IPV6_README.html revision 1.1.1.3.2.1
1 <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3 4 <html> 5 6 <head> 7 8 <title>Postfix IPv6 Support</title> 9 10 <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> 11 <link rel='stylesheet' type='text/css' href='postfix-doc.css'> 12 13 </head> 14 15 <body> 16 17 <h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix 18 IPv6 Support</h1> 19 20 <hr> 21 22 <h2>Introduction</h2> 23 24 <p> Postfix 2.2 introduces support for the IPv6 (IP version 6) 25 protocol. IPv6 support for older Postfix versions was available as 26 an add-on patch. The section "<a href="#compat">Compatibility with 27 Postfix <2.2 IPv6 support</a>" below discusses the differences 28 between these implementations. </p> 29 30 <p> The main feature of interest is that IPv6 uses 128-bit IP 31 addresses instead of the 32-bit addresses used by IPv4. It can 32 therefore accommodate a much larger number of hosts and networks 33 without ugly kluges such as NAT. A side benefit of the much larger 34 address space is that it makes random network scanning impractical. 35 </p> 36 37 <p> Postfix uses the same SMTP protocol over IPv6 as it already 38 uses over the older IPv4 network, and does AAAA record lookups in 39 the DNS in addition to the older A records. Information about IPv6 40 can be found at <a href="http://www.ipv6.org/">http://www.ipv6.org/</a>. </p> 41 42 <p> This document provides information on the following topics: 43 </p> 44 45 <ul> 46 47 <li><a href="#platforms">Supported platforms</a> 48 49 <li><a href="#configuration">Configuration</a> 50 51 <li><a href="#limitations">Known limitations</a> 52 53 <li><a href="#compat">Compatibility with Postfix <2.2 IPv6 support</a> 54 55 <li><a href="#porting">IPv6 Support for unsupported platforms</a> 56 57 <li><a href="#credits">Credits</a> 58 59 </ul> 60 61 <h2><a name="platforms">Supported Platforms</a></h2> 62 63 <p> Postfix version 2.2 supports IPv4 and IPv6 on the following 64 platforms: </p> 65 66 <ul> 67 68 <li> AIX 5.1+ 69 <li> Darwin 7.3+ 70 <li> FreeBSD 4+ 71 <li> Linux 2.4+ 72 <li> NetBSD 1.5+ 73 <li> OpenBSD 2+ 74 <li> Solaris 8+ 75 <li> Tru64Unix V5.1+ 76 77 </ul> 78 79 <p> On other platforms Postfix will simply use IPv4 as it has always 80 done. </p> 81 82 <p> See "<a href="#porting">IPv6 Support for unsupported platforms</a>" 83 for tips to port Postfix IPv6 support to other environments. </p> 84 85 <h2><a name="configuration">Configuration</a></h2> 86 87 <p> Postfix IPv6 support introduces two new <a href="postconf.5.html">main.cf</a> configuration 88 parameters, and introduces an important change in address syntax 89 notation in match lists such as <a href="postconf.5.html#mynetworks">mynetworks</a> or 90 <a href="postconf.5.html#debug_peer_list">debug_peer_list</a>. </p> 91 92 <p> Postfix IPv6 address syntax is a little tricky, because there 93 are a few places where you must enclose an IPv6 address inside 94 "<tt>[]</tt>" characters, and a few places where you must not. It is 95 a good idea to use "<tt>[]</tt>" only in the few places where you 96 have to. Check out the <a href="postconf.5.html">postconf(5)</a> manual whenever you do IPv6 97 related configuration work with Postfix. </p> 98 99 <ul> 100 101 <li> <p> Instead of hard-coding 127.0.0.1 and ::1 loopback addresses 102 in <a href="master.5.html">master.cf</a>, specify "<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only" in <a href="postconf.5.html">main.cf</a>. 103 This way you can use the same <a href="master.5.html">master.cf</a> file regardless of whether 104 or not Postfix will run on an IPv6-enabled system. </p> 105 106 <li> <p> The first new parameter is called <a href="postconf.5.html#inet_protocols">inet_protocols</a>. This 107 specifies what protocols Postfix will use when it makes or accepts 108 network connections, and also controls what DNS lookups Postfix 109 will use when it makes network connections. </p> 110 111 <blockquote> 112 <pre> 113 /etc/postfix/<a href="postconf.5.html">main.cf</a>: 114 # You must stop/start Postfix after changing this parameter. 115 <a href="postconf.5.html#inet_protocols">inet_protocols</a> = all (enable IPv4, and IPv6 if supported) 116 <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4 (enable IPv4 only) 117 <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6 (enable both IPv4 and IPv6) 118 <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6 (enable IPv6 only) 119 </pre> 120 </blockquote> 121 122 <p> The default is compile-time dependent: "all" when Postfix is built 123 on a software distribution with IPv6 support, "ipv4" otherwise. </p> 124 125 <p> Note 1: you must stop and start Postfix after changing the 126 <a href="postconf.5.html#inet_protocols">inet_protocols</a> configuration parameter. </p> 127 128 <p> Note 2: on older Linux and Solaris systems, the setting 129 "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6" will not prevent Postfix from 130 accepting IPv4 connections. </p> 131 132 <p> For an unsupported test option to build Postfix without IPv6 133 support, see the NO_IPV6 option in the <a href="INSTALL.html">INSTALL</a> document. </p> 134 135 <li> <p> The other new parameter is <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a>. 