Discussion about the qmail mail transfer agent

Florian Leeber | 21 May 2012 22:46

Picon

tcpserver & IPv6

Hello all,

I am playing around with IPv6 a bit and found those instructions on the
net: http://www.brandonturner.net/blog/2009/08/qmail-ipv6-tcpserver/ -
however, after applying the patch exactly nothing changed. tcpserver
does not seem to bind itself to the IPv6 stack, also, there is no error
or informational message. Rest of the system including sshd, apache and
dovecot is already "dualhomed", so I know that kernel and other stuff is
pretty fine.

Any ideas?

regards Florian

Panashe Flack | 21 May 2012 23:07

Picon

Re: tcpserver & IPv6

On Mon, May 21, 2012 at 10:46:07PM +0200, Florian Leeber wrote:
> Hello all,
> 
> I am playing around with IPv6 a bit and found those instructions on the
> net: http://www.brandonturner.net/blog/2009/08/qmail-ipv6-tcpserver/ -
> however, after applying the patch exactly nothing changed. tcpserver
> does not seem to bind itself to the IPv6 stack, also, there is no error
> or informational message. Rest of the system including sshd, apache and
> dovecot is already "dualhomed", so I know that kernel and other stuff is
> pretty fine.
> 
> Any ideas?
> 
> regards Florian
> 
> 

you may want to provide a little more information, such as your linux distribution?

flori | 22 May 2012 09:12

Picon

Re: tcpserver & IPv6

Dear Panashe,

yes sorry forgot: Its a Debian sarge/squeeze with kernel 2.6.26-2-amd64..

regards Florian

Quoting Panashe Flack <lists222 <at> m.l.vaunt.eu>:

> On Mon, May 21, 2012 at 10:46:07PM +0200, Florian Leeber wrote:
>> Hello all,
>>
>> I am playing around with IPv6 a bit and found those instructions on the
>> net: http://www.brandonturner.net/blog/2009/08/qmail-ipv6-tcpserver/ -
>> however, after applying the patch exactly nothing changed. tcpserver
>> does not seem to bind itself to the IPv6 stack, also, there is no error
>> or informational message. Rest of the system including sshd, apache and
>> dovecot is already "dualhomed", so I know that kernel and other stuff is
>> pretty fine.
>>
>> Any ideas?
>>
>> regards Florian
>>
>>
>
> you may want to provide a little more information, such as your  
> linux distribution?
>

----------------------------------------------------------------

(Continue reading)

Nicolai | 22 May 2012 00:06

Re: tcpserver & IPv6

On Mon, May 21, 2012 at 10:46:07PM +0200, Florian Leeber wrote:
> Hello all,
> 
> I am playing around with IPv6 a bit and found those instructions on the
> net: http://www.brandonturner.net/blog/2009/08/qmail-ipv6-tcpserver/ -
> however, after applying the patch exactly nothing changed.

You may need to modify your run file; Felix's patch (which the above is
apparently based on) adds new -4 and -6 arguments to tcpserver.  Post
your qmail-smtpd run file here.

Also what operating system are you using?

Nicolai

flori | 22 May 2012 09:33

Picon

Re: tcpserver & IPv6

Hello,

as I read it I expected that I do not need those switches. And heres  
the run file:

start-stop-daemon --start --user qmaild \
         --pidfile /var/run/tcpserver_smtpd.pid --make-pidfile \
         --exec \
         /usr/bin/tcpserver -- -R -H -l $HOSTNAME \
         -u vpopmail -g vpopmail -x /etc/tcp.smtp.cdb 0 smtp \
         $rblsmtpd /usr/sbin/qmail-smtpd \
         /var/vpopmail/bin/vchkpw /bin/true 2>&1 \
         | /usr/bin/multilog t n14 s1000000 /var/log/smtp &

Quoting Nicolai <nicolai-qmail <at> chocolatine.org>:

