Re: Postfix and IPV6
On Sat, Nov 19, 2016 at 07:59:15AM +0100, postfix wrote: > I changed this network to "real" IPV6 (before I used 6TO4 > tunnelling). Now, every host and every program (including postfix) > rushes to use IPV6. But there are problems with postfix: on one > Host (postfix-2.10.1-6.el7.x86_64) I had in the logs: The postconf output suggests it might be version 2.6.6. > Nov 19 06:13:01 tico postfix/postfix-script[23347]: the Postfix > mail system is not running > Nov 19 06:13:02 tico postfix/postfix-script[23426]: starting the > Postfix mail system > Nov 19 06:13:02 tico postfix/master[23428]: fatal: bind > fe80::4216:7eff:fea7:c56b port 587: Invalid argument > Nov 19 06:13:03 tico postfix/master[23427]: fatal: daemon > initialization failure > Nov 19 06:13:04 tico postfix/postfix-script[23429]: fatal: mail > system startup failed > > and this every hour. Why every hour? Are you trying to start it from a cron job? > I know that this error comes from the fact, that the IPV6 stack > misses the interface name when binding. The postfix information > page "Postfix IPv6 Support" is really not helpful in that > situation, specifying "that IPV6 is hardly used today" or similar. > > As an immediate measure I took the local interface away from the > interface list in main.cf. Now postfix runs like before. Okay, so the postconf output is AFTER this edit, was not causing the error above? > Is there a possibility to circumwent this error, adding the > interface to the address? Let's turn the question around on you. Was there a reason why you changed inet_interfaces and didn't use the default setting? By default Postfix will bind to and listen on all local interface addresses. Furthermore, why do you need the link-local address? Are there locally-connected ipv6 clients using it? Obviously no Internet mail-exchangers are using it. It looks like you also have an RFC1918-addressed LAN. If the clients are dual stack they could simply use that address. > For ssh your have the possibility to add the interface to the IPV6 > address like fe80::4216:7eff:fea7:c56b%enp2s0 separated from the > address by a percent sign. Or is there a workaround different from > not to use IPV6? See http://www.postfix.org/postconf.5.html#inet_interfaces for the syntax and defaults. > postconf -n > > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases > anvil_rate_time_unit = 60s > command_directory = /usr/sbin > config_directory = /etc/postfix > content_filter = > daemon_directory = /usr/libexec/postfix > data_directory = /data/postfix/cache > debug_peer_level = 2 > debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd > $daemon_directory/$process_name $process_id & sleep 5 > defer_transports = > disable_dns_lookups = no Set "enable_long_queue_ids = 1". > header_checks = regexp:/etc/postfix/header_checks > html_directory = no > inet_interfaces = localhost What this does: Postfix at startup time does a hosts(5) lookup per the nsswitch.conf(5) settings for "localhost". Then it binds those addresses which were returned. Typically those should be ipv4 127.0.0.1 and ipv6 ::1. > inet_protocols = all > local_recipient_maps = ldap:/etc/postfix/ldap-alias.cf With mydestination empty, this won't be used. > mail_owner = postfix > mailbox_command = > mailbox_transport = > mailq_path = /usr/bin/mailq.postfix > manpage_directory = /usr/share/man > masquerade_classes = envelope_sender, header_sender, header_recipient > masquerade_domains = > masquerade_exceptions = root > message_size_limit = 2048 > mydestination = > myhostname = myhost.mydomain.com > mynetworks = 192.168.97.0/28, 127.0.0.0/8, [::1]/128, [fe80::]/64, > [fec0::]/64 > myorigin = $mydomain > newaliases_path = /usr/bin/newaliases.postfix > postscreen_access_list = permit_mynetworks, > cidr:/etc/postfix/postscreen_access.cidr > postscreen_blacklist_action = enforce > postscreen_dnsbl_action = enforce > postscreen_dnsbl_sites = sbl-xbl.spamhaus.org*2 b.barracudacentral.org*2 > postscreen_dnsbl_threshold = 2 Why sbl-xbl and not zen? Also, why the scoring? If you're going to block on either one, leave off the *2 and omit the postscreen_dnsbl_threshold setting. > postscreen_greet_action = enforce > queue_directory = /data/postfix/queues > readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES Just a packaging bug from upgrading an ancient install, I guess; this can't actually be 2.6.6 with postscreen_* settings. > relay_domains = permit_sasl_authenticated, permit_mynetworks,$mydestination This is wrong. You probably wanted "relay_domains =". > relayhost = > sample_directory = /usr/share/doc/postfix-2.6.6/samples >
Re: Postfix and IPV6