136 This sets the local interface address for outgoing IPv6 SMTP 137 connections, just like the <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> parameter 138 does for IPv4: </p> 139 140 <blockquote> 141 <pre> 142 /etc/postfix/<a href="postconf.5.html">main.cf</a>: 143 <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> = 2001:240:587:0:250:56ff:fe89:1 144 </pre> 145 </blockquote> 146 147 <li> <p> If you left the value of the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter at its 148 default (i.e. no <a href="postconf.5.html#mynetworks">mynetworks</a> setting in <a href="postconf.5.html">main.cf</a>) Postfix will figure 149 out by itself what its network addresses are. This is what a typical 150 setting looks like: </p> 151 152 <blockquote> 153 <pre> 154 % postconf <a href="postconf.5.html#mynetworks">mynetworks</a> 155 <a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [fe80::]/10 [2001:240:587::]/64 156 </pre> 157 </blockquote> 158 159 <p> If you did specify the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter value in 160 <a href="postconf.5.html">main.cf</a>, you need to update the <a href="postconf.5.html#mynetworks">mynetworks</a> value to include 161 the IPv6 networks the system is in. Be sure to specify IPv6 address 162 information inside "<tt>[]</tt>", like this: </p> 163 164 <blockquote> 165 <pre> 166 /etc/postfix/<a href="postconf.5.html">main.cf</a>: 167 <a href="postconf.5.html#mynetworks">mynetworks</a> = ...<i>IPv4 networks</i>... [::1]/128 [2001:240:587::]/64 ... 168 </pre> 169 </blockquote> 170 171 </ul> 172 173 <p> <b> NOTE: when configuring Postfix match lists such as 174 <a href="postconf.5.html#mynetworks">mynetworks</a> or <a href="postconf.5.html#debug_peer_list">debug_peer_list</a>, you must specify 175 IPv6 address information inside "<tt>[]</tt>" in the <a href="postconf.5.html">main.cf</a> parameter 176 value and in files specified with a "<i>/file/name</i>" pattern. 177 IPv6 addresses contain the ":" character, and would otherwise be 178 confused with a "<i><a href="DATABASE_README.html">type:table</a></i>" pattern. </b> </p> 179 180 <h2><a name="limitations">Known Limitations</a></h2> 181 182 <ul> 183 184 <li> <p> Postfix SMTP clients before version 2.8 try to connect 185 over IPv6 before trying IPv4. With more recent Postfix versions, 186 the order of IPv6 versus IPv4 outgoing connection attempts is 187 configurable with the <a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> parameter. </p> 188 189 <li> <p> Postfix versions before 2.6 do not support DNSBL (DNS 190 blocklist) lookups for IPv6 client IP addresses. </p> 191 192 <li> <p> IPv6 does not have class A, B, C, etc. networks. With IPv6 193 networks, the setting "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = class" has the 194 same effect as the setting "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet". 195 </p> 196 197 <li> <p> On Tru64Unix and AIX, Postfix can't figure out the local 198 subnet mask 199 and always assumes a /128 network. This is a problem only with 200 "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet" and no explicit <a href="postconf.5.html#mynetworks">mynetworks</a> 201 setting in <a href="postconf.5.html">main.cf</a>. </p> 202 203 </ul> 204 205 <h2> <a name="compat">Compatibility with Postfix <2.2 IPv6 support</a> 206 </h2> 207 208 <p> Postfix version 2.2 IPv6 support is based on the Postfix/IPv6 patch 209 by Dean Strik and others, but differs in a few minor ways. </p> 210 211 <ul> 212 213 <li> <p> <a href="postconf.5.html">main.cf</a>: The <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> parameter does not support 214 the notation "ipv6:all" or "ipv4:all". Use the 215 <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter instead. </p> 216 217 <li> <p> <a href="postconf.5.html">main.cf</a>: Specify "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = all" or 218 "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6" in order to enable both IPv4 219 and IPv6 support. </p> 220 221 <li> <p> <a href="postconf.5.html">main.cf</a>: The <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter also controls 222 what DNS lookups Postfix will attempt to make when delivering or 223 receiving mail. </p> 224 225 <li> <p> <a href="postconf.5.html">main.cf</a>: Specify "<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only" 226 to listen on loopback network interfaces only. </p> 227 228 <li> <p> The <a href="postconf.5.html#lmtp_bind_address">lmtp_bind_address</a> and <a href="postconf.5.html#lmtp_bind_address6">lmtp_bind_address6</a> 229 features were omitted. Postfix version 2.3 merged the LMTP client 230 into the SMTP client, so there was no reason to keep adding features 231 to the LMTP client. </p> 232 233 <li> <p> The SMTP server now requires that IPv6 addresses in SMTP 234 commands are specified as [ipv6:<i>ipv6address</i>], as 235 described in <a href="https://tools.ietf.org/html/rfc2821">RFC 2821</a>. </p> 236 237 <li> <p> The IPv6 network address matching code was rewritten from 238 the ground up, and is expected to be closer to the specification. 