https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6840
--- Comment #2 from Mark Martinec <[email protected]> --- Done. Proofreading appreciated. > In general, there's no mention of IPV6 documentation in the spamd manpage. > This includes: > 1) For -i, stating that it will "listen on all interfaces" if no address is > given, and then saying that this is equal to 0.0.0.0. If anything, that > should at least be amended to "listen on all ipv4 interfaces". Fixed - with changes in Bug 6841. The --listen (a.k.a. -i) can now be specified multiple times and can deal with IPv4, IPv6 and Unix sockets: Usage: -i [ip_or_name[:port]], --listen=[ip_or_name[:port]] Listen on IP addr and port The --listen option (or -i) may be specified multiple times, its syntax is: [ ssl: ] [ host-name-or-IP-address ] [ : port ] or an absolute path (filename) of a Unix socket. If port is omitted it defaults to --port or to 783. Option --ssl implies a prefix 'ssl:'. An IPv6 address should be enclosed in square brackets, e.g. [::1]:783, an IPv4 address may be but need not be enclosed in square brackets. An asterisk '*' in place of a hostname implies an unspecified address, ('0.0.0.0' or '::'), i.e. it binds to all interfaces. An empty option value implies '*'. POD: =item B<-i> [I<ipaddress>[:<port>]], B<--listen>[=I<ipaddress>[:<port>]] Additional alias names for this option are --listen-ip and --ip-address. Tells spamd to listen on the specified IP address (defaults to a loopback address). If no value is specified after the switch, or an asterisk '*' stands in place of <ipaddress>, spamd will listen on all interfaces - this is equivalent to address '0.0.0.0' for IPv4 and to '::' for IPv6. You can also use a valid hostname which will make spamd listen on all addresses that a name resolves to. The option may be specified multiple times. See also options -4 and -6 for restricting address family to IPv4 or to IPv6. If a port is specified it overrides the --port (and --ssl-port) setting for this socket. An IPv6 addresses should be enclosed in square brackets, e.g. [::1]:783. For compatibility the square brackets on an IPv6 address may be omitted if a port number specification is also omitted. =item B<-p> I<port>, B<--port>=I<port> Optionally specifies the port number for the server to listen on (default: 783). If the B<--ssl> switch is used, and B<--ssl-port> is not supplied, then this port will be used to accept SSL connections instead of unencrypted connections. If the B<--ssl> switch is used, and B<--ssl-port> is set, then unencrypted connections will be accepted on the B<--port> at the same time as encrypted connections are accepted at B<--ssl-port>. =item B<-4>, B<--ipv4only>, B<--ipv4-only>, B<--ipv4> Use IPv4 where applicable, do not use IPv6. The option affects a set of listen sockets (see option C<--listen>) and disables IPv6 for DNS tests. =item B<-6> Use IPv6 where applicable, do not use IPv4. The option affects a set of listen sockets, see option C<--listen>. Installing a module IO::Socket::IP is recommended if spamd is expected to receive requests over IPv6. > 2) No examples of an ipv6 address for the -A option. Additionally, > it should probably be brought into compliance with RFC5737 and RFC4839, > which define address blocks reserved for documentation purposes for > ipv4 and ipv6, respectively. Done: =item B<-A> I<host,...>, B<--allowed-ips>=I<host,...> Specify a comma-separated list of authorized hosts or networks which can connect to this spamd instance. Each element of the list is either a single IP addresses, or a range of IP addresses in address/masklength CIDR notation, or ranges of IPv4 addresses by specifying 3 or less octets with a trailing dot. Hostnames are not supported, only IPv4 or IPv6 addresses. This option can be specified multiple times, or can take a list of addresses separated by commas. IPv6 addresses may be (but need not be) enclosed in square brackets for consistency with option B<--listen>. Examples: B<-A 10.11.12.13> -- only allow connections from C<10.11.12.13>. B<-A 10.11.12.13,10.11.12.14> -- only allow connections from C<10.11.12.13> and C<10.11.12.14>. B<-A 10.200.300.0/24> -- allow connections from any machine in the range C<10.200.300.*>. B<-A 10.> -- allow connections from any machine in the range C<10.*.*.*>. B<-A [2001:db8::]/32,192.0.2.0/24,::1,127.0.0.0/8> -- only accept connections from specified test networks and from localhost. In absence of the B<-A> option, connections are only accepted from IP address 127.0.0.1 or ::1, i.e. from localhost on a loopback interface. > 3) No clarification of the fact that -i can be specified only once (this > is really another bug -- but if the bug stands, it should be noted here.) Done. > Note that there are other bugs being filed which I'll link to here in > subsequent comments. Done. -- You are receiving this mail because: You are the assignee for the bug.
