1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3 4<html> 5 6<head> 7 8<title>Postfix IPv6 Support</title> 9 10<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> 11 12</head> 13 14<body> 15 16<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix 17IPv6 Support</h1> 18 19<hr> 20 21<h2>Introduction</h2> 22 23<p> Postfix 2.2 introduces support for the IPv6 (IP version 6) 24protocol. IPv6 support for older Postfix versions was available as 25an add-on patch. The section "<a href="#compat">Compatibility with 26Postfix <2.2 IPv6 support</a>" below discusses the differences 27between these implementations. </p> 28 29<p> The main feature of interest is that IPv6 uses 128-bit IP 30addresses instead of the 32-bit addresses used by IPv4. It can 31therefore accommodate a much larger number of hosts and networks 32without ugly kluges such as NAT. A side benefit of the much larger 33address space is that it makes random network scanning impractical. 34</p> 35 36<p> Postfix uses the same SMTP protocol over IPv6 as it already 37uses over the older IPv4 network, and does AAAA record lookups in 38the DNS in addition to the older A records. Information about IPv6 39can be found at <a href="http://www.ipv6.org/">http://www.ipv6.org/</a>. </p> 40 41<p> This document provides information on the following topics: 42</p> 43 44<ul> 45 46<li><a href="#platforms">Supported platforms</a> 47 48<li><a href="#configuration">Configuration</a> 49 50<li><a href="#limitations">Known limitations</a> 51 52<li><a href="#compat">Compatibility with Postfix <2.2 IPv6 support</a> 53 54<li><a href="#porting">IPv6 Support for unsupported platforms</a> 55 56<li><a href="#credits">Credits</a> 57 58</ul> 59 60<h2><a name="platforms">Supported Platforms</a></h2> 61 62<p> Postfix version 2.2 supports IPv4 and IPv6 on the following 63platforms: </p> 64 65<ul> 66 67<li> AIX 5.1+ 68<li> Darwin 7.3+ 69<li> FreeBSD 4+ 70<li> Linux 2.4+ 71<li> NetBSD 1.5+ 72<li> OpenBSD 2+ 73<li> Solaris 8+ 74<li> Tru64Unix V5.1+ 75 76</ul> 77 78<p> On other platforms Postfix will simply use IPv4 as it has always 79done. </p> 80 81<p> See <a href="#porting">below</a> for tips how to port Postfix 82IPv6 support to other environments. </p> 83 84<h2><a name="configuration">Configuration</a></h2> 85 86<p> Postfix IPv6 support introduces two new <a href="postconf.5.html">main.cf</a> configuration 87parameters, and introduces an important change in address syntax 88notation in match lists such as <a href="postconf.5.html#mynetworks">mynetworks</a> or 89<a href="postconf.5.html#debug_peer_list">debug_peer_list</a>. </p> 90 91<p> Postfix IPv6 address syntax is a little tricky, because there 92are a few places where you must enclose an IPv6 address inside 93"<tt>[]</tt>" characters, and a few places where you must not. It is 94a good idea to use "<tt>[]</tt>" only in the few places where you 95have to. Check out the <a href="postconf.5.html">postconf(5)</a> manual whenever you do IPv6 96related configuration work with Postfix. </p> 97 98<ul> 99 100<li> <p> Instead of hard-coding 127.0.0.1 and ::1 loopback addresses 101in <a href="master.5.html">master.cf</a>, specify "<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only" in <a href="postconf.5.html">main.cf</a>. 102This way you can use the same <a href="master.5.html">master.cf</a> file regardless of whether 103or not Postfix will run on an IPv6-enabled system. </p> 104 105<li> <p> The first new parameter is called <a href="postconf.5.html#inet_protocols">inet_protocols</a>. This 106specifies what protocols Postfix will use when it makes or accepts 107network connections, and also controls what DNS lookups Postfix 108will use when it makes network connections. </p> 109 110<blockquote> 111<pre> 112/etc/postfix/<a href="postconf.5.html">main.cf</a>: 113 # You must stop/start Postfix after changing this parameter. 114 <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4 (DEFAULT: enable IPv4 only) 115 <a href="postconf.5.html#inet_protocols">inet_protocols</a> = all (enable IPv4, and IPv6 if supported) 116 <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6 (enable both IPv4 and IPv6) 117 <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6 (enable IPv6 only) 118</pre> 119</blockquote> 120 121<p> By default, Postfix uses IPv4 only, because most systems aren't 122attached to an IPv6 network. </p> 123 124<ul> 125 126<li> <p> On systems with combined IPv4/IPv6 stacks, attempts to 127deliver mail via IPv6 would always fail with "network unreachable", 128and those attempts would only slow down Postfix. </p> 129 130<li> <p> Linux kernels don't even load IPv6 protocol support by 131default. Any attempt to use it would fail immediately. </p> 132 133</ul> 134 135<p> Note 1: you must stop and start Postfix after changing the 136<a href="postconf.5.html#inet_protocols">inet_protocols</a> configuration parameter. </p> 137 138<p> Note 2: if you see error messages like the following, then 139you're running Linux and need to turn on IPv6 in the kernel: see 140<a