IPV6_README.html revision 1.1.1.4
1 1.1 tron <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 1.1 tron "http://www.w3.org/TR/html4/loose.dtd"> 3 1.1 tron 4 1.1 tron <html> 5 1.1 tron 6 1.1 tron <head> 7 1.1 tron 8 1.1 tron <title>Postfix IPv6 Support</title> 9 1.1 tron 10 1.1.1.3 christos <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> 11 1.1.1.4 christos <link rel='stylesheet' type='text/css' href='postfix-doc.css'> 12 1.1 tron 13 1.1 tron </head> 14 1.1 tron 15 1.1 tron <body> 16 1.1 tron 17 1.1 tron <h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix 18 1.1 tron IPv6 Support</h1> 19 1.1 tron 20 1.1 tron <hr> 21 1.1 tron 22 1.1 tron <h2>Introduction</h2> 23 1.1 tron 24 1.1 tron <p> Postfix 2.2 introduces support for the IPv6 (IP version 6) 25 1.1 tron protocol. IPv6 support for older Postfix versions was available as 26 1.1 tron an add-on patch. The section "<a href="#compat">Compatibility with 27 1.1 tron Postfix <2.2 IPv6 support</a>" below discusses the differences 28 1.1 tron between these implementations. </p> 29 1.1 tron 30 1.1 tron <p> The main feature of interest is that IPv6 uses 128-bit IP 31 1.1 tron addresses instead of the 32-bit addresses used by IPv4. It can 32 1.1 tron therefore accommodate a much larger number of hosts and networks 33 1.1 tron without ugly kluges such as NAT. A side benefit of the much larger 34 1.1 tron address space is that it makes random network scanning impractical. 35 1.1 tron </p> 36 1.1 tron 37 1.1 tron <p> Postfix uses the same SMTP protocol over IPv6 as it already 38 1.1 tron uses over the older IPv4 network, and does AAAA record lookups in 39 1.1 tron the DNS in addition to the older A records. Information about IPv6 40 1.1 tron can be found at <a href="http://www.ipv6.org/">http://www.ipv6.org/</a>. </p> 41 1.1 tron 42 1.1 tron <p> This document provides information on the following topics: 43 1.1 tron </p> 44 1.1 tron 45 1.1 tron <ul> 46 1.1 tron 47 1.1 tron <li><a href="#platforms">Supported platforms</a> 48 1.1 tron 49 1.1 tron <li><a href="#configuration">Configuration</a> 50 1.1 tron 51 1.1 tron <li><a href="#limitations">Known limitations</a> 52 1.1 tron 53 1.1 tron <li><a href="#compat">Compatibility with Postfix <2.2 IPv6 support</a> 54 1.1 tron 55 1.1 tron <li><a href="#porting">IPv6 Support for unsupported platforms</a> 56 1.1 tron 57 1.1 tron <li><a href="#credits">Credits</a> 58 1.1 tron 59 1.1 tron </ul> 60 1.1 tron 61 1.1 tron <h2><a name="platforms">Supported Platforms</a></h2> 62 1.1 tron 63 1.1 tron <p> Postfix version 2.2 supports IPv4 and IPv6 on the following 64 1.1 tron platforms: </p> 65 1.1 tron 66 1.1 tron <ul> 67 1.1 tron 68 1.1 tron <li> AIX 5.1+ 69 1.1 tron <li> Darwin 7.3+ 70 1.1 tron <li> FreeBSD 4+ 71 1.1 tron <li> Linux 2.4+ 72 1.1 tron <li> NetBSD 1.5+ 73 1.1 tron <li> OpenBSD 2+ 74 1.1 tron <li> Solaris 8+ 75 1.1 tron <li> Tru64Unix V5.1+ 76 1.1 tron 77 1.1 tron </ul> 78 1.1 tron 79 1.1 tron <p> On other platforms Postfix will simply use IPv4 as it has always 80 1.1 tron done. </p> 81 1.1 tron 82 1.1.1.4 christos <p> See "<a href="#porting">IPv6 Support for unsupported platforms</a>" 83 1.1.1.4 christos for tips to port Postfix IPv6 support to other environments. </p> 84 1.1 tron 85 1.1 tron <h2><a name="configuration">Configuration</a></h2> 86 1.1 tron 87 1.1 tron <p> Postfix IPv6 support introduces two new <a href="postconf.5.html">main.cf</a> configuration 88 1.1 tron parameters, and introduces an important change in address syntax 89 1.1 tron notation in match lists such as <a href="postconf.5.html#mynetworks">mynetworks</a> or 90 1.1 tron <a