, the setting "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = class" has the 193 1.1 tron same effect as the setting "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet". 194 1.1 tron </p> 195 1.1 tron 196 1.1 tron <li> <p> On Tru64Unix and AIX, Postfix can't figure out the local 197 1.1 tron subnet mask 198 1.1 tron and always assumes a /128 network. This is a problem only with 199 1.1 tron "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet" and no explicit <a href="postconf.5.html#mynetworks">mynetworks</a> 200 1.1 tron setting in <a href="postconf.5.html">main.cf</a>. </p> 201 1.1 tron 202 1.1 tron </ul> 203 1.1 tron 204 1.1 tron <h2> <a name="compat">Compatibility with Postfix <2.2 IPv6 support</a> 205 1.1 tron </h2> 206 1.1 tron 207 1.1 tron <p> Postfix version 2.2 IPv6 support is based on the Postfix/IPv6 patch 208 1.1 tron by Dean Strik and others, but differs in a few minor ways. </p> 209 1.1 tron 210 1.1 tron <ul> 211 1.1 tron 212 1.1 tron <li> <p> <a href="postconf.5.html">main.cf</a>: The <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> parameter does not support 213 1.1 tron the notation "ipv6:all" or "ipv4:all". Use the 214 1.1 tron <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter instead. </p> 215 1.1 tron 216 1.1 tron <li> <p> <a href="postconf.5.html">main.cf</a>: Specify "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = all" or 217 1.1 tron "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6" in order to enable both IPv4 218 1.1 tron and IPv6 support. </p> 219 1.1 tron 220 1.1 tron <li> <p> <a href="postconf.5.html">main.cf</a>: The <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter also controls 221 1.1 tron what DNS lookups Postfix will attempt to make when delivering or 222 1.1 tron receiving mail. </p> 223 1.1 tron 224 1.1 tron <li> <p> <a href="postconf.5.html">main.cf</a>: Specify "<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only" 225 1.1 tron to listen on loopback network interfaces only. </p> 226 1.1 tron 227 1.1 tron <li> <p> The <a href="postconf.5.html#lmtp_bind_address">lmtp_bind_address</a> and <a href="postconf.5.html#lmtp_bind_address6">lmtp_bind_address6</a> 228 1.1.1.3 christos features were omitted. Postfix version 2.3 merged the LMTP client 229 1.1.1.3 christos into the SMTP client, so there was no reason to keep adding features 230 1.1 tron to the LMTP client. </p> 231 1.1 tron 232 1.1 tron <li> <p> The SMTP server now requires that IPv6 addresses in SMTP 233 1.1 tron commands are specified as [ipv6:<i>ipv6address</i>], as 234 1.1.1.3 christos described in <a href="https://tools.ietf.org/html/rfc2821">RFC 2821</a>. </p> 235 1.1 tron 236 1.1 tron <li> <p> The IPv6 network address matching code was rewritten from 237 1.1 tron the ground up, and is expected to be closer to the specification. 238 1.1 tron The result may be incompatible with the Postfix/IPv6 patch. 239 1.1 tron </p> 240 1.1 tron 241 1.1 tron </ul> 242 1.1 tron 243 1.1 tron <h2><a name="porting">IPv6 Support for unsupported platforms</a></h2> 244 1.1 tron 245 1.1 tron <p> Getting Postfix IPv6 working on other platforms involves the 246 1.1 tron following steps: </p> 247 1.1 tron 248 1.1 tron <ul> 249 1.1 tron 250 1.1 tron <li> <p> Specify how Postfix should find the local network interfaces. 251 1.1 tron Postfix needs this information to avoid mailer loops and to find out 252 1.1 tron if mail for <i>user@[ipaddress]</i> is a local or remote destination. </p> 253 1.1 tron 254 1.1 tron <p> If your system has the getifaddrs() routine then add 255 1.1 tron the following to your platform-specific section in 256 1.1 tron src/util/sys_defs.h: </p> 257 1.1 tron 258 1.1 tron <blockquote> 259 1.1 tron <pre> 260 1.1 tron #ifndef NO_IPV6 261 1.1 tron # define HAS_IPV6 262 1.1 tron # define HAVE_GETIFADDRS 263 1.1 tron #endif 264 1.1 tron </pre> 265 1.1 tron </blockquote> 266 1.1 tron 267 1.1 tron <p> Otherwise, if your system has the SIOCGLIF ioctl() 268 1.1 tron command in /usr/include/*/*.h, add the following to your 269 1.1 tron platform-specific section in src/util/sys_defs.h: </p> 270 1.1 tron 271 1.1 tron <blockquote> 272 1.1 tron <pre> 273 1.1 tron #ifndef NO_IPV6 274 