An fe80:: IP address is not formally attached to any particular interface. It "just happens" as part of the autoconfigure regime. To use one in a listen or bind type statement, you would have to expressly state which interface you wish to use. For example, you need to use the argument "-I eth0" (or whatever) before ping6 will work with an fe80:: address. Hope this helps Allen C On 19/11/16 12:41, Wietse Venema wrote: > postfix: >> Nov 19 06:13:02 tico postfix/master[23428]: fatal: bind >> fe80::4216:7eff:fea7:c56b port 587: Invalid argument > I have never seen this problem. > > As a fix, don't specify link-local interfaces in main.cf:inet_interfaces. > > Wietse >
Re: Postfix and IPV6
postfix: > Nov 19 06:13:02 tico postfix/master[23428]: fatal: bind > fe80::4216:7eff:fea7:c56b port 587: Invalid argument I have never seen this problem. As a fix, don't specify link-local interfaces in main.cf:inet_interfaces. Wietse
Re: Postfix and IPV6
postfix wrote on 19/11/2016 07:59: I know that this error comes from the fact, that the IPV6 stack misses the interface name when binding. The postfix information page "Postfix IPv6 Support" is really not helpful in that situation, specifying "that IPV6 is hardly used smtp_bind_address6 could be your friend -- Ciao, luigi / +--[Luigi Rosa]-- \ I know exactly what you mean. Let me tell you why you're here. You're here because you know something. What you know you can't explain. But you feel it. You've felt it your entire life. That there's something wrong with the world. You don't know what it is but it's there, like a splinter in your mind driving you mad. It is this feeling that has brought you to me. Do you know what I'm talking about? --Morpheus, "Matrix"
Re: [postfix-users] Postfix and IPV6
> > mynetworks = 192.168.97.0/28, 127.0.0.0/8, [::1]/128, [fe80::]/64, > > [fec0::]/64 > > Just delete [fe80::]/64 and [fec0::]/64. > No client will use link local and site local address of your server > therefore listening on these is absolute unnecessary. ^ Eeeer... _filtering_ them is unnecesseary. Gabor
Re: [postfix-users] Postfix and IPV6
> mynetworks = 192.168.97.0/28, 127.0.0.0/8, [::1]/128, [fe80::]/64, [fec0::]/64 Just delete [fe80::]/64 and [fec0::]/64. No client will use link local and site local address of your server therefore listening on these is absolute unnecessary. Gabor
Postfix and IPV6
Hi postfixers I changed this network to "real" IPV6 (before I used 6TO4 tunnelling). Now, every host and every program (including postfix) rushes to use IPV6. But there are problems with postfix: on one Host (postfix-2.10.1-6.el7.x86_64) I had in the logs: Nov 19 06:13:01 tico postfix/postfix-script[23347]: the Postfix mail system is not running Nov 19 06:13:02 tico postfix/postfix-script[23426]: starting the Postfix mail system Nov 19 06:13:02 tico postfix/master[23428]: fatal: bind fe80::4216:7eff:fea7:c56b port 587: Invalid argument Nov 19 06:13:03 tico postfix/master[23427]: fatal: daemon initialization failure Nov 19 06:13:04 tico postfix/postfix-script[23429]: fatal: mail system startup failed and this every hour. I know that this error comes from the fact, that the IPV6 stack misses the interface name when binding. The postfix information page "Postfix IPv6 Support" is really not helpful in that situation, specifying "that IPV6 is hardly used today" or similar. As an immediate measure I took the local interface away from the interface list in main.cf. Now postfix runs like before. Is there a possibility to circumwent this error, adding the interface to the address? For ssh your have the possibility to add the interface to the IPV6 address like fe80::4216:7eff:fea7:c56b%enp2s0 separated from the address by a percent sign. Or is there a workaround different from not to use IPV6? postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases anvil_rate_time_unit = 60s command_directory = /usr/sbin config_directory = /etc/postfix content_filter = daemon_directory = /usr/libexec/postfix data_directory = /data/postfix/cache debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 defer_transports = disable_dns_lookups = no header_checks = regexp:/etc/postfix/header_checks html_directory = no inet_interfaces = localhost inet_protocols = all local_recipient_maps = ldap:/etc/postfix/ldap-alias.cf mail_owner = postfix mailbox_command = mailbox_transport = mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = root message_size_limit = 2048 mydestination = myhostname = myhost.mydomain.com mynetworks = 192.168.97.0/28, 127.0.0.0/8, [::1]/128, [fe80::]/64, [fec0::]/64 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr postscreen_blacklist_action = enforce postscreen_dnsbl_action = enforce postscreen_dnsbl_sites = sbl-xbl.spamhaus.org*2 b.barracudacentral.org*2 postscreen_dnsbl_threshold = 2 postscreen_greet_action = enforce queue_directory = /data/postfix/queues readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES relay_domains = permit_sasl_authenticated, permit_mynetworks,$mydestination relayhost = sample_directory = /usr/share/doc/postfix-2.6.6/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_tls_CAfile = /etc/postfix/cert/cacert.pem smtp_tls_loglevel = 1 smtp_tls_security_level = may smtp_tls_session_cache_database = btree:/data/postfix/cache/tls_smtp_session smtpd_client_connection_count_limit = 5 smtpd_client_connection_rate_limit = 22 smtpd_client_event_limit_exceptions = $mynetworks smtpd_client_recipient_rate_limit = 100 smtpd_client_restrictions = permit_sasl_authenticated, hash:/etc/postfix/whitelist, hash:/etc/postfix/access smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/etc/postfix/helo_checks, reject_invalid_hostname smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client mail-abuse.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client cbl.abuseat.org, reject_rhsbl_client mail-abuse.org, reject_rhsbl_client sbl-xbl.spamhaus.org, reject_rhsbl_client blackholes.easynet.nl, reject_rhsbl_client cbl.abuseat.org check_recipient_access hash:/etc/postfix/check_recipients, check_recipient_access hash:/etc/postfix/access, check_recipient_access ldap:/etc/postfix/ldap-spamfilter.cf, permit smtpd_sasl_auth_enable = no smtpd_sasl_local_domain = postfix smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_sender_domain, hash:/etc/postfix/whitelist, check_sender_access hash:/etc/postfix/access, reject_rhsbl_sender dsn.rfc-ignorant.org smtpd_tls_CAfile = /etc/postfix/cert/cacert.pem smtpd_tls_CApath = /etc/postfix/cert/CA smtpd_tls_cert_file = /etc/postfix/cert/violina.mail.cert.pem smtpd_tls_key_file = /etc/postfix/cert/violina.mail.key.pem smtpd_tls_loglevel = 1 smtpd_tls_security_level = may smtpd_tls_session_cache_database = btr
Postfix uses IPv6 for mails to googlemail.com, but IPv4 for gmail.com
Hi, my (dual-stack IPv4/6) mail server consistently delivers mails to @googlemail.com recipients via IPv6, but falls back to IPv4 for @gmail.com — even though it uses the same relay hostname (gmail-smtp-in.l.google.com) in both cases. What could possibly cause this behavior? I've attached a single example log snippet below, but this server has been showing this odd pattern ever since I set it up about a week ago. Regards, Nils alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes config_directory = /etc/postfix delay_warning_time = 10m header_checks = regexp:/etc/postfix/header_checks home_mailbox = Maildir/ inet_interfaces = all local_recipient_maps = hash:/etc/postfix/local_recipientlist mailbox_command = /usr/lib/dovecot/dovecot-lda -f $SENDER -a $RECIPIENT mailbox_size_limit = 0 message_size_limit = 104857600 mydestination = regexp:/etc/postfix/mydestinations myhostname = ny.voidptr.de mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 mynetworks_style = host myorigin = voidptr.de readme_directory = no recipient_delimiter = + relayhost = smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = voidptr.de smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_CAfile = /etc/ssl/certs/own/ca-bundle.crt smtpd_tls_cert_file = /etc/ssl/certs/own/mail.voidptr.de.pem smtpd_tls_key_file = /etc/ssl/certs/own/mail.voidptr.de.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes virtual_alias_maps = hash:/etc/postfix/virtual Jun 21 05:00:05 ny postfix/smtp[15906]: 56FE422AF7: to=redact...@googlemail.com, relay=gmail-smtp-in.l.google.com[2a00:1450:4013:c01::1a]:25, delay=1.6, delays=0.29/0.03/0.11/1.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1403319605 dm4si13566324wjb.26 - gsmtp) Jun 21 05:00:05 ny postfix/smtp[15906]: 56FE422AF7: to=redact...@googlemail.com, relay=gmail-smtp-in.l.google.com[2a00:1450:4013:c01::1a]:25, delay=1.6, delays=0.29/0.03/0.11/1.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1403319605 dm4si13566324wjb.26 - gsmtp) Jun 21 05:00:06 ny postfix/smtp[15903]: 56FE422AF7: to=redact...@gmail.com, relay=gmail-smtp-in.l.google.com[74.125.136.27]:25, delay=2, delays=0.29/0.02/0.11/1.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1403319606 uw4si13557471wjc.48 - gsmtp) Jun 21 05:00:06 ny postfix/smtp[15903]: 56FE422AF7: to=redact...@gmail.com, relay=gmail-smtp-in.l.google.com[74.125.136.27]:25, delay=2, delays=0.29/0.02/0.11/1.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1403319606 uw4si13557471wjc.48 - gsmtp) Jun 21 05:00:06 ny postfix/smtp[15903]: 56FE422AF7: to=redact...@gmail.com, relay=gmail-smtp-in.l.google.com[74.125.136.27]:25, delay=2, delays=0.29/0.02/0.11/1.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1403319606 uw4si13557471wjc.48 - gsmtp)
