IPV6_README.html revision 1.1.1.2
1 1.1 tron <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 1.1 tron "http://www.w3.org/TR/html4/loose.dtd"> 3 1.1 tron 4 1.1 tron <html> 5 1.1 tron 6 1.1 tron <head> 7 1.1 tron 8 1.1 tron <title>Postfix IPv6 Support</title> 9 1.1 tron 10 1.1 tron <meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> 11 1.1 tron 12 1.1 tron </head> 13 1.1 tron 14 1.1 tron <body> 15 1.1 tron 16 1.1 tron <h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix 17 1.1 tron IPv6 Support</h1> 18 1.1 tron 19 1.1 tron <hr> 20 1.1 tron 21 1.1 tron <h2>Introduction</h2> 22 1.1 tron 23 1.1 tron <p> Postfix 2.2 introduces support for the IPv6 (IP version 6) 24 1.1 tron protocol. IPv6 support for older Postfix versions was available as 25 1.1 tron an add-on patch. The section "<a href="#compat">Compatibility with 26 1.1 tron Postfix <2.2 IPv6 support</a>" below discusses the differences 27 1.1 tron between these implementations. </p> 28 1.1 tron 29 1.1 tron <p> The main feature of interest is that IPv6 uses 128-bit IP 30 1.1 tron addresses instead of the 32-bit addresses used by IPv4. It can 31 1.1 tron therefore accommodate a much larger number of hosts and networks 32 1.1 tron without ugly kluges such as NAT. A side benefit of the much larger 33 1.1 tron address space is that it makes random network scanning impractical. 34 1.1 tron </p> 35 1.1 tron 36 1.1 tron <p> Postfix uses the same SMTP protocol over IPv6 as it already 37 1.1 tron uses over the older IPv4 network, and does AAAA record lookups in 38 1.1 tron the DNS in addition to the older A records. Information about IPv6 39 1.1 tron can be found at <a href="http://www.ipv6.org/">http://www.ipv6.org/</a>. </p> 40 1.1 tron 41 1.1 tron <p> This document provides information on the following topics: 42 1.1 tron </p> 43 1.1 tron 44 1.1 tron <ul> 45 1.1 tron 46 1.1 tron <li><a href="#platforms">Supported platforms</a> 47 1.1 tron 48 1.1 tron <li><a href="#configuration">Configuration</a> 49 1.1 tron 50 1.1 tron <li><a href="#limitations">Known limitations</a> 51 1.1 tron 52 1.1 tron <li><a href="#compat">Compatibility with Postfix <2.2 IPv6 support</a> 53 1.1 tron 54 1.1 tron <li><a href="#porting">IPv6 Support for unsupported platforms</a> 55 1.1 tron 56 1.1 tron <li><a href="#credits">Credits</a> 57 1.1 tron 58 1.1 tron </ul> 59 1.1 tron 60 1.1 tron <h2><a name="platforms">Supported Platforms</a></h2> 61 1.1 tron 62 1.1 tron <p> Postfix version 2.2 supports IPv4 and IPv6 on the following 63 1.1 tron platforms: </p> 64 1.1 tron 65 1.1 tron <ul> 66 1.1 tron 67 1.1 tron <li> AIX 5.1+ 68 1.1 tron <li> Darwin 7.3+ 69 1.1 tron <li> FreeBSD 4+ 70 1.1 tron <li> Linux 2.4+ 71 1.1 tron <li> NetBSD 1.5+ 72 1.1 tron <li> OpenBSD 2+ 73 1.1 tron <li> Solaris 8+ 74 1.1 tron <li> Tru64Unix V5.1+ 75 1.1 tron 76 1.1 tron </ul> 77 1.1 tron 78 1.1 tron <p> On other platforms Postfix will simply use IPv4 as it has always 79 1.1 tron done. </p> 80 1.1 tron 81 1.1 tron <p> See <a href="#porting">below</a> for tips how to port Postfix 82 1.1 tron IPv6 support to other environments. </p> 83 1.1 tron 84 1.1 tron <h2><a name="configuration">Configuration</a></h2> 85 1.1 tron 86 1.1 tron <p> Postfix IPv6 support introduces two new <a href="postconf.5.html">main.cf</a> configuration 87 1.1 tron parameters, and introduces an important change in address syntax 88 1.1 tron notation in match lists such as <a href="postconf.5.html#mynetworks">mynetworks</a> or 89 1.1 tron <a href="postconf.5.html#debug_peer_list">debug_peer_list</a>. </p> 90 1.1 tron 91 1.1 tron <p> Postfix IPv6 address syntax is a little tricky, because there 92 1.1 tron are a few places where you must enclose an IPv6 address inside 93 1.1 tron "<tt>[]</tt>" characters, and a few places where you must not. It is 94 1.1 tron a good idea to use "<tt>[]</tt>" only in the few places where you 95 1.1 tron have to. Check out the <a href="postconf.5.html">postconf(5)</a> manual whenever you do IPv6 96 1.1 tron related configuration work with Postfix. </p> 97 1.1 tron 98 1.1 tron <ul> 99 1.1 tron 100 1.1 tron <li> <p> Instead of hard-coding 127.0.0.1 and ::1 loopback addresses 101 1.1 tron in <a href="master.5.html">master.cf</a>, specify "<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only" in <a href="postconf.5.html">main.cf</a>. 