Benny Pedersen | 3 Jun 12:40 2011

ipv6 testing

does it work ? :)

Mark Martinec | 6 Jun 16:34 2011
Picon
Picon

Re: ipv6 testing

> ipv6 testing
> does it work ? :)

It does - but details depend on what you have in mind.

Postfix, amavisd and SpamAssassin since 3.3 can all deal just fine
with IPv6 addresses found in a mail message.

All configuration settings in amavisd understand and correctly deal
with IPv6 addresses configured.

Amavis can feed mail back to Postfix over an IPv6 (inet6) socket.

The one thing lacking is the Net::Server module. The last released
version does not yet support accepting sessions over IPv6.
I have a patch for Net::Server which makes it understand IPv6,
which I'm running here locally (as well as at some other sites),
so this provides the missing link for the full internal mail path
working over inet6. The amavisd-new-2.7.0 supports the
configuration-side of this added Net::Server functionality.

Let me know if someone needs the IPv6-enabling patch for
Net::Server 0.99.

  Mark

Scott Kitterman | 6 Jun 17:22 2011

Re: ipv6 testing

On Monday, June 06, 2011 10:34:46 AM Mark Martinec wrote:
> > ipv6 testing
> > does it work ? :)
> 
> It does - but details depend on what you have in mind.
> 
> Postfix, amavisd and SpamAssassin since 3.3 can all deal just fine
> with IPv6 addresses found in a mail message.
> 
> All configuration settings in amavisd understand and correctly deal
> with IPv6 addresses configured.
> 
> Amavis can feed mail back to Postfix over an IPv6 (inet6) socket.
> 
> The one thing lacking is the Net::Server module. The last released
> version does not yet support accepting sessions over IPv6.
> I have a patch for Net::Server which makes it understand IPv6,
> which I'm running here locally (as well as at some other sites),
> so this provides the missing link for the full internal mail path
> working over inet6. The amavisd-new-2.7.0 supports the
> configuration-side of this added Net::Server functionality.
> 
> Let me know if someone needs the IPv6-enabling patch for
> Net::Server 0.99.

We're making a big push on IPv6 readiness in this Ubuntu development cycle, so 
I'd appreciate having the patch.

Scott K

(Continue reading)

Mark Martinec | 6 Jun 18:09 2011
Picon
Picon

Re: ipv6 testing

Scott,

> We're making a big push on IPv6 readiness in this Ubuntu development cycle,
> so I'd appreciate having the patch.

That's very nice to hear!

The patch for Net-Server-0.99 is attached, includes documentation changes.

As a format of passing sockets to a new incarnation on a warn reload needs
an additional field (socket protocol type), servers running unpatched
Net-Server-0.99 needs to be stopped/restarted after the patch is applied
(e.g. amavisd restart,  not: amavisd reload).

Also note that some of the Net::Server self-tests will fail. This is not
a defect of the patch, but an unwarranted assumption on the part
of the test, expecting to receive a single socket when binding to
'*' (i.e. any address) - now one gets two sockets (unless you request
a bind to a single adress family, like 127.0.0.1 or ::1), one socket
for each address family.

The change in behaviour (getting two sockets when binding to 'any')
does not affect amavisd, and I'd expect it does not affect other
servers based on Net::Server module - although there may be a
case of some service (yet to be found) which may not like it.
A simple solution there is to specify a family-specific binding
address instead of '*' or undef.

Amavisd-new-2.7.0 allows more flexibility in specifying binding
addresses for Net::Server: the $inet_socket_bind can accept an
(Continue reading)

Quanah Gibson-Mount | 19 Jul 00:07 2011

Re: ipv6 testing

--On Monday, June 06, 2011 6:09 PM +0200 Mark Martinec 
<Mark.Martinec+amavis <at> ijs.si> wrote:

> Scott,
>
>> We're making a big push on IPv6 readiness in this Ubuntu development
>> cycle, so I'd appreciate having the patch.
>
> That's very nice to hear!
>
> The patch for Net-Server-0.99 is attached, includes documentation changes.

I would note this patch differs significantly from the changes suggested by 
the author of the Net-Server module in 
<https://rt.cpan.org/Ticket/Display.html?id=33289>

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Quanah Gibson-Mount | 19 Jul 19:05 2011

Re: ipv6 testing

--On Monday, July 18, 2011 3:07 PM -0700 Quanah Gibson-Mount 
<quanah <at> zimbra.com> wrote:

> --On Monday, June 06, 2011 6:09 PM +0200 Mark Martinec
> <Mark.Martinec+amavis <at> ijs.si> wrote:
>
>> Scott,
>>
>>> We're making a big push on IPv6 readiness in this Ubuntu development
>>> cycle, so I'd appreciate having the patch.
>>
>> That's very nice to hear!
>>
>> The patch for Net-Server-0.99 is attached, includes documentation
>> changes.