Re: Postfix uses IPv6 for mails to googlemail.com, but IPv4 for gmail.com
Nils Steinger: Hi, my (dual-stack IPv4/6) mail server consistently delivers mails to @googlemail.com recipients via IPv6, but falls back to IPv4 for Recent Postfix SMTP clients randomly select between IPv4 and IPv6 so that mail won't get stuck when one of the two is down. Perhaps you have an older Postfix version or someone turned off random protocol selection. Wietse
Re: Postfix uses IPv6 for mails to googlemail.com, but IPv4 for gmail.com
On Sat, Jun 21, 2014 at 03:06:53PM -0400, Wietse Venema wrote: Recent Postfix SMTP clients randomly select between IPv4 and IPv6 so that mail won't get stuck when one of the two is down. I had another look at the logs and as it turns out, that's exactly what happens — I just happened to get the same selection (googlemail → IPv6, gmail → IPv4) three days in a row. Going back further reveals that it does indeed use both protocols for both recipient domains. Thanks for the hint! Regards, Nils
Re: Postfix with IPV6 error
Wietse Venema wietse at porcupine.org writes: It makes perfect sense: the IPv4 address is assigned FIRST and the IPv6 address is assigned LAST. If you want to find out why a FreeBSD jail network interface behaves the way it does, then that would be an excellent question for a FreeBSD mailing list. I don't think that waiting for three seconds makes a fundamental difference in how Postfix works, or how FreeBSD system calls work. No, it doesn't, it's just not a very elegant solution but at least it works for now. I'll take this over to the FreeBSD discussions. Thank you very much for your help and pointing me in the right direction.
Postfix with IPV6 error bind :: port 25: Can't assign requested address
Hello! I have a server running FreeBSD 8.1 with FreeBSD 8.1 jails running on it. I have ipv6 running on both the main server and jails and that is all fine. I'm running into a strange problem when it comes to postfix though and was wondering if anyone has any clues. What's happening is that postfix will not start automatically when the jail is started when 'inet_protocols' is set to either 'all' or 'ipv4, ipv6'. The error in the logs is: fatal: bind :: port 25: Can't assign requested address. The odd thing is that I can enter the jail right away and start postfix from the command line and it works fine. Also, if I specify the '-D' flag in rc.conf and set the debug command in main.cf to 'sleep 3' then postfix will start automatically when the jail is started. I've also tried setting 'inet_interfaces = loopback-only' in main.cf which gives the following error in the log: fatal: /usr/local/etc/postfix/master.cf: line 22: no valid IP address found: smtp And setting '127.0.0.1:smtp ...' in master.cf works but then postfix only listens on ipv4: tcp4 0 0 jailhost.ssh *.*LISTEN tcp6 0 0 jailhost.ssh *.*LISTEN tcp46 0 0 *.http *.*LISTEN tcp4 0 0 jailhost.smtp *.*LISTEN Setting '[::1]:smtp ...' in master.cf does not work. This is the error in the mail log: fatal: bind :: port 25: Can't assign requested address I've read through the postfix manual, looked around online and tried many different settings but nothing works (besides that hack of running with the -D flag). I'd super appreciate any help or any ideas anyone may have. If more info is needed please let me know and I will post. Below is the output of 'postconf - n' Thank you for your time and help! command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix content_filter = scan:blocker:10025 daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 html_directory = /usr/local/share/doc/postfix inet_protocols = ipv4, ipv6 mail_owner = postfix mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man myhostname = example.com mynetworks_style = host newaliases_path = /usr/local/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix receive_override_options = no_address_mappings sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_rbl_client sbl.spamhaus.org smtpd_helo_required = yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_recipient, reject_unlisted_recipient, reject_unauth_destination, reject_unknown_recipient_domain,check_policy_service inet:blocker:10031 smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_rbl_client sbl.spamhaus.org, reject_unknown_sender_domain soft_bounce = no unknown_local_recipient_reject_code = 550
Re: Postfix with IPV6 error bind :: port 25: Can't assign requested address