href="postconf.5.html#debug_peer_list">debug_peer_list</a>. </p> 91 1.1 tron 92 1.1 tron <p> Postfix IPv6 address syntax is a little tricky, because there 93 1.1 tron are a few places where you must enclose an IPv6 address inside 94 1.1 tron "<tt>[]</tt>" characters, and a few places where you must not. It is 95 1.1 tron a good idea to use "<tt>[]</tt>" only in the few places where you 96 1.1 tron have to. Check out the <a href="postconf.5.html">postconf(5)</a> manual whenever you do IPv6 97 1.1 tron related configuration work with Postfix. </p> 98 1.1 tron 99 1.1 tron <ul> 100 1.1 tron 101 1.1 tron <li> <p> Instead of hard-coding 127.0.0.1 and ::1 loopback addresses 102 1.1 tron in <a href="master.5.html">master.cf</a>, specify "<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only" in <a href="postconf.5.html">main.cf</a>. 103 1.1 tron This way you can use the same <a href="master.5.html">master.cf</a> file regardless of whether 104 1.1 tron or not Postfix will run on an IPv6-enabled system. </p> 105 1.1 tron 106 1.1 tron <li> <p> The first new parameter is called <a href="postconf.5.html#inet_protocols">inet_protocols</a>. This 107 1.1 tron specifies what protocols Postfix will use when it makes or accepts 108 1.1 tron network connections, and also controls what DNS lookups Postfix 109 1.1 tron will use when it makes network connections. </p> 110 1.1 tron 111 1.1 tron <blockquote> 112 1.1 tron <pre> 113 1.1 tron /etc/postfix/<a href="postconf.5.html">main.cf</a>: 114 1.1 tron # You must stop/start Postfix after changing this parameter. 115 1.1 tron <a href="postconf.5.html#inet_protocols">inet_protocols</a> = all (enable IPv4, and IPv6 if supported) 116 1.1.1.3 christos <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4 (enable IPv4 only) 117 1.1 tron <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6 (enable both IPv4 and IPv6) 118 1.1 tron <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6 (enable IPv6 only) 119 1.1 tron </pre> 120 1.1 tron </blockquote> 121 1.1 tron 122 1.1.1.3 christos <p> The default is compile-time dependent: "all" when Postfix is built 123 1.1.1.3 christos on a software distribution with IPv6 support, "ipv4" otherwise. </p> 124 1.1 tron 125 1.1 tron <p> Note 1: you must stop and start Postfix after changing the 126 1.1 tron <a href="postconf.5.html#inet_protocols">inet_protocols</a> configuration parameter. </p> 127 1.1 tron 128 1.1.1.3 christos <p> Note 2: on older Linux and Solaris systems, the setting 129 1.1 tron "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6" will not prevent Postfix from 130 1.1.1.3 christos accepting IPv4 connections. </p> 131 1.1 tron 132 1.1.1.4 christos <p> For an unsupported test option to build Postfix without IPv6 133 1.1.1.4 christos support, see the NO_IPV6 option in the <a href="INSTALL.html">INSTALL</a> document. </p> 134 1.1.1.4 christos 135 1.1 tron <li> <p> The other new parameter is <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a>. 136 1.1 tron This sets the local interface address for outgoing IPv6 SMTP 137 1.1 tron connections, just like the <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> parameter 138 1.1 tron does for IPv4: </p> 139 1.1 tron 140 1.1 tron <blockquote> 141 1.1 tron <pre> 142 1.1 tron /etc/postfix/<a href="postconf.5.html">main.cf</a>: 143 1.1 tron <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> = 2001:240:587:0:250:56ff:fe89:1 144 1.1 tron </pre> 145 1.1 tron </blockquote> 146 1.1 tron 147 1.1 tron <li> <p> If you left the value of the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter at its 148 1.1 tron default (i.e. no <a