This patch results in an non-working Net::Server object for me. 
Specifically because of line 790:

    ($prop->{peerport}, $prop->{peeraddrn}) =
      $sock->sockdomain == AF_INET ? Socket::sockaddr_in($prop->{udp_peer})
                                 : Socket6::sockaddr_in6($prop->{udp_peer});

The issue is with using AF_INET.  I know you have:

use Socket qw(AF_INET AF_UNIX SOCK_DGRAM SOCK_STREAM);

at the start of the module, however it is treating it as a runaway string.

Bareword found where operator expected at zimbramon/lib/Net/Server.pm line 
(Continue reading)

Quanah Gibson-Mount | 19 Jul 19:35 2011

Re: ipv6 testing

--On Tuesday, July 19, 2011 10:05 AM -0700 Quanah Gibson-Mount 
<quanah <at> zimbra.com> wrote:

> --On Monday, July 18, 2011 3:07 PM -0700 Quanah Gibson-Mount
> <quanah <at> zimbra.com> wrote:
>
>> --On Monday, June 06, 2011 6:09 PM +0200 Mark Martinec
>> <Mark.Martinec+amavis <at> ijs.si> wrote:
>>
>>> Scott,
>>>
>>>> We're making a big push on IPv6 readiness in this Ubuntu development
>>>> cycle, so I'd appreciate having the patch.
>>>
>>> That's very nice to hear!
>>>
>>> The patch for Net-Server-0.99 is attached, includes documentation
>>> changes.
>
> This patch results in an non-working Net::Server object for me.
> Specifically because of line 790:

Rewriting this as an if statement resolves the error:

    if ($sock->sockdomain == AF_INET) {
      ($prop->{peerport}, $prop->{peeraddrn}) = 
Socket::sockaddr_in($prop->{udp_peer});
    } else {
      ($prop->{peerport}, $prop->{peeraddrn}) = 
Socket6::sockaddr_in6($prop->{udp_peer});
(Continue reading)

Quanah Gibson-Mount | 1 Aug 19:37 2011

Re: ipv6 testing

--On Tuesday, July 19, 2011 10:35 AM -0700 Quanah Gibson-Mount 
<quanah <at> zimbra.com> wrote:

> --On Tuesday, July 19, 2011 10:05 AM -0700 Quanah Gibson-Mount
> <quanah <at> zimbra.com> wrote:
>
>> --On Monday, July 18, 2011 3:07 PM -0700 Quanah Gibson-Mount
>> <quanah <at> zimbra.com> wrote:
>>
>>> --On Monday, June 06, 2011 6:09 PM +0200 Mark Martinec
>>> <Mark.Martinec+amavis <at> ijs.si> wrote:
>>>
>>>> Scott,
>>>>
>>>>> We're making a big push on IPv6 readiness in this Ubuntu development
>>>>> cycle, so I'd appreciate having the patch.
>>>>
>>>> That's very nice to hear!
>>>>
>>>> The patch for Net-Server-0.99 is attached, includes documentation
>>>> changes.
>>
>> This patch results in an non-working Net::Server object for me.
>> Specifically because of line 790:

I also am hitting this problem with similar code created by this patch:

SSLEAY.pm:      $pfamily = $afamily == AF_INET  ? PF_INET
SSLEAY.pm:               : $afamily == AF_INET6 ? PF_INET6 : $afamily;
SSL.pm:      $pfamily = $afamily == AF_INET  ? PF_INET
(Continue reading)

Quanah Gibson-Mount | 1 Aug 19:51 2011

Re: ipv6 testing

--On Monday, August 01, 2011 10:37 AM -0700 Quanah Gibson-Mount 
<quanah <at> zimbra.com> wrote:

> --On Tuesday, July 19, 2011 10:35 AM -0700 Quanah Gibson-Mount
> <quanah <at> zimbra.com> wrote:
>
>> --On Tuesday, July 19, 2011 10:05 AM -0700 Quanah Gibson-Mount
>> <quanah <at> zimbra.com> wrote:
>>
>>> --On Monday, July 18, 2011 3:07 PM -0700 Quanah Gibson-Mount
>>> <quanah <at> zimbra.com> wrote:
>>>
>>>> --On Monday, June 06, 2011 6:09 PM +0200 Mark Martinec
>>>> <Mark.Martinec+amavis <at> ijs.si> wrote:
>>>>
>>>>> Scott,
>>>>>
>>>>>> We're making a big push on IPv6 readiness in this Ubuntu development
>>>>>> cycle, so I'd appreciate having the patch.
>>>>>
>>>>> That's very nice to hear!
>>>>>
>>>>> The patch for Net-Server-0.99 is attached, includes documentation
>>>>> changes.
>>>
>>> This patch results in an non-working Net::Server object for me.
>>> Specifically because of line 790:
>
> I also am hitting this problem with similar code created by this patch:
>
(Continue reading)