102 1.1 tron This way you can use the same <a href="master.5.html">master.cf</a> file regardless of whether 103 1.1 tron or not Postfix will run on an IPv6-enabled system. </p> 104 1.1 tron 105 1.1 tron <li> <p> The first new parameter is called <a href="postconf.5.html#inet_protocols">inet_protocols</a>. This 106 1.1 tron specifies what protocols Postfix will use when it makes or accepts 107 1.1 tron network connections, and also controls what DNS lookups Postfix 108 1.1 tron will use when it makes network connections. </p> 109 1.1 tron 110 1.1 tron <blockquote> 111 1.1 tron <pre> 112 1.1 tron /etc/postfix/<a href="postconf.5.html">main.cf</a>: 113 1.1 tron # You must stop/start Postfix after changing this parameter. 114 1.1 tron <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4 (DEFAULT: enable IPv4 only) 115 1.1 tron <a href="postconf.5.html#inet_protocols">inet_protocols</a> = all (enable IPv4, and IPv6 if supported) 116 1.1 tron <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6 (enable both IPv4 and IPv6) 117 1.1 tron <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6 (enable IPv6 only) 118 1.1 tron </pre> 119 1.1 tron </blockquote> 120 1.1 tron 121 1.1 tron <p> By default, Postfix uses IPv4 only, because most systems aren't 122 1.1 tron attached to an IPv6 network. </p> 123 1.1 tron 124 1.1 tron <ul> 125 1.1 tron 126 1.1 tron <li> <p> On systems with combined IPv4/IPv6 stacks, attempts to 127 1.1 tron deliver mail via IPv6 would always fail with "network unreachable", 128 1.1 tron and those attempts would only slow down Postfix. </p> 129 1.1 tron 130 1.1 tron <li> <p> Linux kernels don't even load IPv6 protocol support by 131 1.1 tron default. Any attempt to use it would fail immediately. </p> 132 1.1 tron 133 1.1 tron </ul> 134 1.1 tron 135 1.1 tron <p> Note 1: you must stop and start Postfix after changing the 136 1.1 tron <a href="postconf.5.html#inet_protocols">inet_protocols</a> configuration parameter. </p> 137 1.1 tron 138 1.1 tron <p> Note 2: if you see error messages like the following, then 139 1.1 tron you're running Linux and need to turn on IPv6 in the kernel: see 140 1.1 tron <a href="http://www.ipv6.org/">http://www.ipv6.org/</a> for hints and tips. Unlike other systems, 141 1.1 tron Linux does not have a combined stack for IPv4 and IPv6, and IPv6 142 1.1 tron protocol support is not loaded by default. </p> 143 1.1 tron 144 1.1 tron <blockquote> 145 1.1 tron <pre> 146 1.1 tron postconf: warning: <a href="postconf.5.html#inet_protocols">inet_protocols</a>: IPv6 support is disabled: Address family not supported by protocol 147 1.1 tron postconf: warning: <a href="postconf.5.html#inet_protocols">inet_protocols</a>: configuring for IPv4 support only 148 1.1 tron </pre> 149 1.1 tron </blockquote> 150 1.1 tron 151 1.1 tron <p> Note 3: on older Linux and Solaris systems, the setting 152 1.1 tron "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6" will not prevent Postfix from 153 1.1 tron accepting IPv4 connections. Postfix will present the client IP 154 1.1 tron addresses in IPv6 format, though. In all other cases, Postfix always 155 1.1 tron presents IPv4 client IP addresses in the traditional dotted quad 156 1.1 tron IPv4 format. </p> 157 1.1 tron 158 1.1 tron <li> <p> The other new parameter is <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a>. 