Hi Florian (and all who are interested),
currently I'm working on IPv6, and particular it's integration into ucspi-ssl and qmail.
Felix already did most of the coding ;-)
Let me try to explain parts of the problem:
Your IPvX settings:
a) In your setting, you use IPv6 enabled tcpserver to catch any TCP packet for port 25.
You bind tcpserver to ANY available IP address by means of the '0'
b) tcpserver will happily accept any IPv4 AND IPv6 packet on any (at start) available IP address.
c) The IPv4 address your host has is '0.0.0.0' (unspecified), '127.0.0.1' (loopback) and the
dedicated address, lets lay 1.2.3.4.
d) IPv6 address you host has is '::' (unspecified), '::1' (loopback), the link-local LLU
address (fe80:....), and the Global IPv4 address, typically 2001:......
e) In case you have turned on IPv6 privacy extension, additional LLU AND Global addresses
will come and go. I doubt, this is going to work with tcpserver anyway.
Your smtp.cdb:
f) Let's consider tcpserver receives an IPvX packet. It needs to look inside the cdb.
Here you may have defined some IP based rules, typically '127.0.0.1:allow'.
g) The kernel of your OS will translate any IPv4 DA in the packet to an IPv4-mapped IPv6 address.
The lookup will fail.
h) tcpserver's rule don't work neither with IPv4 CIDR addresses nor IPv6 addresses.
For the first problem I have provided a patch, on the second issue I'm working on (better:
one of my students).
Some solution:
i) Always bind tcpserver (and perhaps sslserver) to a dedicated IPv4/IPv6 address.
j) Use distinguished smtpd.cdbs for each case.
Of course:
k) rblsmtpd does currently not support IPv6 addresses.
Good luck and best regards.
--eh.
PS: You can check for some system commands to tune IPv6 in my talk about the Router Advertisement Protocol:
http://www.fehcom.de/ipnet/ipv6_en.html Am 22.05.2012 um 09:33 schrieb flori@bin.org.in:
> Hello,
>
> as I read it I expected that I do not need those switches. And heres the run file:
>
> start-stop-daemon --start --user qmaild \
> --pidfile /var/run/tcpserver_smtpd.pid --make-pidfile \
> --exec \
> /usr/bin/tcpserver -- -R -H -l $HOSTNAME \
> -u vpopmail -g vpopmail -x /etc/tcp.smtp.cdb 0 smtp \
> $rblsmtpd /usr/sbin/qmail-smtpd \
> /var/vpopmail/bin/vchkpw /bin/true 2>&1 \
> | /usr/bin/multilog t n14 s1000000 /var/log/smtp &
>
> Quoting Nicolai <nicolai-qmail@chocolatine.org>:
>
>> On Mon, May 21, 2012 at 10:46:07PM +0200, Florian Leeber wrote:
>>> Hello all,
>>>
>>> I am playing around with IPv6 a bit and found those instructions on the
>>> net: http://www.brandonturner.net/blog/2009/08/qmail-ipv6-tcpserver/ -
>>> however, after applying the patch exactly nothing changed.
--
Dr. Erwin Hoffmann | FEHCom |
http://www.fehcom.de | PGP Key-Id: 7E4034BE