> On Mon, May 21, 2012 at 10:46:07PM +0200, Florian Leeber wrote:
>> Hello all,
>>
>> I am playing around with IPv6 a bit and found those instructions on the
>> net: http://www.brandonturner.net/blog/2009/08/qmail-ipv6-tcpserver/ -
>> however, after applying the patch exactly nothing changed.
>
> You may need to modify your run file; Felix's patch (which the above is
> apparently based on) adds new -4 and -6 arguments to tcpserver.  Post
> your qmail-smtpd run file here.
>
> Also what operating system are you using?
>
> Nicolai

(Continue reading)

Erwin Hoffmann | 22 May 2012 11:24

Picon

Re: tcpserver & IPv6

Hi Florian (and all who are interested),

currently I'm working on IPv6, and particular it's integration into ucspi-ssl and qmail. 
Felix already did most of the coding 

Let me try to explain parts of the problem:

Your IPvX settings:

a) In your setting, you use IPv6 enabled tcpserver to catch any TCP packet for port 25.
     You bind tcpserver to ANY available IP address by means of the '0' 

b) tcpserver will happily accept any IPv4 AND IPv6 packet on any (at start) available IP address.

c) The IPv4 address your host has is '0.0.0.0' (unspecified), '127.0.0.1' (loopback) and the 
     dedicated address, lets lay 1.2.3.4.

d) IPv6 address you host has is '::' (unspecified), '::1' (loopback), the link-local LLU 
    address (fe80:....), and the Global IPv4 address, typically 2001:......

e) In case you have turned on IPv6 privacy extension, additional LLU AND Global addresses
    will come and go. I doubt, this is going to work with tcpserver anyway. 

Your smtp.cdb:

f) Let's consider tcpserver receives an IPvX packet. It needs to look inside the cdb. 
   Here you may have defined some IP based rules, typically '127.0.0.1:allow'. 

g) The kernel of your OS will translate any IPv4 DA in the packet to an IPv4-mapped IPv6 address. 
    The lookup will fail.

(Continue reading)

flori | 27 May 2012 18:28

Picon

Re: tcpserver & IPv6

Hello Erwin,

thanks as always for the precise analysis ...

I understand that there is still some or significant effort needed,  
but I want also to learn more about these issues since they might  
affect future decisions sooner or later.

Practically I fail already in step b) as tcpserver does exactly not  
listen to any ip6 enabled interface. ANd I only have the 4 you  
mentioned, not more :)

So I doubt that the value of "0" does function correctly to enable  
bindings on both stacks. whatever it prevents of doing so... the  
executable shows the correct cmdline arguments, so it must be the  
patched one, no "lost update" issue:

  usage: tcpserver [ -461UXpPhHrRoOdDqQv ]

But, what Nicolai suggested, adding those -4 or -6 parameters will do  
completely different things than to enable the stack binding, at least  
thats what the manpage told me.

So for playing around, maybe you can help me to get this going, and  
then we talk about step g) and h) later.... :)

thanks Florian

Quoting Erwin Hoffmann <feh <at> fehcom.de>:

(Continue reading)

flori | 28 May 2012 06:51

Picon

Re: tcpserver & IPv6


Hello Erwin & all,

it works now. Too stupid to figure out that the qmail stop script was  
not terminating tcpserver properly and the old version kept running.  
Have to look into this strange behaviour of course.

I think relay control will not be an issue, I have either incoming  
mail which terminates at this server, or smtp users who log in via  
IPv4 or local IPv4 webmail/sendmail, so I would not need any relay  
rules right now.

regards Florian

Quoting flori <at> bin.org.in:

> Hello Erwin,
>
> thanks as always for the precise analysis ...
>
> I understand that there is still some or significant effort needed,  
> but I want also to learn more about these issues since they might  
> affect future decisions sooner or later.
>
> Practically I fail already in step b) as tcpserver does exactly not  
> listen to any ip6 enabled interface. ANd I only have the 4 you  
> mentioned, not more :)
>

----------------------------------------------------------------

(Continue reading)

Return

Return to gmane.mail.qmail.general.

Search Archive

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane