1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
2        "http://www.w3.org/TR/html4/loose.dtd">
3
4<html>
5
6<head>
7
8<title>Postfix IPv6 Support</title>
9
10<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
11
12</head>
13
14<body>
15
16<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
17IPv6 Support</h1>
18
19<hr>
20
21<h2>Introduction</h2>
22
23<p> Postfix 2.2 introduces support for the IPv6 (IP version 6)
24protocol. IPv6 support for older Postfix versions was available as
25an add-on patch. The section "<a href="#compat">Compatibility with
26Postfix &lt;2.2 IPv6 support</a>" below discusses the differences
27between these implementations. </p>
28
29<p> The main feature of interest is that IPv6 uses 128-bit IP
30addresses instead of the 32-bit addresses used by IPv4. It can
31therefore accommodate a much larger number of hosts and networks
32without ugly kluges such as NAT. A side benefit of the much larger
33address space is that it makes random network scanning impractical.
34</p>
35
36<p> Postfix uses the same SMTP protocol over IPv6 as it already
37uses over the older IPv4 network, and does AAAA record lookups in
38the DNS in addition to the older A records.  Information about IPv6
39can be found at <a href="http://www.ipv6.org/">http://www.ipv6.org/</a>. </p>
40
41<p> This document provides information on the following topics:
42</p>
43
44<ul>
45
46<li><a href="#platforms">Supported platforms</a>
47
48<li><a href="#configuration">Configuration</a>
49
50<li><a href="#limitations">Known limitations</a>
51
52<li><a href="#compat">Compatibility with Postfix &lt;2.2 IPv6 support</a>
53
54<li><a href="#porting">IPv6 Support for unsupported platforms</a>
55
56<li><a href="#credits">Credits</a>
57
58</ul>
59
60<h2><a name="platforms">Supported Platforms</a></h2>
61
62<p> Postfix version 2.2 supports IPv4 and IPv6 on the following
63platforms:  </p>
64
65<ul>
66
67<li> AIX 5.1+
68<li> Darwin 7.3+
69<li> FreeBSD 4+
70<li> Linux 2.4+
71<li> NetBSD 1.5+
72<li> OpenBSD 2+
73<li> Solaris 8+
74<li> Tru64Unix V5.1+
75
76</ul>
77
78<p> On other platforms Postfix will simply use IPv4 as it has always
79done. </p>
80
81<p> See <a href="#porting">below</a> for tips how to port Postfix
82IPv6 support to other environments.  </p>
83
84<h2><a name="configuration">Configuration</a></h2>
85
86<p> Postfix IPv6 support introduces two new <a href="postconf.5.html">main.cf</a> configuration
87parameters, and introduces an important change in address syntax
88notation in match lists such as <a href="postconf.5.html#mynetworks">mynetworks</a> or
89<a href="postconf.5.html#debug_peer_list">debug_peer_list</a>. </p>
90
91<p> Postfix IPv6 address syntax is a little tricky, because there
92are a few places where you must enclose an IPv6 address inside
93"<tt>[]</tt>" characters, and a few places where you must not. It is
94a good idea to use "<tt>[]</tt>" only in the few places where you
95have to. Check out the <a href="postconf.5.html">postconf(5)</a> manual whenever you do IPv6
96related configuration work with Postfix.  </p>
97
98<ul>
99
100<li> <p> Instead of hard-coding 127.0.0.1 and ::1 loopback addresses
101in <a href="master.5.html">master.cf</a>, specify "<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only" in <a href="postconf.5.html">main.cf</a>.
102This way you can use the same <a href="master.5.html">master.cf</a> file regardless of whether
103or not Postfix will run on an IPv6-enabled system. </p>
104
105<li> <p> The first new parameter is called <a href="postconf.5.html#inet_protocols">inet_protocols</a>.  This
106specifies what protocols Postfix will use when it makes or accepts
107network connections, and also controls what DNS lookups Postfix
108will use when it makes network connections.  </p>
109
110<blockquote>
111<pre>
112/etc/postfix/<a href="postconf.5.html">main.cf</a>:
113    # You must stop/start Postfix after changing this parameter.
114    <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4       (DEFAULT: enable IPv4 only)
115    <a href="postconf.5.html#inet_protocols">inet_protocols</a> = all        (enable IPv4, and IPv6 if supported)
116    <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6 (enable both IPv4 and IPv6)
117    <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6       (enable IPv6 only)
118</pre>
119</blockquote>
120
121<p> By default, Postfix uses IPv4 only, because most systems aren't
122attached to an IPv6 network. </p>
123
124<ul>
125
126<li> <p> On systems with combined IPv4/IPv6 stacks, attempts to
127deliver mail via IPv6 would always fail with "network unreachable",
128and those attempts would only slow down Postfix. </p>
129
130<li> <p> Linux kernels don't even load IPv6 protocol support by
131default. Any attempt to use it would fail immediately. </p>
132
133</ul>
134
135<p> Note 1: you must stop and start Postfix after changing the
136<a href="postconf.5.html#inet_protocols">inet_protocols</a> configuration parameter. </p>
137
138<p> Note 2: if you see error messages like the following, then
139you're running Linux and need to turn on IPv6 in the kernel: see
140<a href="http://www.ipv6.org/">http://www.ipv6.org/</a> for hints and tips. Unlike other systems,
141Linux does not have a combined stack for IPv4 and IPv6, and IPv6
142protocol support is not loaded by default.  </p>
143
144<blockquote>
145<pre>
146postconf: warning: <a href="postconf.5.html#inet_protocols">inet_protocols</a>: IPv6 support is disabled: Address family not supported by protocol
147postconf: warning: <a href="postconf.5.html#inet_protocols">inet_protocols</a>: configuring for IPv4 support only
148</pre>
149</blockquote>
150
151<p> Note 3: on older Linux and Solaris systems, the setting
152"<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6" will not prevent Postfix from
153accepting IPv4 connections.  Postfix will present the client IP
154addresses in IPv6 format, though. In all other cases, Postfix always
155presents IPv4 client IP addresses in the traditional dotted quad
156IPv4 format.  </p>
157
158<li> <p> The other new parameter is <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a>.
159This sets the local interface address for outgoing IPv6 SMTP
160connections, just like the <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> parameter
161does for IPv4: </p>
162
163<blockquote>
164<pre>
165/etc/postfix/<a href="postconf.5.html">main.cf</a>:
166    <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> = 2001:240:587:0:250:56ff:fe89:1
167</pre>
168</blockquote>
169
170<li> <p> If you left the value of the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter at its
171default (i.e. no <a href="postconf.5.html#mynetworks">mynetworks</a> setting in <a href="postconf.5.html">main.cf</a>) Postfix will figure
172out by itself what its network addresses are. This is what a typical
173setting looks like: </p>
174
175<blockquote>
176<pre>
177% postconf <a href="postconf.5.html#mynetworks">mynetworks</a>
178<a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [fe80::]/10 [2001:240:587::]/64
179</pre>
180</blockquote>
181
182<p> If you did specify the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter value in
183<a href="postconf.5.html">main.cf</a>, you need update the <a href="postconf.5.html#mynetworks">mynetworks</a> value to include
184the IPv6 networks the system is in. Be sure to specify IPv6 address
185information inside "<tt>[]</tt>", like this: </p>
186
187<blockquote>
188<pre>
189/etc/postfix/<a href="postconf.5.html">main.cf</a>:
190    <a href="postconf.5.html#mynetworks">mynetworks</a> = ...<i>IPv4 networks</i>... [::1]/128 [2001:240:587::]/64 ...
191</pre>
192</blockquote>
193
194</ul>
195
196<p> <b> NOTE: when configuring Postfix match lists such as
197<a href="postconf.5.html#mynetworks">mynetworks</a> or <a href="postconf.5.html#debug_peer_list">debug_peer_list</a>, you must specify
198IPv6 address information inside "<tt>[]</tt>" in the <a href="postconf.5.html">main.cf</a> parameter
199value and in files specified with a "<i>/file/name</i>" pattern.
200IPv6 addresses contain the ":" character, and would otherwise be
201confused with a "<i><a href="DATABASE_README.html">type:table</a></i>" pattern. </b>  </p>
202
203<h2><a name="limitations">Known Limitations</a></h2>
204
205<ul>
206
207<li> <p> The order of IPv6/IPv4 outgoing connection attempts is
208not yet configurable.  Currently, IPv6 is tried before IPv4. </p>
209
210<li> <p> Postfix currently does not support DNSBL (real-time
211blackhole list) lookups for IPv6 client IP addresses; currently
212there are no blacklists that cover the IPv6 address space. </p>
213
214<li> <p> IPv6 does not have class A, B, C, etc. networks. With IPv6
215networks, the setting "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = class" has the
216same effect as the setting "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet".
217</p>
218
219<li> <p> On Tru64Unix and AIX, Postfix can't figure out the local
220subnet mask
221and always assumes a /128 network. This is a problem only with
222"<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet" and no explicit <a href="postconf.5.html#mynetworks">mynetworks</a>
223setting in <a href="postconf.5.html">main.cf</a>. </p>
224
225</ul>
226
227<h2> <a name="compat">Compatibility with Postfix &lt;2.2 IPv6 support</a>
228</h2>
229
230<p> Postfix version 2.2 IPv6 support is based on the Postfix/IPv6 patch
231by Dean Strik and others, but differs in a few minor ways. </p>
232
233<ul>
234
235<li> <p> <a href="postconf.5.html">main.cf</a>: The <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> parameter does not support
236the notation  "ipv6:all" or "ipv4:all". Use the
237<a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter instead. </p>
238
239<li> <p> <a href="postconf.5.html">main.cf</a>: Specify "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = all" or
240"<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6" in order to enable both IPv4
241and IPv6 support. </p>
242
243<li> <p> <a href="postconf.5.html">main.cf</a>: The <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter also controls
244what DNS lookups Postfix will attempt to make when delivering or
245receiving mail. </p>
246
247<li> <p> <a href="postconf.5.html">main.cf</a>: Specify "<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only"
248to listen on loopback network interfaces only. </p>
249
250<li> <p> The <a href="postconf.5.html#lmtp_bind_address">lmtp_bind_address</a> and <a href="postconf.5.html#lmtp_bind_address6">lmtp_bind_address6</a>
251features were omitted. The Postfix LMTP client will be absorbed
252into the SMTP client, so there is no reason to keep adding features
253to the LMTP client. </p>
254
255<li> <p> The SMTP server now requires that IPv6 addresses in SMTP
256commands are specified as [ipv6:<i>ipv6address</i>], as
257described in <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. </p>
258
259<li> <p> The IPv6 network address matching code was rewritten from
260the ground up, and is expected to be closer to the specification.