1.1 tron # define HAS_IPV6 275 1.1 tron # define HAS_SIOCGLIF 276 1.1 tron #endif 277 1.1 tron </pre> 278 1.1 tron </blockquote> 279 1.1 tron 280 1.1 tron <p> Otherwise, Postfix will have to use the old SIOCGIF commands 281 1.1 tron and get along with reduced IPv6 functionality (it won't be able to 282 1.1 tron figure out your IPv6 netmasks, which are needed for "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> 283 1.1 tron = subnet". Add this to your platform-specific section in 284 1.1 tron src/util/sys_defs.h: </p> 285 1.1 tron 286 1.1 tron <blockquote> 287 1.1 tron <pre> 288 1.1 tron #ifndef NO_IPV6 289 1.1 tron # define HAS_IPV6 290 1.1 tron #endif 291 1.1 tron </pre> 292 1.1 tron </blockquote> 293 1.1 tron 294 1.1 tron <li> <p> Test if Postfix can figure out its interface information. </p> 295 1.1 tron 296 1.1 tron <p> After compiling Postfix in the usual manner, step into the 297 1.1 tron src/util directory and type "<b>make inet_addr_local</b>". 298 1.1 tron Running this file by hand should produce all the interface addresses 299 1.1 tron and network masks, for example: </p> 300 1.1 tron 301 1.1 tron <blockquote> 302 1.1 tron <pre> 303 1.1 tron % make 304 1.1 tron % cd src/util 305 1.1 tron % make inet_addr_local 306 1.1 tron [... some messages ...] 307 1.1 tron % ./inet_addr_local 308 1.1 tron [... some messages ...] 309 1.1 tron ./inet_addr_local: inet_addr_local: configured 2 IPv4 addresses 310 1.1 tron ./inet_addr_local: inet_addr_local: configured 4 IPv6 addresses 311 1.1 tron 168.100.189.2/255.255.255.224 312 1.1 tron 127.0.0.1/255.0.0.0 313 1.1 tron fe80:1::2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff:: 314 1.1 tron 2001:240:587:0:2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff:: 315 1.1 tron fe80:5::1/ffff:ffff:ffff:ffff:: 316 1.1 tron ::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 317 1.1 tron </pre> 318 1.1 tron </blockquote> 319 1.1 tron 320 1.1 tron <p> The above is for an old FreeBSD machine. Other systems produce 321 1.1 tron slightly different results, but you get the idea. </p> 322 1.1 tron 323 1.1 tron </ul> 324 1.1 tron 325 1.1 tron <p> If none of all this produces a usable result, send email to the 326 1.1 tron postfix-users (a] postfix.org mailing list and we'll try to help you 327 1.1 tron through this. </p> 328 1.1 tron 329 1.1 tron <h2><a name="credits">Credits</a></h2> 330 1.1 tron 331 1.1 tron <p> The following information is in part based on information that 332 1.1 tron was compiled by Dean Strik. </p> 333 1.1 tron 334 1.1 tron <ul> 335 1.1 tron 336 1.1 tron <li> <p> Mark Huizer wrote the original Postfix IPv6 patch. </p> 337 1.1 tron 338 1.1 tron <li> <p> Jun-ichiro 'itojun' Hagino of the KAME project made 339 1.1 tron substantial improvements. Since then, we speak of the KAME patch. 340 1.1 tron </p> 341 1.1 tron 342 1.1 tron <li> <p> The PLD Linux Distribution ported the code to other stacks 343 1.1 tron (notably USAGI). We speak of the PLD patch. A very important 344 1.1 tron feature of the PLD patch was that it can work with Lutz Jaenicke's 345 1.1 tron TLS patch for Postfix. </p> 346 1.1 tron 347 1.1 tron <li> <p> Dean Strik extended IPv6 support to platforms other than 348 1.1 tron KAME and USAGI, updated the patch to keep up with Postfix development, 349 1.1 tron and provided a combined IPv6 + TLS patch. Information about his 350 1.1.1.5 christos effort is found in an archived copy of Dean Strik's Postfix website at 351 1.1.1.5 christos <a href="https://web.archive.org/web/20080603102834/http://www.ipnet6.org/postfix/">https://web.archive.org/web/20080603102834/http://www.ipnet6.org/postfix/</a>. </p> 352 1.1 tron 353 1.1 tron <li> <p> Wietse Venema took Dean Strik's IPv6 patch, merged it into 354 1.1 tron Postfix 2.2, and took the opportunity to eliminate all IPv4-specific 355 1.1 tron code from Postfix that could be removed. For systems without IPv6 356 1.1 tron support in the kernel and system libraries, Postfix has a simple 357 1.1 tron compatibility layer, so that it will use IPv4 as before. </p> 358 1.1 tron 359 1.1 tron </ul> 360 1.1 tron 361 1.1 tron </body> 362 1.1 tron 363 1.1 tron </html> 364
Indexes created Fri Jun 26 00:24:39 UTC 2026