Mark Martinec | 1 Aug 19:51 2011
Picon
Picon

Re: ipv6 testing

Quanah,

> >> This patch results in an non-working Net::Server object for me.
> >> Specifically because of line 790:
> I also am hitting this problem with similar code created by this patch:
> 
> SSLEAY.pm:      $pfamily = $afamily == AF_INET  ? PF_INET
> SSLEAY.pm:               : $afamily == AF_INET6 ? PF_INET6 : $afamily;
> SSL.pm:      $pfamily = $afamily == AF_INET  ? PF_INET
> SSL.pm:               : $afamily == AF_INET6 ? PF_INET6 : $afamily;
> TCP.pm:      $pfamily = $afamily == AF_INET  ? PF_INET
> TCP.pm:               : $afamily == AF_INET6 ? PF_INET6 : $afamily;
> 
> These blocks all generate the runaway string error.  It is seen
> consistently on SLES10 64-bit and Ubuntu 10 64-bit systems.  Other
> operating systems we use don't report this error for whatever reason.

Puzzling - no idea.

> I'm currently re-writing this as a 3-part if statement, when I'm finished
> I'll email out my finalized patch.

Thanks!

Attached is a small additional fix over my original patch.
Please include it too in the finalized patch.

  Mark
(Continue reading)

Quanah Gibson-Mount | 1 Aug 20:14 2011

Re: ipv6 testing

--On Monday, August 01, 2011 7:51 PM +0200 Mark Martinec 
<Mark.Martinec+amavis <at> ijs.si> wrote:

> Thanks!
>
> Attached is a small additional fix over my original patch.
> Please include it too in the finalized patch.

Hi Mark,

Done!  Attached is my finalized version and it also includes the above bit 
as well.  I've verified it resolves the issues we were seeing.  My guess is 
it is a perl 5.8.8 vs perl 5.10.1 issue, since SLES10 and Ubuntu8 both use 
Perl 5.8.8 while Ubuntu 10 uses perl 5.10.1.

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration
Attachment (Net-Server-0.99-IPv6.patch.gz): application/octet-stream, 14 KiB
Quanah Gibson-Mount | 9 May 17:31 2012

Re: ipv6 testing

--On Monday, August 01, 2011 11:14 AM -0700 Quanah Gibson-Mount 
<quanah <at> zimbra.com> wrote:

> --On Monday, August 01, 2011 7:51 PM +0200 Mark Martinec
> <Mark.Martinec+amavis <at> ijs.si> wrote:
>
>> Thanks!
>>
>> Attached is a small additional fix over my original patch.
>> Please include it too in the finalized patch.
>
> Hi Mark,
>
> Done!  Attached is my finalized version and it also includes the above
> bit as well.  I've verified it resolves the issues we were seeing.  My
> guess is it is a perl 5.8.8 vs perl 5.10.1 issue, since SLES10 and
> Ubuntu8 both use Perl 5.8.8 while Ubuntu 10 uses perl 5.10.1.

One issue I've found with Net::Server even once it is patched, is that if 
the hostname is "localhost", it comes back resolved twice as 127.0.0.1 if 
you have both IPv4 and IPv6 enabled for localhost.  It looks like it would 
do the same thing for any hostname that's so enabled.

This causes startup problems for applications that use Net::Server to bind 
to the IP address, because they try to bind twice to 127.0.0.1 [port], and 
then fail to start since it is already bound.

--Quanah

--
(Continue reading)

Clayton Keller | 6 Jun 18:04 2011
Picon

Re: ipv6 testing

On 06/06/2011 09:34 AM, Mark Martinec wrote:
>> ipv6 testing
>> does it work ? :)
>
> It does - but details depend on what you have in mind.
>
> Postfix, amavisd and SpamAssassin since 3.3 can all deal just fine
> with IPv6 addresses found in a mail message.
>
> All configuration settings in amavisd understand and correctly deal
> with IPv6 addresses configured.
>
> Amavis can feed mail back to Postfix over an IPv6 (inet6) socket.
>
> The one thing lacking is the Net::Server module. The last released
> version does not yet support accepting sessions over IPv6.
> I have a patch for Net::Server which makes it understand IPv6,
> which I'm running here locally (as well as at some other sites),
> so this provides the missing link for the full internal mail path
> working over inet6. The amavisd-new-2.7.0 supports the
> configuration-side of this added Net::Server functionality.
>
> Let me know if someone needs the IPv6-enabling patch for
> Net::Server 0.99.
>
>    Mark
>

Mark,

(Continue reading)