href="postconf.5.html#mynetworks">mynetworks</a> setting in <a href="postconf.5.html">main.cf</a>) Postfix will figure 149 1.1 tron out by itself what its network addresses are. This is what a typical 150 1.1 tron setting looks like: </p> 151 1.1 tron 152 1.1 tron <blockquote> 153 1.1 tron <pre> 154 1.1 tron % postconf <a href="postconf.5.html#mynetworks">mynetworks</a> 155 1.1 tron <a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [fe80::]/10 [2001:240:587::]/64 156 1.1 tron </pre> 157 1.1 tron </blockquote> 158 1.1 tron 159 1.1 tron <p> If you did specify the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter value in 160 1.1.1.3 christos <a href="postconf.5.html">main.cf</a>, you need to update the <a href="postconf.5.html#mynetworks">mynetworks</a> value to include 161 1.1 tron the IPv6 networks the system is in. Be sure to specify IPv6 address 162 1.1 tron information inside "<tt>[]</tt>", like this: </p> 163 1.1 tron 164 1.1 tron <blockquote> 165 1.1 tron <pre> 166 1.1 tron /etc/postfix/<a href="postconf.5.html">main.cf</a>: 167 1.1 tron <a href="postconf.5.html#mynetworks">mynetworks</a> = ...<i>IPv4 networks</i>... [::1]/128 [2001:240:587::]/64 ... 168 1.1 tron </pre> 169 1.1 tron </blockquote> 170 1.1 tron 171 1.1 tron </ul> 172 1.1 tron 173 1.1 tron <p> <b> NOTE: when configuring Postfix match lists such as 174 1.1 tron <a href="postconf.5.html#mynetworks">mynetworks</a> or <a href="postconf.5.html#debug_peer_list">debug_peer_list</a>, you must specify 175 1.1 tron IPv6 address information inside "<tt>[]</tt>" in the <a href="postconf.5.html">main.cf</a> parameter 176 1.1 tron value and in files specified with a "<i>/file/name</i>" pattern. 177 1.1 tron IPv6 addresses contain the ":" character, and would otherwise be 178 1.1 tron confused with a "<i><a href="DATABASE_README.html">type:table</a></i>" pattern. </b> </p> 179 1.1 tron 180 1.1 tron <h2><a name="limitations">Known Limitations</a></h2> 181 1.1 tron 182 1.1 tron <ul> 183 1.1 tron 184 1.1.1.2 tron <li> <p> Postfix SMTP clients before version 2.8 try to connect 185 1.1.1.2 tron over IPv6 before trying IPv4. With more recent Postfix versions, 186 1.1.1.2 tron the order of IPv6 versus IPv4 outgoing connection attempts is 187 1.1.1.2 tron configurable with the <a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> parameter. </p> 188 1.1 tron 189 1.1.1.3 christos <li> <p> Postfix versions before 2.6 do not support DNSBL (DNS 190 1.1.1.3 christos blocklist) lookups for IPv6 client IP addresses. </p> 191 1.1 tron 192 1.1 tron <li> <p> IPv6 does not have class A, B, C, etc. networks. With IPv6 193 1.1 tron networks, the setting "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = class" has the 194 1.1 tron same effect as the setting "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet". 195 1.1 tron </p> 196 1.1 tron 197 1.1 tron <li> <p> On Tru64Unix and AIX, Postfix can't figure out the local 198 1.1 tron subnet mask 199 1.1 tron and always assumes a /128 network. This is a problem only with 200 1.1 tron "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet" and no explicit <a href="postconf.5.html#mynetworks">mynetworks</a> 201 1.1 tron setting in <a href="postconf.5.html">main.cf</a>. </p> 202 1.1 tron 203 1.1 tron </ul> 204 1.1 tron 205 1.1 tron <h2> <a name="compat">Compatibility with Postfix <2.2 IPv6 support</a> 206 1.1 tron </h2> 207 1.1 tron 208 1.1 tron <p> Postfix version 2.2 IPv6 support is based on the Postfix/IPv6 patch 209 1.1 tron by Dean Strik and others, but differs in a few minor ways. </p> 210 1.1 tron 211 1.1 tron <ul> 212 1.1 tron 213 1.1 tron <li> <p> <a href="postconf.5.html">main.cf</a>: