IPV6_README.html revision 1.1.1.1
1 <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3 4 <html> 5 6 <head> 7 8 <title>Postfix IPv6 Support</title> 9 10 <meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> 11 12 </head> 13 14 <body> 15 16 <h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix 17 IPv6 Support</h1> 18 19 <hr> 20 21 <h2>Introduction</h2> 22 23 <p> Postfix 2.2 introduces support for the IPv6 (IP version 6) 24 protocol. IPv6 support for older Postfix versions was available as 25 an add-on patch. The section "<a href="#compat">Compatibility with 26 Postfix <2.2 IPv6 support</a>" below discusses the differences 27 between these implementations. </p> 28 29 <p> The main feature of interest is that IPv6 uses 128-bit IP 30 addresses instead of the 32-bit addresses used by IPv4. It can 31 therefore accommodate a much larger number of hosts and networks 32 without ugly kluges such as NAT. A side benefit of the much larger 33 address space is that it makes random network scanning impractical. 34 </p> 35 36 <p> Postfix uses the same SMTP protocol over IPv6 as it already 37 uses over the older IPv4 network, and does AAAA record lookups in 38 the DNS in addition to the older A records. Information about IPv6 39 can be found at <a href="http://www.ipv6.org/">http://www.ipv6.org/</a>. </p> 40 41 <p> This document provides information on the following topics: 42 </p> 43 44 <ul> 45 46 <li><a href="#platforms">Supported platforms</a> 47 48 <li><a href="#configuration">Configuration</a> 49 50 <li><a href="#limitations">Known limitations</a> 51 52 <li><a href="#compat">Compatibility with Postfix <2.2 IPv6 support</a> 53 54 <li><a href="#porting">IPv6 Support for unsupported platforms</a> 55 56 <li><a href="#credits">Credits</a> 57 58 </ul> 59 60 <h2><a name="platforms">Supported Platforms</a></h2> 61 62 <p> Postfix version 2.2 supports IPv4 and IPv6 on the following 63 platforms: </p> 64 65 <ul> 66 67 <li> AIX 5.1+ 68 <li> Darwin 7.3+ 69 <li> FreeBSD 4+ 70 <li> Linux 2.4+ 71 <li> NetBSD 1.5+ 72 <li> OpenBSD 2+ 73 <li> Solaris 8+ 74 <li> Tru64Unix V5.1+ 75 76 </ul> 77 78 <p> On other platforms Postfix will simply use IPv4 as it has always 79 done. </p> 80 81 <p> See <a href="#porting">below</a> for tips how to port Postfix 82 IPv6 support to other environments. </p> 83 84 <h2><a name="configuration">Configuration</a></h2> 85 86 <p> Postfix IPv6 support introduces two new <a href="postconf.5.html">main.cf</a> configuration 87 parameters, and introduces an important change in address syntax 88 notation in match lists such as <a href="postconf.5.html#mynetworks">mynetworks</a> or 89 <a href="postconf.5.html#debug_peer_list">debug_peer_list</a>. </p> 90 91 <p> Postfix IPv6 address syntax is a little tricky, because there 92 are a few places where you must enclose an IPv6 address inside 93 "<tt>[]</tt>" characters, and a few places where you must not. It is 94 a good idea to use "<tt>[]</tt>" only in the few places where you 95 have to. Check out the <a href="postconf.5.html">postconf(5)</a> manual whenever you do IPv6 96 related configuration work with Postfix. </p> 97 98 <ul> 99 100 <li> <p> Instead of hard-coding 127.0.0.1 and ::1 loopback addresses 101 in <a href="master.5.html">master.cf</a>, specify "<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only" in <a href="postconf.5.html">main.cf</a>. 102 This way you can use the same <a href="master.5.html">master.cf</a> file regardless of whether 103 or not Postfix will run on an IPv6-enabled system. </p> 104 105 <li> <p> The first new parameter is called <a href="postconf.5.html#inet_protocols">inet_protocols</a>. This 106 specifies what protocols Postfix will use when it makes or accepts 107 network connections, and also controls what DNS lookups Postfix 108 will use when it makes network connections. </p> 109 110 <blockquote> 111 <pre> 112 /etc/postfix/<a href="postconf.5.html">main.cf</a>: 113 # You must stop/start Postfix after changing this parameter. 