Sam: Hello! I have a server running FreeBSD 8.1 with FreeBSD 8.1 jails running on it. I have ipv6 running on both the main server and jails and that is all fine. I'm running into a strange problem when it comes to postfix though and was wondering if anyone has any clues. What's happening is that postfix will not start automatically when the jail is started when 'inet_protocols' is set to either 'all' or 'ipv4, ipv6'. The error in the logs is: fatal: bind :: port 25: Can't assign requested address. Translation: the attempt to bind to :: port 25 failed, because the jail network interface does not have an IPv6 address. This means that Postfix is started before the network address is configured on the jail interface. The odd thing is that I can enter the jail right away and start postfix from the command line and it works fine. Also, if I specify the '-D' flag in rc.conf and set the debug command in main.cf to 'sleep 3' then postfix will start automatically when the jail is started. You have a race condition where Postfix is started before the jail network interface is fully initialized. The workaround is to insert some delay before Postfix starts. The solution is to file a bug report with FreeBSD. The /etc/rc.d scripts must not start network daemons before the network is ready. Wietse
Re: Postfix with IPV6 error bind :: port 25: Can't assign requested address
Wietse Venema wietse at porcupine.org writes: Sam: Hello! I have a server running FreeBSD 8.1 with FreeBSD 8.1 jails running on it. I have ipv6 running on both the main server and jails and that is all fine. I'm running into a strange problem when it comes to postfix though and was wondering if anyone has any clues. What's happening is that postfix will not start automatically when the jail is started when 'inet_protocols' is set to either 'all' or 'ipv4, ipv6'. The error in the logs is: fatal: bind :: port 25: Can't assign requested address. Translation: the attempt to bind to :: port 25 failed, because the jail network interface does not have an IPv6 address. This means that Postfix is started before the network address is configured on the jail interface. That's interesting, I was wondering about that but it looked to me that the network was started before the other daemons. I will ask on the FreeBSD mailing lists like you suggested. My question though is why does it start fine when only ipv4 is used but not when ipv6 is used either by it's self or with ipv4? The odd thing is that I can enter the jail right away and start postfix from the command line and it works fine. Also, if I specify the '-D' flag in rc.conf and set the debug command in main.cf to 'sleep 3' then postfix will start automatically when the jail is started. You have a race condition where Postfix is started before the jail network interface is fully initialized. The workaround is to insert some delay before Postfix starts. I guess this is why starting it with 'sleep 3' allowed postfix to start automatically. The solution is to file a bug report with FreeBSD. The /etc/rc.d scripts must not start network daemons before the network is ready. See my question above about postfix starting fine when only ipv4 is used. Also, apache and sshd start fine and they start at the same time postfix does if I'm not mistaken. I'm no expert though so I'm probably missing something somewhere. I will contact FreeBSD about this though. Thanks for the suggestion. Wietse Thanks Wietse, I appreciate your time and help. -Sam
Re: Postfix with IPV6 error bind :: port 25: Can't assign requested address
Sam: either 'all' or 'ipv4, ipv6'. The error in the logs is: fatal: bind :: port 25: Can't assign requested address. Wietse: Translation: the attempt to bind to :: port 25 failed, because the jail network interface does not have an IPv6 address. This means that Postfix is started before the network address is configured on the jail interface. Sam: That's interesting, I was wondering about that but it looked to me that the network was started before the other daemons. I will ask on the FreeBSD mailing lists like you suggested. My question though is why does it start fine when only ipv4 is used but not when ipv6 is used either by it's self or with ipv4? It makes perfect sense: the IPv4 address is assigned FIRST and the IPv6 address is assigned LAST. If you want to find out why a FreeBSD jail network interface behaves the way it does, then that would be an excellent question for a FreeBSD mailing list. I don't think that waiting for three seconds makes a fundamental difference in how Postfix works, or how FreeBSD system calls work. Wietse
Re: Operating Postfix with IPv6 (dual-stack)