The <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> parameter does not support 214 1.1 tron the notation "ipv6:all" or "ipv4:all". Use the 215 1.1 tron <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter instead. </p> 216 1.1 tron 217 1.1 tron <li> <p> <a href="postconf.5.html">main.cf</a>: Specify "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = all" or 218 1.1 tron "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6" in order to enable both IPv4 219 1.1 tron and IPv6 support. </p> 220 1.1 tron 221 1.1 tron <li> <p> <a href="postconf.5.html">main.cf</a>: The <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter also controls 222 1.1 tron what DNS lookups Postfix will attempt to make when delivering or 223 1.1 tron receiving mail. </p> 224 1.1 tron 225 1.1 tron <li> <p> <a href="postconf.5.html">main.cf</a>: Specify "<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only" 226 1.1 tron to listen on loopback network interfaces only. </p> 227 1.1 tron 228 1.1 tron <li> <p> The <a href="postconf.5.html#lmtp_bind_address">lmtp_bind_address</a> and <a href="postconf.5.html#lmtp_bind_address6">lmtp_bind_address6</a> 229 1.1.1.3 christos features were omitted. Postfix version 2.3 merged the LMTP client 230 1.1.1.3 christos into the SMTP client, so there was no reason to keep adding features 231 1.1 tron to the LMTP client. </p> 232 1.1 tron 233 1.1 tron <li> <p> The SMTP server now requires that IPv6 addresses in SMTP 234 1.1 tron commands are specified as [ipv6:<i>ipv6address</i>], as 235 1.1.1.3 christos described in <a href="https://tools.ietf.org/html/rfc2821">RFC 2821</a>. </p> 236 1.1 tron 237 1.1 tron <li> <p> The IPv6 network address matching code was rewritten from 238 1.1 tron the ground up, and is expected to be closer to the specification. 239 1.1 tron The result may be incompatible with the Postfix/IPv6 patch. 240 1.1 tron </p> 241 1.1 tron 242 1.1 tron </ul> 243 1.1 tron 244 1.1 tron <h2><a name="porting">IPv6 Support for unsupported platforms</a></h2> 245 1.1 tron 246 1.1 tron <p> Getting Postfix IPv6 working on other platforms involves the 247 1.1 tron following steps: </p> 248 1.1 tron 249 1.1 tron <ul> 250 1.1 tron 251 1.1 tron <li> <p> Specify how Postfix should find the local network interfaces. 252 1.1 tron Postfix needs this information to avoid mailer loops and to find out 253 1.1 tron if mail for <i>user@[ipaddress]</i> is a local or remote destination. </p> 254 1.1 tron 255 1.1 tron <p> If your system has the getifaddrs() routine then add 256 1.1 tron the following to your platform-specific section in 257 1.1 tron src/util/sys_defs.h: </p> 258 1.1 tron 259 1.1 tron <blockquote> 260 1.1 tron <pre> 261 1.1 tron #ifndef NO_IPV6 262 1.1 tron # define HAS_IPV6 263 1.1 tron # define HAVE_GETIFADDRS 264 1.1 tron #endif 265 1.1 tron </pre> 266 1.1 tron </blockquote> 267 1.1 tron 268 1.1 tron <p> Otherwise, if your system has the SIOCGLIF ioctl() 269 1.1 tron command in /usr/include/*/*.h, add the following to your 270 1.1 tron platform-specific section in src/util/sys_defs.h: </p> 271 1.1 tron 272 1.1 tron <blockquote> 273 1.1 tron <pre> 274 1.1 tron #ifndef NO_IPV6 275 1.1 tron # define HAS_IPV6 276 1.1 tron # define HAS_SIOCGLIF 277 1.1 tron #endif 278 1.1 tron </pre> 279 1.1 tron </blockquote> 280 1.1 tron 281 1.1 tron <p> Otherwise, Postfix will have to use the old SIOCGIF commands 282 1.1 tron and get along with reduced IPv6 functionality (it won't be able to 283 1.1 tron figure out your IPv6 netmasks, which are needed for "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> 284 1.1 tron = subnet". Add this to your platform-specific section in 285 1.1 tron src/util/sys_defs.h: </p> 286 1.1 tron 287 1.1 tron <blockquote> 288 1.1 tron <pre> 289 1.1 tron #ifndef NO_IPV6 290 1.1 tron # define HAS_IPV6 291 1.1 tron #endif 292 1.1 tron </pre> 293 1.1 tron </blockquote> 294 1.1 tron 295 1.1 tron <li> <p> Test if Postfix can figure out its interface information. </p> 296 1.1 tron 297 1.1 tron <p> After compiling Postfix in the usual manner, step into the 298 1.1 tron src/util directory and type "<b>make inet_addr_local</b>". 