114 <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4 (DEFAULT: enable IPv4 only) 115 <a href="postconf.5.html#inet_protocols">inet_protocols</a> = all (enable IPv4, and IPv6 if supported) 116 <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6 (enable both IPv4 and IPv6) 117 <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6 (enable IPv6 only) 118 </pre> 119 </blockquote> 120 121 <p> By default, Postfix uses IPv4 only, because most systems aren't 122 attached to an IPv6 network. </p> 123 124 <ul> 125 126 <li> <p> On systems with combined IPv4/IPv6 stacks, attempts to 127 deliver mail via IPv6 would always fail with "network unreachable", 128 and those attempts would only slow down Postfix. </p> 129 130 <li> <p> Linux kernels don't even load IPv6 protocol support by 131 default. Any attempt to use it would fail immediately. </p> 132 133 </ul> 134 135 <p> Note 1: you must stop and start Postfix after changing the 136 <a href="postconf.5.html#inet_protocols">inet_protocols</a> configuration parameter. </p> 137 138 <p> Note 2: if you see error messages like the following, then 139 you're running Linux and need to turn on IPv6 in the kernel: see 140 <a href="http://www.ipv6.org/">http://www.ipv6.org/</a> for hints and tips. Unlike other systems, 141 Linux does not have a combined stack for IPv4 and IPv6, and IPv6 142 protocol support is not loaded by default. </p> 143 144 <blockquote> 145 <pre> 146 postconf: warning: <a href="postconf.5.html#inet_protocols">inet_protocols</a>: IPv6 support is disabled: Address family not supported by protocol 147 postconf: warning: <a href="postconf.5.html#inet_protocols">inet_protocols</a>: configuring for IPv4 support only 148 </pre> 149 </blockquote> 150 151 <p> Note 3: on older Linux and Solaris systems, the setting 152 "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6" will not prevent Postfix from 153 accepting IPv4 connections. Postfix will present the client IP 154 addresses in IPv6 format, though. In all other cases, Postfix always 155 presents IPv4 client IP addresses in the traditional dotted quad 156 IPv4 format. </p> 157 158 <li> <p> The other new parameter is <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a>. 159 This sets the local interface address for outgoing IPv6 SMTP 160 connections, just like the <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> parameter 161 does for IPv4: </p> 162 163 <blockquote> 164 <pre> 165 /etc/postfix/<a href="postconf.5.html">main.cf</a>: 166 <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> = 2001:240:587:0:250:56ff:fe89:1 167 </pre> 168 </blockquote> 169 170 <li> <p> If you left the value of the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter at its 171 default (i.e. no <a href="postconf.5.html#mynetworks">mynetworks</a> setting in <a href="postconf.5.html">main.cf</a>) Postfix will figure 172 out by itself what its network addresses are. This is what a typical 173 setting looks like: </p> 174 175 <blockquote> 176 <pre> 177 % postconf <a href="postconf.5.html#mynetworks">mynetworks</a> 178 <a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [fe80::]/10 [2001:240:587::]/64 179 </pre> 180 </blockquote> 181 182 <p> If you did specify the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter value in 183 <a href="postconf.5.html">main.cf</a>, you need update the <a href="postconf.5.html#mynetworks">mynetworks</a> value to include 184 the IPv6 networks the system is in. Be sure to specify IPv6 address 185 information inside "<tt>[]</tt>", like this: </p> 186 187 <blockquote> 188 <pre> 189 /etc/postfix/<a href="postconf.5.html">main.cf</a>: 190 <a href="postconf.5.html#mynetworks">mynetworks</a> = ...<i>IPv4 networks</i>... [::1]/128 [2001:240:587::]/64 ... 