IPV6_README.html revision 1.1.1.3
1 1.1 tron <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 1.1 tron "http://www.w3.org/TR/html4/loose.dtd"> 3 1.1 tron 4 1.1 tron <html> 5 1.1 tron 6 1.1 tron <head> 7 1.1 tron 8 1.1 tron <title>Postfix IPv6 Support</title> 9 1.1 tron 10 1.1.1.3 christos <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> 11 1.1 tron 12 1.1 tron </head> 13 1.1 tron 14 1.1 tron <body> 15 1.1 tron 16 1.1 tron <h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix 17 1.1 tron IPv6 Support</h1> 18 1.1 tron 19 1.1 tron <hr> 20 1.1 tron 21 1.1 tron <h2>Introduction</h2> 22 1.1 tron 23 1.1 tron <p> Postfix 2.2 introduces support for the IPv6 (IP version 6) 24 1.1 tron protocol. IPv6 support for older Postfix versions was available as 25 1.1 tron an add-on patch. The section "<a href="#compat">Compatibility with 26 1.1 tron Postfix <2.2 IPv6 support</a>" below discusses the differences 27 1.1 tron between these implementations. </p> 28 1.1 tron 29 1.1 tron <p> The main feature of interest is that IPv6 uses 128-bit IP 30 1.1 tron addresses instead of the 32-bit addresses used by IPv4. It can 31 1.1 tron therefore accommodate a much larger number of hosts and networks 32 1.1 tron without ugly kluges such as NAT. A side benefit of the much larger 33 1.1 tron address space is that it makes random network scanning impractical. 34 1.1 tron </p> 35 1.1 tron 36 1.1 tron <p> Postfix uses the same SMTP protocol over IPv6 as it already 37 1.1 tron uses over the older IPv4 network, and does AAAA record lookups in 38 1.1 tron the DNS in addition to the older A records. Information about IPv6 39 1.1 tron can be found at <a href="http://www.ipv6.org/">http://www.ipv6.org/</a>. </p> 40 1.1 tron 41 1.1 tron <p> This document provides information on the following topics: 42 1.1 tron </p> 43 1.1 tron 44 1.1 tron <ul> 45 1.1 tron 46 1.1 tron <li><a href="#platforms">Supported platforms</a> 47 1.1 tron 48 1.1 tron <li><a href="#configuration">Configuration</a> 49 1.1 tron 50 1.1 tron <li><a href="#limitations">Known limitations</a> 51 1.1 tron 52 1.1 tron <li><a href="#compat">Compatibility with Postfix <2.2 IPv6 support</a> 53 1.1 tron 54 1.1 tron <li><a href="#porting">IPv6 Support for unsupported platforms</a> 55 1.1 tron 56 1.1 tron <li><a href="#credits">Credits</a> 57 1.1 tron 58 1.1 tron </ul> 59 1.1 tron 60 1.1 tron <h2><a name="platforms">Supported Platforms</a></h2> 61 1.1 tron 62 1.1 tron <p> Postfix version 2.2 supports IPv4 and IPv6 on the following 63 1.1 tron platforms: </p> 64 1.1 tron 65 1.1 tron <ul> 66 1.1 tron 67 1.1 tron <li> AIX 5.1+ 68 1.1 tron <li> Darwin 7.3+ 69 1.1 tron <li> FreeBSD 4+ 70 1.1 tron <li> Linux 2.4+ 71 1.1 tron <li> NetBSD 1.5+ 72 1.1 tron <li> OpenBSD 2+ 73 1.1 tron <li> Solaris 8+ 74 1.1 tron <li> Tru64Unix V5.1+ 75 1.1 tron 76 1.1 tron </ul> 77 1.1 tron 78 1.1 tron <p> On other platforms Postfix will simply use IPv4 as it has always 79 1.1 tron done. </p> 80 1.1 tron 81 1.1 tron <p> See <a href="#porting">below</a> for tips how to port Postfix 82 1.1 tron IPv6 support to other environments. </p> 83 1.1 tron 84 1.1 tron <h2><a name="configuration">Configuration</a></h2> 85 1.1 tron 86 1.1 tron <p> Postfix IPv6 support introduces two new <a href="postconf.5.html">main.cf</a> configuration 87 1.1 tron parameters, and introduces an important change in address syntax 88 1.1 tron notation in match lists such as <a href="postconf.5.html#mynetworks">mynetworks</a> or 89 1.1 tron <a href="postconf.5.html#debug_peer_list">debug_peer_list</a>. </p> 90 1.1 tron 91 