159 1.1 tron This sets the local interface address for outgoing IPv6 SMTP 160 1.1 tron connections, just like the <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> parameter 161 1.1 tron does for IPv4: </p> 162 1.1 tron 163 1.1 tron <blockquote> 164 1.1 tron <pre> 165 1.1 tron /etc/postfix/<a href="postconf.5.html">main.cf</a>: 166 1.1 tron <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> = 2001:240:587:0:250:56ff:fe89:1 167 1.1 tron </pre> 168 1.1 tron </blockquote> 169 1.1 tron 170 1.1 tron <li> <p> If you left the value of the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter at its 171 1.1 tron default (i.e. no <a href="postconf.5.html#mynetworks">mynetworks</a> setting in <a href="postconf.5.html">main.cf</a>) Postfix will figure 172 1.1 tron out by itself what its network addresses are. This is what a typical 173 1.1 tron setting looks like: </p> 174 1.1 tron 175 1.1 tron <blockquote> 176 1.1 tron <pre> 177 1.1 tron % postconf <a href="postconf.5.html#mynetworks">mynetworks</a> 178 1.1 tron <a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [fe80::]/10 [2001:240:587::]/64 179 1.1 tron </pre> 180 1.1 tron </blockquote> 181 1.1 tron 182 1.1 tron <p> If you did specify the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter value in 183 1.1 tron <a href="postconf.5.html">main.cf</a>, you need update the <a href="postconf.5.html#mynetworks">mynetworks</a> value to include 184 1.1 tron the IPv6 networks the system is in. Be sure to specify IPv6 address 185 1.1 tron information inside "<tt>[]</tt>", like this: </p> 186 1.1 tron 187 1.1 tron <blockquote> 188 1.1 tron <pre> 189 1.1 tron /etc/postfix/<a href="postconf.5.html">main.cf</a>: 190 1.1 tron <a href="postconf.5.html#mynetworks">mynetworks</a> = ...<i>IPv4 networks</i>... [::1]/128 [2001:240:587::]/64 ... 191 1.1 tron </pre> 192 1.1 tron </blockquote> 193 1.1 tron 194 1.1 tron </ul> 195 1.1 tron 196 1.1 tron <p> <b> NOTE: when configuring Postfix match lists such as 197 1.1 tron <a href="postconf.5.html#mynetworks">mynetworks</a> or <a href="postconf.5.html#debug_peer_list">debug_peer_list</a>, you must specify 198 1.1 tron IPv6 address information inside "<tt>[]</tt>" in the <a href="postconf.5.html">main.cf</a> parameter 199 1.1 tron value and in files specified with a "<i>/file/name</i>" pattern. 200 1.1 tron IPv6 addresses contain the ":" character, and would otherwise be 201 1.1 tron confused with a "<i><a href="DATABASE_README.html">type:table</a></i>" pattern. </b> </p> 202 1.1 tron 203 1.1 tron <h2><a name="limitations">Known Limitations</a></h2> 204 1.1 tron 205 1.1 tron <ul> 206 1.1 tron 207 1.1.1.2 tron <li> <p> Postfix SMTP clients before version 2.8 try to connect 208 1.1.1.2 tron over IPv6 before trying IPv4. With more recent Postfix versions, 209 1.1.1.2 tron the order of IPv6 versus IPv4 outgoing connection attempts is 210 1.1.1.2 tron configurable with the <a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> parameter. </p> 211 1.1 tron 212 1.1.1.2 tron <li> <p> Postfix versions before 2.6 do not support DNSBL (real-time 213 1.1.1.2 tron blackhole list) lookups for IPv6 client IP addresses. </p> 214 1.1 tron 215 1.1 tron <li> <p> IPv6 does not have class A, B, C, etc. networks. With IPv6 216 1.1 tron networks, the setting "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = class" has the 217 1.1 tron same effect as the setting "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet". 