191 </pre> 192 </blockquote> 193 194 </ul> 195 196 <p> <b> NOTE: when configuring Postfix match lists such as 197 <a href="postconf.5.html#mynetworks">mynetworks</a> or <a href="postconf.5.html#debug_peer_list">debug_peer_list</a>, you must specify 198 IPv6 address information inside "<tt>[]</tt>" in the <a href="postconf.5.html">main.cf</a> parameter 199 value and in files specified with a "<i>/file/name</i>" pattern. 200 IPv6 addresses contain the ":" character, and would otherwise be 201 confused with a "<i><a href="DATABASE_README.html">type:table</a></i>" pattern. </b> </p> 202 203 <h2><a name="limitations">Known Limitations</a></h2> 204 205 <ul> 206 207 <li> <p> The order of IPv6/IPv4 outgoing connection attempts is 208 not yet configurable. Currently, IPv6 is tried before IPv4. </p> 209 210 <li> <p> Postfix currently does not support DNSBL (real-time 211 blackhole list) lookups for IPv6 client IP addresses; currently 212 there are no blacklists that cover the IPv6 address space. </p> 213 214 <li> <p> IPv6 does not have class A, B, C, etc. networks. With IPv6 215 networks, the setting "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = class" has the 216 same effect as the setting "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet". 217 </p> 218 219 <li> <p> On Tru64Unix and AIX, Postfix can't figure out the local 220 subnet mask 221 and always assumes a /128 network. This is a problem only with 222 "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet" and no explicit <a href="postconf.5.html#mynetworks">mynetworks</a> 223 setting in <a href="postconf.5.html">main.cf</a>. </p> 224 225 </ul> 226 227 <h2> <a name="compat">Compatibility with Postfix <2.2 IPv6 support</a> 228 </h2> 229 230 <p> Postfix version 2.2 IPv6 support is based on the Postfix/IPv6 patch 231 by Dean Strik and others, but differs in a few minor ways. </p> 232 233 <ul> 234 235 <li> <p> <a href="postconf.5.html">main.cf</a>: The <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> parameter does not support 236 the notation "ipv6:all" or "ipv4:all". Use the 237 <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter instead. </p> 238 239 <li> <p> <a href="postconf.5.html">main.cf</a>: Specify "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = all" or 240 "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6" in order to enable both IPv4 241 and IPv6 support. </p> 242 243 <li> <p> <a href="postconf.5.html">main.cf</a>: The <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter also controls 244 what DNS lookups Postfix will attempt to make when delivering or 245 receiving mail. </p> 246 247 <li> <p> <a href="postconf.5.html">main.cf</a>: Specify "<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only" 248 to listen on loopback network interfaces only. </p> 249 250 <li> <p> The <a href="postconf.5.html#lmtp_bind_address">lmtp_bind_address</a> and <a href="postconf.5.html#lmtp_bind_address6">lmtp_bind_address6</a> 251 features were omitted. The Postfix LMTP client will be absorbed 252 into the SMTP client, so there is no reason to keep adding features 253 to the LMTP client. </p> 254 255 <li> <p> The SMTP server now requires that IPv6 addresses in SMTP 256 commands are specified as [ipv6:<i>ipv6address</i>], as 257 described in <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. </p> 258 259 <li> <p> The IPv6 network address matching code was rewritten from 260 the ground up, and is expected to be closer to the specification. 261 The result may be incompatible with the Postfix/IPv6 patch. 262 </p> 263 264 </ul> 265 266 <h2><a name="porting">IPv6 Support for unsupported platforms</a></h2> 267 268 <p> Getting Postfix IPv6 working on other platforms involves the 269 following steps: </p> 270 271 <ul> 272 273 <li> <p> Specify how Postfix should find the local network interfaces. 