href="http://www.ipv6.org/">http://www.ipv6.org/</a> for hints and tips. Unlike other systems, 141Linux does not have a combined stack for IPv4 and IPv6, and IPv6 142protocol support is not loaded by default. </p> 143 144<blockquote> 145<pre> 146postconf: warning: <a href="postconf.5.html#inet_protocols">inet_protocols</a>: IPv6 support is disabled: Address family not supported by protocol 147postconf: warning: <a href="postconf.5.html#inet_protocols">inet_protocols</a>: configuring for IPv4 support only 148</pre> 149</blockquote> 150 151<p> Note 3: on older Linux and Solaris systems, the setting 152"<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6" will not prevent Postfix from 153accepting IPv4 connections. Postfix will present the client IP 154addresses in IPv6 format, though. In all other cases, Postfix always 155presents IPv4 client IP addresses in the traditional dotted quad 156IPv4 format. </p> 157 158<li> <p> The other new parameter is <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a>. 159This sets the local interface address for outgoing IPv6 SMTP 160connections, just like the <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> parameter 161does for IPv4: </p> 162 163<blockquote> 164<pre> 165/etc/postfix/<a href="postconf.5.html">main.cf</a>: 166 <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> = 2001:240:587:0:250:56ff:fe89:1 167</pre> 168</blockquote> 169 170<li> <p> If you left the value of the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter at its 171default (i.e. no <a href="postconf.5.html#mynetworks">mynetworks</a> setting in <a href="postconf.5.html">main.cf</a>) Postfix will figure 172out by itself what its network addresses are. This is what a typical 173setting looks like: </p> 174 175<blockquote> 176<pre> 177% postconf <a href="postconf.5.html#mynetworks">mynetworks</a> 178<a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [fe80::]/10 [2001:240:587::]/64 179</pre> 180</blockquote> 181 182<p> If you did specify the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter value in 183<a href="postconf.5.html">main.cf</a>, you need update the <a href="postconf.5.html#mynetworks">mynetworks</a> value to include 184the IPv6 networks the system is in. Be sure to specify IPv6 address 185information inside "<tt>[]</tt>", like this: </p> 186 187<blockquote> 188<pre> 189/etc/postfix/<a href="postconf.5.html">main.cf</a>: 190 <a href="postconf.5.html#mynetworks">mynetworks</a> = ...<i>IPv4 networks</i>... [::1]/128 [2001:240:587::]/64 ... 191</pre> 192</blockquote> 193 194</ul> 195 196<p> <b> NOTE: when configuring Postfix match lists such as 197<a href="postconf.5.html#mynetworks">mynetworks</a> or <a href="postconf.5.html#debug_peer_list">debug_peer_list</a>, you must specify 198IPv6 address information inside "<tt>[]</tt>" in the <a href="postconf.5.html">main.cf</a> parameter 199value and in files specified with a "<i>/file/name</i>" pattern. 200IPv6 addresses contain the ":" character, and would otherwise be 201confused with a "<i><a href="DATABASE_README.html">type:table</a></i>" pattern. </b> </p> 202 203<h2><a name="limitations">Known Limitations</a></h2> 204 205<ul> 206 207<li> <p> The order of IPv6/IPv4 outgoing connection attempts is 208not yet configurable. Currently, IPv6 is tried before IPv4. </p> 209 210<li> <p> Postfix currently does not support DNSBL (real-time 211blackhole list) lookups for IPv6 client IP addresses; currently 212there are no blacklists that cover the IPv6 address space. </p> 213 214<li> <p> IPv6 does not have class A, B, C, etc. networks. With IPv6 215networks, the setting "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = class" has the 216same effect as the setting "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet". 217</p> 218 219<li> <p> On Tru64Unix and AIX, Postfix can't figure out the local 220subnet mask 221and always assumes a /128 network. This is a problem only with 222"<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet" and no explicit <a href="postconf.5.html#mynetworks">mynetworks</a> 223setting in <a href="postconf.5.html">main.cf</a>. </p> 224 225</ul> 226 227<h2> <a name="compat">Compatibility with Postfix <2.2 IPv6 support</a> 228</h2> 229 230<p> Postfix version 2.2 IPv6 support is based on the Postfix/IPv6 patch 231by Dean Strik and others, but differs in a few minor ways. </p> 232 233<ul> 234 235<li> <p> <a href="postconf.5.html">main.cf</a>: The <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> parameter does not support 236the notation "ipv6:all" or "ipv4:all". Use the 237<a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter instead. </p> 238 239<li> <p> <a href="postconf.5.html">main.cf</a>: Specify "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = all" or 240"<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6" in order to enable both IPv4 241and IPv6 support. </p> 242 243<li> <p> <a href="postconf.5.html">main.cf</a>: The <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter also controls 244what DNS lookups Postfix will attempt to make when