Zitat von Wietse Venema wie...@porcupine.org: lst_ho...@kwsoft.de: Hello we are on the way to IPv6 and some question arise about Postfix IPv6 behaviour in dual stack setup. You mean dual-protocol. Unlike some versions of Linux, there exist systems that have a single unified TCP/IP stack implementation (the protocols have a fair amount of behavior in common). 1.) Do the lookups for when resolving MX records occur in parallel to A queries, or is some additional latency expected due to the fact that many queries fail by timeout and others resolving errors? With smtp_host_lookup=dns, all SMTP client lookups are sequential. With smtp_host_lookup=native (or dns,native) Postfix in dual-protocol mode will invoke getaddrinfo() with hints.ai_family=PF_UNSPEC. The internals of getaddrinfo() are system dependent. 2.) Do /ip6.arpa lookup occur on client connects from IPv4 addresses or only when a client connects by IPv6 (name/reverse lookups)? The Postfix SMTP server's FCRDNS lookups use the getnameinfo() and getaddrinfo() system library functions. In dual-protocol mode, Postfix invokes getaddrinfo() with hints.ai_family=PF_UNSPEC; it would be smarter to pass the client's address family instead. Wietse Is the last point still on todo list or considered worth to be included in the future? Regards Andreas smime.p7s Description: S/MIME Cryptographic Signature
Re: Operating Postfix with IPv6 (dual-stack)
lst_ho...@kwsoft.de: Zitat von Wietse Venema wie...@porcupine.org: lst_ho...@kwsoft.de: Hello we are on the way to IPv6 and some question arise about Postfix IPv6 behaviour in dual stack setup. You mean dual-protocol. Unlike some versions of Linux, there exist systems that have a single unified TCP/IP stack implementation (the protocols have a fair amount of behavior in common). 1.) Do the lookups for when resolving MX records occur in parallel to A queries, or is some additional latency expected due to the fact that many queries fail by timeout and others resolving errors? With smtp_host_lookup=dns, all SMTP client lookups are sequential. With smtp_host_lookup=native (or dns,native) Postfix in dual-protocol mode will invoke getaddrinfo() with hints.ai_family=PF_UNSPEC. The internals of getaddrinfo() are system dependent. 2.) Do /ip6.arpa lookup occur on client connects from IPv4 addresses or only when a client connects by IPv6 (name/reverse lookups)? The Postfix SMTP server's FCRDNS lookups use the getnameinfo() and getaddrinfo() system library functions. In dual-protocol mode, Postfix invokes getaddrinfo() with hints.ai_family=PF_UNSPEC; it would be smarter to pass the client's address family instead. Wietse Is the last point still on todo list or considered worth to be included in the future? It is not a high priority. Moreover, this means ripping up a low-level API, so it would take longer. I'm still fixing code that was merged into Postfix 9 years ago. Wietse
Re: Operating Postfix with IPv6 (dual-stack)
Wietse Venema: 2.) Do /ip6.arpa lookup occur on client connects from IPv4 addresses or only when a client connects by IPv6 (name/reverse lookups)? The Postfix SMTP server's FCRDNS lookups use the getnameinfo() and getaddrinfo() system library functions. In dual-protocol mode, Postfix invokes getaddrinfo() with hints.ai_family=PF_UNSPEC; it would be smarter to pass the client's address family instead. Wietse Is the last point still on todo list or considered worth to be included in the future? It is not a high priority. Moreover, this means ripping up a low-level API, so it would take longer. I'm still fixing code that was merged into Postfix 9 years ago. Fixed. Grumble. Another to hours of analysis, implementation, test, documentation, and review. Wietse
Re: Operating Postfix with IPv6 (dual-stack)
Zitat von Wietse Venema wie...@porcupine.org: Wietse Venema: 2.) Do /ip6.arpa lookup occur on client connects from IPv4 addresses or only when a client connects by IPv6 (name/reverse lookups)? The Postfix SMTP server's FCRDNS lookups use the getnameinfo() and getaddrinfo() system library functions. In dual-protocol mode, Postfix invokes getaddrinfo() with hints.ai_family=PF_UNSPEC; it would be smarter to pass the client's address family instead. Wietse Is the last point still on todo list or considered worth to be included in the future? It is not a high priority. Moreover, this means ripping up a low-level API, so it would take longer. I'm still fixing code that was merged into Postfix 9 years ago. Fixed. Grumble. Another to hours of analysis, implementation, test, documentation, and review. Wietse Sorry, i did not want to bother you. My only intention was to prevent that something maybe valuable for performance might get lost. Many Thanks Andreas smime.p7s Description: S/MIME Cryptographic Signature
Operating Postfix with IPv6 (dual-stack)