218 1.1 tron </p> 219 1.1 tron 220 1.1 tron <li> <p> On Tru64Unix and AIX, Postfix can't figure out the local 221 1.1 tron subnet mask 222 1.1 tron and always assumes a /128 network. This is a problem only with 223 1.1 tron "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet" and no explicit <a href="postconf.5.html#mynetworks">mynetworks</a> 224 1.1 tron setting in <a href="postconf.5.html">main.cf</a>. </p> 225 1.1 tron 226 1.1 tron </ul> 227 1.1 tron 228 1.1 tron <h2> <a name="compat">Compatibility with Postfix <2.2 IPv6 support</a> 229 1.1 tron </h2> 230 1.1 tron 231 1.1 tron <p> Postfix version 2.2 IPv6 support is based on the Postfix/IPv6 patch 232 1.1 tron by Dean Strik and others, but differs in a few minor ways. </p> 233 1.1 tron 234 1.1 tron <ul> 235 1.1 tron 236 1.1 tron <li> <p> <a href="postconf.5.html">main.cf</a>: The <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> parameter does not support 237 1.1 tron the notation "ipv6:all" or "ipv4:all". Use the 238 1.1 tron <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter instead. </p> 239 1.1 tron 240 1.1 tron <li> <p> <a href="postconf.5.html">main.cf</a>: Specify "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = all" or 241 1.1 tron "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6" in order to enable both IPv4 242 1.1 tron and IPv6 support. </p> 243 1.1 tron 244 1.1 tron <li> <p> <a href="postconf.5.html">main.cf</a>: The <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter also controls 245 1.1 tron what DNS lookups Postfix will attempt to make when delivering or 246 1.1 tron receiving mail. </p> 247 1.1 tron 248 1.1 tron <li> <p> <a href="postconf.5.html">main.cf</a>: Specify "<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only" 249 1.1 tron to listen on loopback network interfaces only. </p> 250 1.1 tron 251 1.1 tron <li> <p> The <a href="postconf.5.html#lmtp_bind_address">lmtp_bind_address</a> and <a href="postconf.5.html#lmtp_bind_address6">lmtp_bind_address6</a> 252 1.1 tron features were omitted. The Postfix LMTP client will be absorbed 253 1.1 tron into the SMTP client, so there is no reason to keep adding features 254 1.1 tron to the LMTP client. </p> 255 1.1 tron 256 1.1 tron <li> <p> The SMTP server now requires that IPv6 addresses in SMTP 257 1.1 tron commands are specified as [ipv6:<i>ipv6address</i>], as 258 1.1 tron described in <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. </p> 259 1.1 tron 260 1.1 tron <li> <p> The IPv6 network address matching code was rewritten from 261 1.1 tron the ground up, and is expected to be closer to the specification. 262 1.1 tron The result may be incompatible with the Postfix/IPv6 patch. 263 1.1 tron </p> 264 1.1 tron 265 1.1 tron </ul> 266 1.1 tron 267 1.1 tron <h2><a name="porting">IPv6 Support for unsupported platforms</a></h2> 268 1.1 tron 269 1.1 tron <p> Getting Postfix IPv6 working on other platforms involves the 270 1.1 tron following steps: </p> 271 1.1 tron 272 1.1 tron <ul> 273 1.1 tron 274 1.1 tron <li> <p> Specify how Postfix should find the local network interfaces. 275 1.1 tron Postfix needs this information to avoid mailer loops and to find out 276 1.1 tron if mail for <i>user@[ipaddress]</i> is a local or remote destination. </p> 277 1.1 tron 278 1.1 tron <p> If your system has the getifaddrs() routine then add 279 1.1 tron the following to your platform-specific section in 280 1.1 tron src/util/sys_defs.h: </p> 281 1.1 tron 282 1.1 tron <blockquote> 283 1.1 tron <pre> 284 1.1 tron #ifndef NO_IPV6 285 1.1 tron # define HAS_IPV6 286 1.1 tron # define HAVE_GETIFADDRS 287 1.1 tron #endif 288 1.1 tron </pre> 289 1.1 tron </blockquote> 290 1.1 tron 291 1.1 tron <p> Otherwise, if your system has the SIOCGLIF ioctl() 292 1.1 tron command in /usr/include/*/*.h, add the following to your 293 1.1 tron platform-specific section in src/util/sys_defs.h: </p> 294 1.1 tron 295 1.1 tron <blockquote> 296 1.1 tron <pre> 297 1.1 tron #ifndef NO_IPV6 298 1.1 tron # define HAS_IPV6 299 1.1 tron # define HAS_SIOCGLIF 300 1.1 tron #endif 301 1.1 tron </pre> 302 1.1 tron </blockquote> 303 1.1 tron 304 1.1 tron <p> Otherwise, Postfix will have to use the old SIOCGIF commands 305 1.1 tron and get along