299 1.1 tron Running this file by hand should produce all the interface addresses 300 1.1 tron and network masks, for example: </p> 301 1.1 tron 302 1.1 tron <blockquote> 303 1.1 tron <pre> 304 1.1 tron % make 305 1.1 tron % cd src/util 306 1.1 tron % make inet_addr_local 307 1.1 tron [... some messages ...] 308 1.1 tron % ./inet_addr_local 309 1.1 tron [... some messages ...] 310 1.1 tron ./inet_addr_local: inet_addr_local: configured 2 IPv4 addresses 311 1.1 tron ./inet_addr_local: inet_addr_local: configured 4 IPv6 addresses 312 1.1 tron 168.100.189.2/255.255.255.224 313 1.1 tron 127.0.0.1/255.0.0.0 314 1.1 tron fe80:1::2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff:: 315 1.1 tron 2001:240:587:0:2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff:: 316 1.1 tron fe80:5::1/ffff:ffff:ffff:ffff:: 317 1.1 tron ::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 318 1.1 tron </pre> 319 1.1 tron </blockquote> 320 1.1 tron 321 1.1 tron <p> The above is for an old FreeBSD machine. Other systems produce 322 1.1 tron slightly different results, but you get the idea. </p> 323 1.1 tron 324 1.1 tron </ul> 325 1.1 tron 326 1.1 tron <p> If none of all this produces a usable result, send email to the 327 1.1 tron postfix-users (a] postfix.org mailing list and we'll try to help you 328 1.1 tron through this. </p> 329 1.1 tron 330 1.1 tron <h2><a name="credits">Credits</a></h2> 331 1.1 tron 332 1.1 tron <p> The following information is in part based on information that 333 1.1 tron was compiled by Dean Strik. </p> 334 1.1 tron 335 1.1 tron <ul> 336 1.1 tron 337 1.1 tron <li> <p> Mark Huizer wrote the original Postfix IPv6 patch. </p> 338 1.1 tron 339 1.1 tron <li> <p> Jun-ichiro 'itojun' Hagino of the KAME project made 340 1.1 tron substantial improvements. Since then, we speak of the KAME patch. 341 1.1 tron </p> 342 1.1 tron 343 1.1 tron <li> <p> The PLD Linux Distribution ported the code to other stacks 344 1.1 tron (notably USAGI). We speak of the PLD patch. A very important 345 1.1 tron feature of the PLD patch was that it can work with Lutz Jaenicke's 346 1.1 tron TLS patch for Postfix. </p> 347 1.1 tron 348 1.1 tron <li> <p> Dean Strik extended IPv6 support to platforms other than 349 1.1 tron KAME and USAGI, updated the patch to keep up with Postfix development, 350 1.1 tron and provided a combined IPv6 + TLS patch. Information about his 351 1.1 tron effort can be found on Dean Strik's Postfix website at 352 1.1 tron <a href="http://www.ipnet6.org/postfix/">http://www.ipnet6.org/postfix/</a>. </p> 353 1.1 tron 354 1.1 tron <li> <p> Wietse Venema took Dean Strik's IPv6 patch, merged it into 355 1.1 tron Postfix 2.2, and took the opportunity to eliminate all IPv4-specific 356 1.1 tron code from Postfix that could be removed. For systems without IPv6 357 1.1 tron support in the kernel and system libraries, Postfix has a simple 358 1.1 tron compatibility layer, so that it will use IPv4 as before. </p> 359 1.1 tron 360 1.1 tron </ul> 361 1.1 tron 362 1.1 tron </body> 363 1.1 tron 364 1.1 tron </html> 365
Indexes created Sat Jun 27 00:24:51 UTC 2026