Benny Pedersen | 7 Jun 01:00 2011

Re: ipv6 testing

On Mon, 6 Jun 2011 16:34:46 +0200, Mark Martinec
<Mark.Martinec+amavis <at> ijs.si> wrote:
>> ipv6 testing
>> does it work ? :)
> 
> It does - but details depend on what you have in mind.
> 
> Postfix, amavisd and SpamAssassin since 3.3 can all deal just fine
> with IPv6 addresses found in a mail message.

postfix 2.8.3 and ipv6 postscreen fails for me, postfix 2.7.4 works

its fails with locking db for postscreen here, if just ipv4 it works

> All configuration settings in amavisd understand and correctly deal
> with IPv6 addresses configured.

sqlgrey works also, but the deamond just not support ipv6 bind imho, but
the db engine does

i will have to make my amavisd ipv6 setup better in comming days, just
happy to see that postfix now is running dual stacked on my mx

> Amavis can feed mail back to Postfix over an IPv6 (inet6) socket.
> 
> The one thing lacking is the Net::Server module. The last released
> version does not yet support accepting sessions over IPv6.
> I have a patch for Net::Server which makes it understand IPv6,
> which I'm running here locally (as well as at some other sites),
> so this provides the missing link for the full internal mail path
(Continue reading)

Patrick Domack | 7 Jun 02:37 2011

Re: ipv6 testing

Odd, I haven't had any issues with postscreen on several systems,  
running 2.8.3 also.

Now if all this windows based systems would stop attempting to send me  
email over their teredo (2000:0000::) or 6to4 (2002::) adresses  
without rdns configured.

Quoting Benny Pedersen <me <at> junc.org>:

> On Mon, 6 Jun 2011 16:34:46 +0200, Mark Martinec
> <Mark.Martinec+amavis <at> ijs.si> wrote:
>>> ipv6 testing
>>> does it work ? :)
>>
>> It does - but details depend on what you have in mind.
>>
>> Postfix, amavisd and SpamAssassin since 3.3 can all deal just fine
>> with IPv6 addresses found in a mail message.
>
> postfix 2.8.3 and ipv6 postscreen fails for me, postfix 2.7.4 works
>
> its fails with locking db for postscreen here, if just ipv4 it works
>
>> All configuration settings in amavisd understand and correctly deal
>> with IPv6 addresses configured.
>
> sqlgrey works also, but the deamond just not support ipv6 bind imho, but
> the db engine does
>
> i will have to make my amavisd ipv6 setup better in comming days, just
(Continue reading)

Benny Pedersen | 7 Jun 04:58 2011

Re: ipv6 testing

On Mon, 06 Jun 2011 20:37:11 -0400, Patrick Domack wrote:
> Odd, I haven't had any issues with postscreen on several systems,
> running 2.8.3 also.

that does not mean its bugfree, sure its me that configured it bad, but 
i dont know what :/

> Now if all this windows based systems would stop attempting to send
> me  email over their teredo (2000:0000::) or 6to4 (2002::) adresses
> without rdns configured.

it will be solved when my isp gives me natively ipv6, so far i am happy 
with sixxs, dont know if miredo is better then the non open source 
variant :-)

Mark Martinec | 7 Jun 13:08 2011
Picon
Picon

Re: ipv6 testing

Benny Pedersen wrote:
> postfix 2.8.3 and ipv6 postscreen fails for me, postfix 2.7.4 works
> its fails with locking db for postscreen here, if just ipv4 it works

Strange. It's worth resolving it, 

Patrick Domack wrote:
> Odd, I haven't had any issues with postscreen on several systems,
> running 2.8.3 also.

Same here, I don't remember any problems there.

Scott Kitterman wrote:
> We're making a big push on IPv6 readiness in this Ubuntu development cycle,

You may want to check the RIPE-501 document, especially the
'Requirements for "host" equipment' section. These requirements are
starting to be seen more frequently in tenders for new equipment,
either by referring to individual RFCs, or jointly as a ref to RIPE-501:

  http://www.ripe.net/ripe/docs/ripe-501

Mark

Scott Kitterman | 7 Jun 13:43 2011

Re: ipv6 testing

On Tuesday, June 07, 2011 07:08:45 AM Mark Martinec wrote:
...
> Scott Kitterman wrote:
> > We're making a big push on IPv6 readiness in this Ubuntu development
> > cycle,
> 
> You may want to check the RIPE-501 document, especially the
> 'Requirements for "host" equipment' section. These requirements are
> starting to be seen more frequently in tenders for new equipment,
> either by referring to individual RFCs, or jointly as a ref to RIPE-501:
> 
>   http://www.ripe.net/ripe/docs/ripe-501

Thanks.  I've added it to our list of things to review.

Scott K


Gmane