1.1 tron <p> Postfix IPv6 address syntax is a little tricky, because there 92 1.1 tron are a few places where you must enclose an IPv6 address inside 93 1.1 tron "<tt>[]</tt>" characters, and a few places where you must not. It is 94 1.1 tron a good idea to use "<tt>[]</tt>" only in the few places where you 95 1.1 tron have to. Check out the <a href="postconf.5.html">postconf(5)</a> manual whenever you do IPv6 96 1.1 tron related configuration work with Postfix. </p> 97 1.1 tron 98 1.1 tron <ul> 99 1.1 tron 100 1.1 tron <li> <p> Instead of hard-coding 127.0.0.1 and ::1 loopback addresses 101 1.1 tron in <a href="master.5.html">master.cf</a>, specify "<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only" in <a href="postconf.5.html">main.cf</a>. 102 1.1 tron This way you can use the same <a href="master.5.html">master.cf</a> file regardless of whether 103 1.1 tron or not Postfix will run on an IPv6-enabled system. </p> 104 1.1 tron 105 1.1 tron <li> <p> The first new parameter is called <a href="postconf.5.html#inet_protocols">inet_protocols</a>. This 106 1.1 tron specifies what protocols Postfix will use when it makes or accepts 107 1.1 tron network connections, and also controls what DNS lookups Postfix 108 1.1 tron will use when it makes network connections. </p> 109 1.1 tron 110 1.1 tron <blockquote> 111 1.1 tron <pre> 112 1.1 tron /etc/postfix/<a href="postconf.5.html">main.cf</a>: 113 1.1 tron # You must stop/start Postfix after changing this parameter. 114 1.1 tron <a href="postconf.5.html#inet_protocols">inet_protocols</a> = all (enable IPv4, and IPv6 if supported) 115 1.1.1.3 christos <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4 (enable IPv4 only) 116 1.1 tron <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6 (enable both IPv4 and IPv6) 117 1.1 tron <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6 (enable IPv6 only) 118 1.1 tron </pre> 119 1.1 tron </blockquote> 120 1.1 tron 121 1.1.1.3 christos <p> The default is compile-time dependent: "all" when Postfix is built 122 1.1.1.3 christos on a software distribution with IPv6 support, "ipv4" otherwise. </p> 123 1.1 tron 124 1.1 tron <p> Note 1: you must stop and start Postfix after changing the 125 1.1 tron <a href="postconf.5.html#inet_protocols">inet_protocols</a> configuration parameter. </p> 126 1.1 tron 127 1.1.1.3 christos <p> Note 2: on older Linux and Solaris systems, the setting 128 1.1 tron "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6" will not prevent Postfix from 129 1.1.1.3 christos accepting IPv4 connections. </p> 130 1.1 tron 131 1.1 tron <li> <p> The other new parameter is <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a>. 132 1.1 tron This sets the local interface address for outgoing IPv6 SMTP 133 1.1 tron connections, just like the <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> parameter 134 1.1 tron does for IPv4: </p> 135 1.1 tron 136 1.1 tron <blockquote> 137 1.1 tron <pre> 138 1.1 tron /etc/postfix/<a href="postconf.5.html">main.cf</a>: 139 1.1 tron <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> = 2001:240:587:0:250:56ff:fe89:1 140 1.1 tron </pre> 141 1.1 tron </blockquote> 142 1.1 tron 143 1.1 tron <li> <p> If you left the value of the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter at its 144 1.1 tron default (i.e. no <a href="postconf.5.html#mynetworks">mynetworks</a> setting in <a href="postconf.5.html">main.cf</a>) Postfix will figure 145 1.1 tron out by itself what its network addresses are. This is what a typical 146 1.1 tron setting looks like: </p> 147 1.1 tron 148 1.1 tron <blockquote> 149 1.1 tron <pre> 150 1.1 tron % postconf <a href="postconf.5.html#mynetworks">mynetworks</a> 151 1.1 tron <a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [fe80::]/10 [2001:240:587::]/64 152 1.1 tron </pre> 153 1.1 tron </blockquote> 154 1.1 tron 155 1.1 tron <p> If you did specify the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter value in 156 1.1.1.3 christos <a href="postconf.5.html">main.cf</a>, you need to update the <a href="postconf.5.html#mynetworks">mynetworks</a> value to include 157 1.1 tron the IPv6 networks the system is in. Be sure to specify IPv6 address 158 1.1 tron information inside "<tt>[]</tt>", like this: </p> 159 1.1 tron 160 1.1 tron <blockquote> 161 1.1 tron <pre> 162 1.1 tron /etc/postfix/<a href="postconf.5.html">main.cf</a>: 163 1.1 tron <a href="postconf.5.html#mynetworks">mynetworks</a> = ...<i>IPv4 networks</i>... [::1]/128 [2001:240:587::]/64 ... 164 1.1 tron </pre> 165 1.1 tron </blockquote> 166 1.1 tron 167 1.1 tron </ul> 168 1.1 tron 169 1.1 tron <p> <b> NOTE: when configuring Postfix match lists such as 170 1.1 tron <a href="postconf.5.html#mynetworks">mynetworks</a> or <a href="postconf.5.html#debug_peer_list">debug_peer_list</a>, you must specify 171 1.1 tron IPv6 address information inside "<tt>[]</tt>" in the <a href="postconf.5.html">main.cf</a> parameter 172 1.1 tron value and in files specified with a "<i>/file/name</i>" pattern. 173 1.1 tron IPv6 addresses contain the ":" character, and would otherwise be 174 1.1 tron confused with a "<i><a href="DATABASE_README.html">type:table</a></i>" pattern. </b> </p> 175 1.1 tron 176 1.1 tron <h2><a name="limitations">Known Limitations</a></h2> 177 1.1 tron 178 1.1 tron <ul> 179 1.1 tron 180 1.1.1.2 tron <li> <p> Postfix SMTP clients before version 2.8 try to connect 181 1.1.1.2 tron over IPv6 before trying IPv4. With more recent Postfix versions, 182 1.1.1.2 tron the order of IPv6 versus IPv4 outgoing connection attempts is 183 1.1.1.2 tron configurable with the <a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> parameter. </p> 184 1.1 tron 185 1.1.1.3 christos <li> <p> Postfix versions before 2.6 do not support DNSBL (DNS 186 1.1.1.3 christos blocklist) lookups for IPv6 client IP addresses. </p> 187 1.1 tron 188 1.1 tron <li> <p> IPv6 does not have class A, B, C, etc. networks. With IPv6 189 1.1 tron networks, the setting "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = class" has the 190 1.1 tron same effect as the setting "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet". 191 1.1 tron </p> 192 1.1 tron 193 1.1 tron <li> <p> On Tru64Unix and AIX, Postfix can't figure out the local 194 1.1 tron subnet mask 195 1.1 tron and always assumes a /128 network. This is a problem only with 196 1.1 tron "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet" and no explicit <a href="postconf.5.html#mynetworks">mynetworks</a> 197 1.1 tron setting in <a href="postconf.5.html">main.cf</a>. </p> 198 1.1 tron 199 1.1 tron </ul> 200 1.1 tron 201 1.1 tron <h2> <a name="compat">Compatibility with Postfix <2.2 IPv6 support</a> 202 1.1 tron </h2> 203 1.1 tron 204 1.1 tron <p> Postfix version 2.2 IPv6 support is based on the Postfix/IPv6 patch 205 1.1 tron by Dean Strik and others, but differs in a few minor ways. </p> 206 1.1 tron 207 1.1 tron <ul> 208 1.1 tron 209 1.1 tron <li> <p> <a href="postconf.5.html">main.cf</a>: The <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> parameter does not support 210 1.1 tron the notation "ipv6:all" or "ipv4:all". Use the 211 1.1 tron <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter instead. </p> 212 1.1 tron 213 1.1 tron <li> <p> <a href="postconf.5.html">main.cf</a>: Specify "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = all" or 214 1.1 tron "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6" in order to enable both IPv4 215 1.1 tron and IPv6 support. </p> 216 1.1 tron 217 1.1 tron <li> <p> <a href="postconf.5.html">main.cf</a>: The <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter also controls 218 1.1 tron what DNS lookups Postfix will attempt to make when delivering or 219 1.1 tron receiving mail. </p> 220 1.1 tron 221 1.1 tron <li> <p> <a href="postconf.5.html">main.cf</a>: Specify "<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only" 222 1.1 tron to listen on loopback network interfaces only. </p> 223 1.1 tron 224 1.1 tron <li> <p> The <a href="postconf.5.html#lmtp_bind_address">lmtp_bind_address</a> and <a href="postconf.5.html#lmtp_bind_address6">lmtp_bind_address6</a> 225 1.1.1.3 christos features were omitted. Postfix version 2.3 merged the LMTP client 226 1.1.1.3 christos into the SMTP client, so there was no reason to keep adding features 227 1.1 tron to the LMTP client. </p> 228 1.1 tron 229 1.1 tron <li> <p> The SMTP server now requires that IPv6 addresses in SMTP 230 1.1 tron commands are specified as [ipv6:<i>ipv6address</i>], as 231 1.1.1.3 christos described in <a href="https://tools.ietf.org/html/rfc2821">RFC 2821</a>. </p> 232 1.1 tron 233 1.1 tron <li> <p> The IPv6 network address matching code was rewritten from 234 1.1 tron the ground up, and is expected to be closer to the specification. 235 1.1 tron The result may be incompatible with the Postfix/IPv6 patch. 236 1.1 tron </p> 237 1.1 tron 238 1.1 tron </ul> 239 1.1 tron 240 1.1 tron <h2><a name="porting">IPv6 Support for unsupported platforms</a></h2> 241 1.1 tron 242 1.1 tron <p> Getting Postfix IPv6 working on other platforms involves the 243 1.1 tron following steps: </p> 244 1.1 tron 245 1.1 tron <ul> 246 1.1 tron 247 1.1 tron <li> <p> Specify how Postfix should find the local network interfaces. 248 1.1 tron Postfix needs this information to avoid mailer loops and to find out 249 1.1 tron if mail for <i>user@[ipaddress]</i> is a local or remote destination. </p> 250 1.1 tron 251 1.1 tron <p> If your system has the getifaddrs() routine then add 252 1.1 tron the following to your platform-specific section in 253 1.1 tron src/util/sys_defs.h: </p> 254 1.1 tron 255 1.1 tron <blockquote> 256 1.1 tron <pre> 257 1.1 tron #ifndef NO_IPV6 258 1.1 tron # define HAS_IPV6 259 1.1 tron # define HAVE_GETIFADDRS 260 1.1 tron #endif 261 1.1 tron </pre> 262 1.1 tron </blockquote> 263 1.1 tron 264 1.1 tron <p> Otherwise, if your system has the SIOCGLIF ioctl() 265 1.1 tron command in /usr/include/*/*.h, add the following to your 266 1.1 tron platform-specific section in src/util/sys_defs.h: </p> 267 1.1 tron 268 1.1 tron <blockquote> 269 1.1 tron <pre> 270 1.1 tron #ifndef NO_IPV6 271 1.1 tron # define HAS_IPV6 272 1.1 tron # define HAS_SIOCGLIF 273 1.1 tron #endif 274 1.1 tron </pre> 275 1.1 tron </blockquote> 276 1.1 tron 277 1.1 tron <p> Otherwise, Postfix will have to use the old SIOCGIF commands 278 1.1 tron and get along with reduced IPv6 functionality (it won't be able to 279 1.1 tron figure out your IPv6 netmasks, which are needed for "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> 280 1.1 tron = subnet". Add this to your platform-specific section in 281 1.1 tron src/util/sys_defs.h: </p> 282 1.1 tron 283 1.1 tron <blockquote> 284 1.1 tron <pre> 285 1.1 tron #ifndef NO_IPV6 286 1.1 tron # define HAS_IPV6 287 1.1 tron #endif 288 1.1 tron </pre> 289 1.1 tron </blockquote> 290 1.1 tron 291 1.1 tron <li> <p> Test if Postfix can figure out its interface information. </p> 292 1.1 tron 293 1.1 tron <p> After compiling Postfix in the usual manner, step into the 294 1.1 tron src/util directory and type "<b>make inet_addr_local</b>". 