delivering or 245receiving mail. </p> 246 247<li> <p> <a href="postconf.5.html">main.cf</a>: Specify "<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only" 248to listen on loopback network interfaces only. </p> 249 250<li> <p> The <a href="postconf.5.html#lmtp_bind_address">lmtp_bind_address</a> and <a href="postconf.5.html#lmtp_bind_address6">lmtp_bind_address6</a> 251features were omitted. The Postfix LMTP client will be absorbed 252into the SMTP client, so there is no reason to keep adding features 253to the LMTP client. </p> 254 255<li> <p> The SMTP server now requires that IPv6 addresses in SMTP 256commands are specified as [ipv6:<i>ipv6address</i>], as 257described in <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. </p> 258 259<li> <p> The IPv6 network address matching code was rewritten from 260the ground up, and is expected to be closer to the specification. 261The result may be incompatible with the Postfix/IPv6 patch. 262</p> 263 264</ul> 265 266<h2><a name="porting">IPv6 Support for unsupported platforms</a></h2> 267 268<p> Getting Postfix IPv6 working on other platforms involves the 269following steps: </p> 270 271<ul> 272 273<li> <p> Specify how Postfix should find the local network interfaces. 274Postfix needs this information to avoid mailer loops and to find out 275if mail for <i>user@[ipaddress]</i> is a local or remote destination. </p> 276 277<p> If your system has the getifaddrs() routine then add 278the following to your platform-specific section in 279src/util/sys_defs.h: </p> 280 281<blockquote> 282<pre> 283#ifndef NO_IPV6 284# define HAS_IPV6 285# define HAVE_GETIFADDRS 286#endif 287</pre> 288</blockquote> 289 290<p> Otherwise, if your system has the SIOCGLIF ioctl() 291command in /usr/include/*/*.h, add the following to your 292platform-specific section in src/util/sys_defs.h: </p> 293 294<blockquote> 295<pre> 296#ifndef NO_IPV6 297# define HAS_IPV6 298# define HAS_SIOCGLIF 299#endif 300</pre> 301</blockquote> 302 303<p> Otherwise, Postfix will have to use the old SIOCGIF commands 304and get along with reduced IPv6 functionality (it won't be able to 305figure out your IPv6 netmasks, which are needed for "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> 306= subnet". Add this to your platform-specific section in 307src/util/sys_defs.h: </p> 308 309<blockquote> 310<pre> 311#ifndef NO_IPV6 312# define HAS_IPV6 313#endif 314</pre> 315</blockquote> 316 317<li> <p> Test if Postfix can figure out its interface information. </p> 318 319<p> After compiling Postfix in the usual manner, step into the 320src/util directory and type "<b>make inet_addr_local</b>". 321Running this file by hand should produce all the interface addresses 322and network masks, for example: </p> 323 324<blockquote> 325<pre> 326% make 327% cd src/util 328% make inet_addr_local 329[... some messages ...] 330% ./inet_addr_local 331[... some messages ...] 332./inet_addr_local: inet_addr_local: configured 2 IPv4 addresses 333./inet_addr_local: inet_addr_local: configured 4 IPv6 addresses 334168.100.189.2/255.255.255.224 335127.0.0.1/255.0.0.0 336fe80:1::2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff:: 3372001:240:587:0:2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff:: 338fe80:5::1/ffff:ffff:ffff:ffff:: 339::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 340</pre> 341</blockquote> 342 343<p> The above is for an old FreeBSD machine. Other systems produce 344slightly different results, but you get the idea. </p> 345 346</ul> 347 348<p> If none of all this produces a usable result, send email to the 349postfix-users@postfix.org mailing list and we'll try to help you 350through this. </p> 351 352<h2><a name="credits">Credits</a></h2> 353 354<p> The following information is in part based on information that 355was compiled by Dean Strik. </p> 356 357<ul> 358 359<li> <p> Mark Huizer wrote the original Postfix IPv6 patch. </p> 360 361<li> <p> Jun-ichiro 'itojun' Hagino of the KAME project made 362substantial improvements. Since then, we speak of the KAME patch. 363</p> 364 365<li> <p> The PLD Linux Distribution ported the code to other stacks 366(notably USAGI). We speak of the PLD patch. A very important 367feature of the PLD patch was that it can work with Lutz Jaenicke's 368TLS patch for Postfix. </p> 369 370<li> <p> Dean Strik extended IPv6 support to platforms other than 371KAME and USAGI, updated the patch to keep up with Postfix development, 372and provided a combined IPv6 + TLS patch. Information about his 373effort can be found on Dean Strik's Postfix website at 374<a href="http://www.ipnet6.org/postfix/">http://www.ipnet6.org/postfix/</a>. </p> 375 376<li> <p> Wietse Venema took Dean Strik's IPv6 patch, merged it into 377Postfix 2.2, and took the opportunity to eliminate all IPv4-specific 378code from Postfix that could be removed. For systems without IPv6 379support in the kernel and system libraries, Postfix has a simple 380compatibility layer, so that it will use IPv4 as before. </p> 381 382</ul> 383 384</body> 385 386</html> 387