239 The result may be incompatible with the Postfix/IPv6 patch. 240 </p> 241 242 </ul> 243 244 <h2><a name="porting">IPv6 Support for unsupported platforms</a></h2> 245 246 <p> Getting Postfix IPv6 working on other platforms involves the 247 following steps: </p> 248 249 <ul> 250 251 <li> <p> Specify how Postfix should find the local network interfaces. 252 Postfix needs this information to avoid mailer loops and to find out 253 if mail for <i>user@[ipaddress]</i> is a local or remote destination. </p> 254 255 <p> If your system has the getifaddrs() routine then add 256 the following to your platform-specific section in 257 src/util/sys_defs.h: </p> 258 259 <blockquote> 260 <pre> 261 #ifndef NO_IPV6 262 # define HAS_IPV6 263 # define HAVE_GETIFADDRS 264 #endif 265 </pre> 266 </blockquote> 267 268 <p> Otherwise, if your system has the SIOCGLIF ioctl() 269 command in /usr/include/*/*.h, add the following to your 270 platform-specific section in src/util/sys_defs.h: </p> 271 272 <blockquote> 273 <pre> 274 #ifndef NO_IPV6 275 # define HAS_IPV6 276 # define HAS_SIOCGLIF 277 #endif 278 </pre> 279 </blockquote> 280 281 <p> Otherwise, Postfix will have to use the old SIOCGIF commands 282 and get along with reduced IPv6 functionality (it won't be able to 283 figure out your IPv6 netmasks, which are needed for "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> 284 = subnet". Add this to your platform-specific section in 285 src/util/sys_defs.h: </p> 286 287 <blockquote> 288 <pre> 289 #ifndef NO_IPV6 290 # define HAS_IPV6 291 #endif 292 </pre> 293 </blockquote> 294 295 <li> <p> Test if Postfix can figure out its interface information. </p> 296 297 <p> After compiling Postfix in the usual manner, step into the 298 src/util directory and type "<b>make inet_addr_local</b>". 299 Running this file by hand should produce all the interface addresses 300 and network masks, for example: </p> 301 302 <blockquote> 303 <pre> 304 % make 305 % cd src/util 306 % make inet_addr_local 307 [... some messages ...] 308 % ./inet_addr_local 309 [... some messages ...] 310 ./inet_addr_local: inet_addr_local: configured 2 IPv4 addresses 311 ./inet_addr_local: inet_addr_local: configured 4 IPv6 addresses 312 168.100.189.2/255.255.255.224 313 127.0.0.1/255.0.0.0 314 fe80:1::2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff:: 315 2001:240:587:0:2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff:: 316 fe80:5::1/ffff:ffff:ffff:ffff:: 317 ::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 318 </pre> 319 </blockquote> 320 321 <p> The above is for an old FreeBSD machine. Other systems produce 322 slightly different results, but you get the idea. </p> 323 324 </ul> 325 326 <p> If none of all this produces a usable result, send email to the 327 postfix-users (a] postfix.org mailing list and we'll try to help you 328 through this. </p> 329 330 <h2><a name="credits">Credits</a></h2> 331 332 <p> The following information is in part based on information that 333 was compiled by Dean Strik. </p> 334 335 <ul> 336 337 <li> <p> Mark Huizer wrote the original Postfix IPv6 patch. </p> 338 339 <li> <p> Jun-ichiro 'itojun' Hagino of the KAME project made 340 substantial improvements. Since then, we speak of the KAME patch. 341 </p> 342 343 <li> <p> The PLD Linux Distribution ported the code to other stacks 344 (notably USAGI). We speak of the PLD patch. A very important 345 feature of the PLD patch was that it can work with Lutz Jaenicke's 346 TLS patch for Postfix. </p> 347 348 <li> <p> Dean Strik extended IPv6 support to platforms other than 349 KAME and USAGI, updated the patch to keep up with Postfix development, 350 and provided a combined IPv6 + TLS patch. Information about his 351 effort can be found on Dean Strik's Postfix website at 352 <a href="http://www.ipnet6.org/postfix/">http://www.ipnet6.org/postfix/</a>. </p> 353 354 <li> <p> Wietse Venema took Dean Strik's IPv6 patch, merged it into 355 Postfix 2.2, and took the opportunity to eliminate all IPv4-specific 356 code from Postfix that could be removed. For systems without IPv6 357 support in the kernel and system libraries, Postfix has a simple 358 compatibility layer, so that it will use IPv4 as before. </p> 359 360 </ul> 361 362 </body> 363 364 </html> 365
Indexes created Sun Jun 07 00:24:08 UTC 2026