295 1.1 tron Running this file by hand should produce all the interface addresses 296 1.1 tron and network masks, for example: </p> 297 1.1 tron 298 1.1 tron <blockquote> 299 1.1 tron <pre> 300 1.1 tron % make 301 1.1 tron % cd src/util 302 1.1 tron % make inet_addr_local 303 1.1 tron [... some messages ...] 304 1.1 tron % ./inet_addr_local 305 1.1 tron [... some messages ...] 306 1.1 tron ./inet_addr_local: inet_addr_local: configured 2 IPv4 addresses 307 1.1 tron ./inet_addr_local: inet_addr_local: configured 4 IPv6 addresses 308 1.1 tron 168.100.189.2/255.255.255.224 309 1.1 tron 127.0.0.1/255.0.0.0 310 1.1 tron fe80:1::2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff:: 311 1.1 tron 2001:240:587:0:2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff:: 312 1.1 tron fe80:5::1/ffff:ffff:ffff:ffff:: 313 1.1 tron ::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 314 1.1 tron </pre> 315 1.1 tron </blockquote> 316 1.1 tron 317 1.1 tron <p> The above is for an old FreeBSD machine. Other systems produce 318 1.1 tron slightly different results, but you get the idea. </p> 319 1.1 tron 320 1.1 tron </ul> 321 1.1 tron 322 1.1 tron <p> If none of all this produces a usable result, send email to the 323 1.1 tron postfix-users (a] postfix.org mailing list and we'll try to help you 324 1.1 tron through this. </p> 325 1.1 tron 326 1.1 tron <h2><a name="credits">Credits</a></h2> 327 1.1 tron 328 1.1 tron <p> The following information is in part based on information that 329 1.1 tron was compiled by Dean Strik. </p> 330 1.1 tron 331 1.1 tron <ul> 332 1.1 tron 333 1.1 tron <li> <p> Mark Huizer wrote the original Postfix IPv6 patch. </p> 334 1.1 tron 335 1.1 tron <li> <p> Jun-ichiro 'itojun' Hagino of the KAME project made 336 1.1 tron substantial improvements. Since then, we speak of the KAME patch. 337 1.1 tron </p> 338 1.1 tron 339 1.1 tron <li> <p> The PLD Linux Distribution ported the code to other stacks 340 1.1 tron (notably USAGI). We speak of the PLD patch. A very important 341 1.1 tron feature of the PLD patch was that it can work with Lutz Jaenicke's 342 1.1 tron TLS patch for Postfix. </p> 343 1.1 tron 344 1.1 tron <li> <p> Dean Strik extended IPv6 support to platforms other than 345 1.1 tron KAME and USAGI, updated the patch to keep up with Postfix development, 346 1.1 tron and provided a combined IPv6 + TLS patch. Information about his 347 1.1 tron effort can be found on Dean Strik's Postfix website at 348 1.1 tron <a href="http://www.ipnet6.org/postfix/">http://www.ipnet6.org/postfix/</a>. </p> 349 1.1 tron 350 1.1 tron <li> <p> Wietse Venema took Dean Strik's IPv6 patch, merged it into 351 1.1 tron Postfix 2.2, and took the opportunity to eliminate all IPv4-specific 352 1.1 tron code from Postfix that could be removed. For systems without IPv6 353 1.1 tron support in the kernel and system libraries, Postfix has a simple 354 1.1 tron compatibility layer, so that it will use IPv4 as before. </p> 355 1.1 tron 356 1.1 tron </ul> 357 1.1 tron 358 1.1 tron </body> 359 1.1 tron 360 1.1 tron </html> 361
Indexes created Sat Jun 27 00:24:51 UTC 2026