Hello we are on the way to IPv6 and some question arise about Postfix IPv6 behaviour in dual stack setup. 1.) Do the lookups for when resolving MX records occur in parallel to A queries, or is some additional latency expected due to the fact that many queries fail by timeout and others resolving errors? 2.) Do /ip6.arpa lookup occur on client connects from IPv4 addresses or only when a client connects by IPv6 (name/reverse lookups)? Additionally any hints and feedback about potential pitfalls from people already doing IPv6 is welcome. Many Thanks Andreas smime.p7s Description: S/MIME Cryptographic Signature
Re: Operating Postfix with IPv6 (dual-stack)
lst_ho...@kwsoft.de: Hello we are on the way to IPv6 and some question arise about Postfix IPv6 behaviour in dual stack setup. You mean dual-protocol. Unlike some versions of Linux, there exist systems that have a single unified TCP/IP stack implementation (the protocols have a fair amount of behavior in common). 1.) Do the lookups for when resolving MX records occur in parallel to A queries, or is some additional latency expected due to the fact that many queries fail by timeout and others resolving errors? With smtp_host_lookup=dns, all SMTP client lookups are sequential. With smtp_host_lookup=native (or dns,native) Postfix in dual-protocol mode will invoke getaddrinfo() with hints.ai_family=PF_UNSPEC. The internals of getaddrinfo() are system dependent. 2.) Do /ip6.arpa lookup occur on client connects from IPv4 addresses or only when a client connects by IPv6 (name/reverse lookups)? The Postfix SMTP server's FCRDNS lookups use the getnameinfo() and getaddrinfo() system library functions. In dual-protocol mode, Postfix invokes getaddrinfo() with hints.ai_family=PF_UNSPEC; it would be smarter to pass the client's address family instead. Wietse Additionally any hints and feedback about potential pitfalls from people already doing IPv6 is welcome. Many Thanks Andreas
Re: Operating Postfix with IPv6 (dual-stack)
Zitat von Wietse Venema wie...@porcupine.org: lst_ho...@kwsoft.de: Hello we are on the way to IPv6 and some question arise about Postfix IPv6 behaviour in dual stack setup. You mean dual-protocol. Unlike some versions of Linux, there exist systems that have a single unified TCP/IP stack implementation (the protocols have a fair amount of behavior in common). Sorry for being imprecise. Most of talk in IPv6 is about dual-stack so i adopted it without thinking twice about the technical details... 1.) Do the lookups for when resolving MX records occur in parallel to A queries, or is some additional latency expected due to the fact that many queries fail by timeout and others resolving errors? With smtp_host_lookup=dns, all SMTP client lookups are sequential. With smtp_host_lookup=native (or dns,native) Postfix in dual-protocol mode will invoke getaddrinfo() with hints.ai_family=PF_UNSPEC. The internals of getaddrinfo() are system dependent. From what i can see i don't want smtp_host_lookup=native for potential side-effects, but do i get it right that it is still unsure if the lookup is done in parallel or not when using native? 2.) Do /ip6.arpa lookup occur on client connects from IPv4 addresses or only when a client connects by IPv6 (name/reverse lookups)? The Postfix SMTP server's FCRDNS lookups use the getnameinfo() and getaddrinfo() system library functions. In dual-protocol mode, Postfix invokes getaddrinfo() with hints.ai_family=PF_UNSPEC; it would be smarter to pass the client's address family instead. So it is suspected to change some day, but as of now dependant on the OS/nsswitch.conf used? Many Thanks Andreas smime.p7s Description: S/MIME Cryptographic Signature
Re: Operating Postfix with IPv6 (dual-stack)
lst_ho...@kwsoft.de: [ Charset ISO-8859-1 unsupported, converting... ] Zitat von Wietse Venema wie...@porcupine.org: lst_ho...@kwsoft.de: Hello we are on the way to IPv6 and some question arise about Postfix IPv6 behaviour in dual stack setup. You mean dual-protocol. Unlike some versions of Linux, there exist systems that have a single unified TCP/IP stack implementation (the protocols have a fair amount of behavior in common). Sorry for being imprecise. Most of talk in IPv6 is about dual-stack so i adopted it without thinking twice about the technical details... 1.) Do the lookups for when resolving MX records occur in parallel to A queries, or is some additional latency expected due to the fact that many queries fail by timeout and others resolving errors? With smtp_host_lookup=dns, all SMTP client lookups are sequential. With smtp_host_lookup=native (or dns,native) Postfix in dual-protocol mode will invoke getaddrinfo() with hints.ai_family=PF_UNSPEC. The internals of getaddrinfo() are system dependent. From what i can see i don't want smtp_host_lookup=native for potential side-effects, but do i get it right that it is still unsure if the lookup is done in parallel or not when using native? That is operating system dependent. 2.) Do /ip6.arpa lookup occur on client connects from IPv4 addresses or only when a client connects by IPv6 (name/reverse lookups)? The Postfix SMTP server's FCRDNS lookups use the getnameinfo() and getaddrinfo() system library functions. In dual-protocol mode, Postfix invokes getaddrinfo() with hints.ai_family=PF_UNSPEC; it would be smarter to pass the client's address family instead. So it is suspected to change some day, but as of now dependant on the OS/nsswitch.conf used? That is also operating system dependent. Wietse