with reduced IPv6 functionality (it won't be able to 306 1.1 tron figure out your IPv6 netmasks, which are needed for "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> 307 1.1 tron = subnet". Add this to your platform-specific section in 308 1.1 tron src/util/sys_defs.h: </p> 309 1.1 tron 310 1.1 tron <blockquote> 311 1.1 tron <pre> 312 1.1 tron #ifndef NO_IPV6 313 1.1 tron # define HAS_IPV6 314 1.1 tron #endif 315 1.1 tron </pre> 316 1.1 tron </blockquote> 317 1.1 tron 318 1.1 tron <li> <p> Test if Postfix can figure out its interface information. </p> 319 1.1 tron 320 1.1 tron <p> After compiling Postfix in the usual manner, step into the 321 1.1 tron src/util directory and type "<b>make inet_addr_local</b>". 322 1.1 tron Running this file by hand should produce all the interface addresses 323 1.1 tron and network masks, for example: </p> 324 1.1 tron 325 1.1 tron <blockquote> 326 1.1 tron <pre> 327 1.1 tron % make 328 1.1 tron % cd src/util 329 1.1 tron % make inet_addr_local 330 1.1 tron [... some messages ...] 331 1.1 tron % ./inet_addr_local 332 1.1 tron [... some messages ...] 333 1.1 tron ./inet_addr_local: inet_addr_local: configured 2 IPv4 addresses 334 1.1 tron ./inet_addr_local: inet_addr_local: configured 4 IPv6 addresses 335 1.1 tron 168.100.189.2/255.255.255.224 336 1.1 tron 127.0.0.1/255.0.0.0 337 1.1 tron fe80:1::2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff:: 338 1.1 tron 2001:240:587:0:2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff:: 339 1.1 tron fe80:5::1/ffff:ffff:ffff:ffff:: 340 1.1 tron ::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 341 1.1 tron </pre> 342 1.1 tron </blockquote> 343 1.1 tron 344 1.1 tron <p> The above is for an old FreeBSD machine. Other systems produce 345 1.1 tron slightly different results, but you get the idea. </p> 346 1.1 tron 347 1.1 tron </ul> 348 1.1 tron 349 1.1 tron <p> If none of all this produces a usable result, send email to the 350 1.1 tron postfix-users (a] postfix.org mailing list and we'll try to help you 351 1.1 tron through this. </p> 352 1.1 tron 353 1.1 tron <h2><a name="credits">Credits</a></h2> 354 1.1 tron 355 1.1 tron <p> The following information is in part based on information that 356 1.1 tron was compiled by Dean Strik. </p> 357 1.1 tron 358 1.1 tron <ul> 359 1.1 tron 360 1.1 tron <li> <p> Mark Huizer wrote the original Postfix IPv6 patch. </p> 361 1.1 tron 362 1.1 tron <li> <p> Jun-ichiro 'itojun' Hagino of the KAME project made 363 1.1 tron substantial improvements. Since then, we speak of the KAME patch. 364 1.1 tron </p> 365 1.1 tron 366 1.1 tron <li> <p> The PLD Linux Distribution ported the code to other stacks 367 1.1 tron (notably USAGI). We speak of the PLD patch. A very important 368 1.1 tron feature of the PLD patch was that it can work with Lutz Jaenicke's 369 1.1 tron TLS patch for Postfix. </p> 370 1.1 tron 371 1.1 tron <li> <p> Dean Strik extended IPv6 support to platforms other than 372 1.1 tron KAME and USAGI, updated the patch to keep up with Postfix development, 373 1.1 tron and provided a combined IPv6 + TLS patch. Information about his 374 1.1 tron effort can be found on Dean Strik's Postfix website at 375 1.1 tron <a href="http://www.ipnet6.org/postfix/">http://www.ipnet6.org/postfix/</a>. </p> 376 1.1 tron 377 1.1 tron <li> <p> Wietse Venema took Dean Strik's IPv6 patch, merged it into 378 1.1 tron Postfix 2.2, and took the opportunity to eliminate all IPv4-specific 379 1.1 tron code from Postfix that could be removed. For systems without IPv6 380 1.1 tron support in the kernel and system libraries, Postfix has a simple 381 1.1 tron compatibility layer, so that it will use IPv4 as before. </p> 382 1.1 tron 383 1.1 tron </ul> 384 1.1 tron 385 1.1 tron </body> 386 1.1 tron 387 1.1 tron </html> 388
Indexes created Sun Jun 28 00:24:58 UTC 2026