261The result may be incompatible with the Postfix/IPv6 patch.
262</p>
263
264</ul>
265
266<h2><a name="porting">IPv6 Support for unsupported platforms</a></h2>
267
268<p> Getting Postfix IPv6 working on other platforms involves the
269following steps: </p>
270
271<ul>
272
273<li> <p> Specify how Postfix should find the local network interfaces.
274Postfix needs this information to avoid mailer loops and to find out
275if mail for <i>user@[ipaddress]</i> is a local or remote destination. </p>
276
277<p> If your system has the getifaddrs() routine then add
278the following to your platform-specific section in
279src/util/sys_defs.h:  </p>
280
281<blockquote>
282<pre>
283#ifndef NO_IPV6
284# define HAS_IPV6
285# define HAVE_GETIFADDRS
286#endif
287</pre>
288</blockquote>
289
290<p> Otherwise, if your system has the SIOCGLIF ioctl()
291command in /usr/include/*/*.h, add the following to your
292platform-specific section in src/util/sys_defs.h: </p>
293
294<blockquote>
295<pre>
296#ifndef NO_IPV6
297# define HAS_IPV6
298# define HAS_SIOCGLIF
299#endif
300</pre>
301</blockquote>
302
303<p> Otherwise, Postfix will have to use the old SIOCGIF commands
304and get along with reduced IPv6 functionality (it won't be able to
305figure out your IPv6 netmasks, which are needed for "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a>
306= subnet". Add this to your platform-specific section in
307src/util/sys_defs.h: </p>
308
309<blockquote>
310<pre>
311#ifndef NO_IPV6
312# define HAS_IPV6
313#endif
314</pre>
315</blockquote>
316
317<li> <p> Test if Postfix can figure out its interface information. </p>
318
319<p> After compiling Postfix in the usual manner, step into the
320src/util directory and type "<b>make inet_addr_local</b>".
321Running this file by hand should produce all the interface addresses
322and network masks, for example: </p>
323
324<blockquote>
325<pre>
326% make
327% cd src/util
328% make inet_addr_local
329[... some messages ...]
330% ./inet_addr_local
331[... some messages ...]
332./inet_addr_local: inet_addr_local: configured 2 IPv4 addresses
333./inet_addr_local: inet_addr_local: configured 4 IPv6 addresses
334168.100.189.2/255.255.255.224
335127.0.0.1/255.0.0.0
336fe80:1::2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
3372001:240:587:0:2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
338fe80:5::1/ffff:ffff:ffff:ffff::
339::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
340</pre>
341</blockquote>
342
343<p> The above is for an old FreeBSD machine. Other systems produce
344slightly different results, but you get the idea. </p>
345
346</ul>
347
348<p> If none of all this produces a usable result, send email to the
349postfix-users@postfix.org mailing list and we'll try to help you
350through this. </p>
351
352<h2><a name="credits">Credits</a></h2>
353
354<p> The following information is in part based on information that
355was compiled by Dean Strik. </p>
356
357<ul>
358
359<li> <p> Mark Huizer wrote the original Postfix IPv6 patch. </p>
360
361<li> <p> Jun-ichiro 'itojun' Hagino of the KAME project made
362substantial improvements. Since then, we speak of the KAME patch.
363</p>
364
365<li> <p> The PLD Linux Distribution ported the code to other stacks
366(notably USAGI).  We speak of the PLD patch. A very important
367feature of the PLD patch was that it can work with Lutz Jaenicke's
368TLS patch for Postfix.  </p>
369
370<li> <p> Dean Strik extended IPv6 support to platforms other than
371KAME and USAGI, updated the patch to keep up with Postfix development,
372and provided a combined IPv6 + TLS patch.  Information about his
373effort can be found on Dean Strik's Postfix website at
374<a href="http://www.ipnet6.org/postfix/">http://www.ipnet6.org/postfix/</a>. </p>
375
376<li> <p> Wietse Venema took Dean Strik's IPv6 patch, merged it into
377Postfix 2.2, and took the opportunity to eliminate all IPv4-specific
378code from Postfix that could be removed.  For systems without IPv6
379support in the kernel and system libraries, Postfix has a simple
380compatibility layer, so that it will use IPv4 as before.  </p>
381
382</ul>
383
384</body>
385
386</html>
387