274 Postfix needs this information to avoid mailer loops and to find out 275 if mail for <i>user@[ipaddress]</i> is a local or remote destination. </p> 276 277 <p> If your system has the getifaddrs() routine then add 278 the following to your platform-specific section in 279 src/util/sys_defs.h: </p> 280 281 <blockquote> 282 <pre> 283 #ifndef NO_IPV6 284 # define HAS_IPV6 285 # define HAVE_GETIFADDRS 286 #endif 287 </pre> 288 </blockquote> 289 290 <p> Otherwise, if your system has the SIOCGLIF ioctl() 291 command in /usr/include/*/*.h, add the following to your 292 platform-specific section in src/util/sys_defs.h: </p> 293 294 <blockquote> 295 <pre> 296 #ifndef NO_IPV6 297 # define HAS_IPV6 298 # define HAS_SIOCGLIF 299 #endif 300 </pre> 301 </blockquote> 302 303 <p> Otherwise, Postfix will have to use the old SIOCGIF commands 304 and get along with reduced IPv6 functionality (it won't be able to 305 figure out your IPv6 netmasks, which are needed for "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> 306 = subnet". Add this to your platform-specific section in 307 src/util/sys_defs.h: </p> 308 309 <blockquote> 310 <pre> 311 #ifndef NO_IPV6 312 # define HAS_IPV6 313 #endif 314 </pre> 315 </blockquote> 316 317 <li> <p> Test if Postfix can figure out its interface information. </p> 318 319 <p> After compiling Postfix in the usual manner, step into the 320 src/util directory and type "<b>make inet_addr_local</b>". 321 Running this file by hand should produce all the interface addresses 322 and network masks, for example: </p> 323 324 <blockquote> 325 <pre> 326 % make 327 % cd src/util 328 % make inet_addr_local 329 [... some messages ...] 330 % ./inet_addr_local 331 [... some messages ...] 332 ./inet_addr_local: inet_addr_local: configured 2 IPv4 addresses 333 ./inet_addr_local: inet_addr_local: configured 4 IPv6 addresses 334 168.100.189.2/255.255.255.224 335 127.0.0.1/255.0.0.0 336 fe80:1::2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff:: 337 2001:240:587:0:2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff:: 338 fe80:5::1/ffff:ffff:ffff:ffff:: 339 ::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 340 </pre> 341 </blockquote> 342 343 <p> The above is for an old FreeBSD machine. Other systems produce 344 slightly different results, but you get the idea. </p> 345 346 </ul> 347 348 <p> If none of all this produces a usable result, send email to the 349 postfix-users (a] postfix.org mailing list and we'll try to help you 350 through this. </p> 351 352 <h2><a name="credits">Credits</a></h2> 353 354 <p> The following information is in part based on information that 355 was compiled by Dean Strik. </p> 356 357 <ul> 358 359 <li> <p> Mark Huizer wrote the original Postfix IPv6 patch. </p> 360 361 <li> <p> Jun-ichiro 'itojun' Hagino of the KAME project made 362 substantial improvements. Since then, we speak of the KAME patch. 363 </p> 364 365 <li> <p> The PLD Linux Distribution ported the code to other stacks 366 (notably USAGI). We speak of the PLD patch. A very important 367 feature of the PLD patch was that it can work with Lutz Jaenicke's 368 TLS patch for Postfix. </p> 369 370 <li> <p> Dean Strik extended IPv6 support to platforms other than 371 KAME and USAGI, updated the patch to keep up with Postfix development, 372 and provided a combined IPv6 + TLS patch. Information about his 373 effort can be found on Dean Strik's Postfix website at 374 <a href="http://www.ipnet6.org/postfix/">http://www.ipnet6.org/postfix/</a>. </p> 375 376 <li> <p> Wietse Venema took Dean Strik's IPv6 patch, merged it into 377 Postfix 2.2, and took the opportunity to eliminate all IPv4-specific 378 code from Postfix that could be removed. For systems without IPv6 379 support in the kernel and system libraries, Postfix has a simple 380 compatibility layer, so that it will use IPv4 as before. </p> 381 382 </ul> 383 384 </body> 385 386 </html> 387
Indexes created Sun Jun 07 00:24:08 UTC 2026