Re: Operating Postfix with IPv6 (dual-stack)
On Mon, Nov 15, 2010 at 09:47:07AM -0500, Wietse Venema wrote: With smtp_host_lookup=dns, all SMTP client lookups are sequential. With smtp_host_lookup=native (or dns,native) Postfix in dual-protocol mode will invoke getaddrinfo() with hints.ai_family=PF_UNSPEC. The internals of getaddrinfo() are system dependent. From what i can see i don't want smtp_host_lookup=native for potential side-effects, but do i get it right that it is still unsure if the lookup is done in parallel or not when using native? That is operating system dependent. In other words, native lookup behaviour is out of Postfix's hands. As for dns lookups, Postfix looks up and A records sequentially, async DNS libraries are not standard with most systems, so it is not possible to issue two DNS queries and wait for both to complete, without using threads, which is a non-starter, or calling out to external helper processes (which is not terribly attractive). At this time, it probably does not make sense for Postfix to bundle an async DNS lookup library with its source code. Conditionally compiling-in support for such a library is a bit painful, though opendkim seems to have taken that approach. They have a DNS lookup driver layer, and the driver reports whether it can support overlapping queries... You can then choose to use an async DNS library if you have one. -- Viktor.
Re: Operating Postfix with IPv6 (dual-stack)
Zitat von Victor Duchovni victor.ducho...@morganstanley.com: On Mon, Nov 15, 2010 at 09:47:07AM -0500, Wietse Venema wrote: With smtp_host_lookup=dns, all SMTP client lookups are sequential. With smtp_host_lookup=native (or dns,native) Postfix in dual-protocol mode will invoke getaddrinfo() with hints.ai_family=PF_UNSPEC. The internals of getaddrinfo() are system dependent. From what i can see i don't want smtp_host_lookup=native for potential side-effects, but do i get it right that it is still unsure if the lookup is done in parallel or not when using native? That is operating system dependent. In other words, native lookup behaviour is out of Postfix's hands. As for dns lookups, Postfix looks up and A records sequentially, async DNS libraries are not standard with most systems, so it is not possible to issue two DNS queries and wait for both to complete, without using threads, which is a non-starter, or calling out to external helper processes (which is not terribly attractive). At this time, it probably does not make sense for Postfix to bundle an async DNS lookup library with its source code. Conditionally compiling-in support for such a library is a bit painful, though opendkim seems to have taken that approach. They have a DNS lookup driver layer, and the driver reports whether it can support overlapping queries... You can then choose to use an async DNS library if you have one. Thanks for explaining the details. I don't really have the traffic to care about this limitation, it was more of to learn about implications on deploying IPv6 in a network with different services running and to get knowledge where problems might arise. Regards Andreas smime.p7s Description: S/MIME Cryptographic Signature
Re: Operating Postfix with IPv6 (dual-stack)
On Mon, Nov 15, 2010 at 10:00:42PM +0100, lst_ho...@kwsoft.de wrote: Conditionally compiling-in support for such a library is a bit painful, though opendkim seems to have taken that approach. They have a DNS lookup driver layer, and the driver reports whether it can support overlapping queries... You can then choose to use an async DNS library if you have one. Thanks for explaining the details. I don't really have the traffic to care about this limitation, it was more of to learn about implications on deploying IPv6 in a network with different services running and to get knowledge where problems might arise. Note that async libraries will rarely help with MX host resolution. In almost all problem situations, one of the record types will dominate the lookup time and Postfix will have to wait for both to complete, and parallelizing does not speed up the slow path. -- Viktor.