Re: smtp-sink does not support all ipv6 addresses?
On 04-01-16 18:58, Wietse Venema wrote: > Tom Hendrikx: >> >> Hi, >> >> I'm trying to setup a test environment using smtp-sink as a mail >> receiver. For ipv4 I'm running smtp-sink on random addresses in >> 127.0.0.0/8, and was looking for the same trick on ipv6. My OS allows me >> to (ab)use :::0:0/96 for this, but unfortunately, smtp-sink does not: >> >> $ smtp-sink -v :::127.1.2.3:12345 100 >> smtp-sink: name_mask: all >> smtp-sink: trying... [:::127.1.2.3]:12345 >> smtp-sink: fatal: bind :::127.1.2.3 port 12345: Invalid argument > > The bind(2) system call rejects the address. Postfix is the messenger > of bad news. Don't blame the messenger. > > Wietse > I did some rummaging in the source code to see what I'm doing wrong, and found out that inet_listen.c sets the IPV6_V6ONLY flag on the socket [1], which makes the bind(2) bail out. If I remove the setsockopt(2) call and recompile, smtp-sink works as I hoped: $ ./smtp-sink -v :::127.1.2.3:12345 100 ./smtp-sink: name_mask: all ./smtp-sink: trying... [:::127.1.2.3]:12345 ./smtp-sink: connect (AF_INET6 :::127.0.0.1) ./smtp-sink: vstream_tweak_tcp: TCP_MAXSEG 21888 ./smtp-sink: fd=5: stream buffer size old=0 new=43776 ./smtp-sink: smtp_stream_setup: maxtime=100 enable_deadline=0 ./smtp-sink: helo test ./smtp-sink: quit ./smtp-sink: disconnect I can see the use of the setsockopt call, since leaving it out has the side effect that smtp-sink is also reachable on 127.1.2.3 (ipv4). On the other hand, that behaviour is sort of what I requested when I explicitly specified an IPv4-mapped IPv6 address. So this means IMHO that IPv4-mapped IPv6 listen addresses are not supported/explicitly disabled by postfix, it has nothing to do with bind(2). Would be nice if that was mentioned somewhere. [1]: https://github.com/vdukhovni/postfix/blob/master/postfix/src/util/inet_listen.c#L145 Regards, Tom
Re: smtp-sink does not support all ipv6 addresses?
Tom Hendrikx: > I can see the use of the setsockopt call, since leaving it out has the > side effect that smtp-sink is also reachable on 127.1.2.3 (ipv4). On the > other hand, that behaviour is sort of what I requested when I explicitly > specified an IPv4-mapped IPv6 address. If you want to talk IPv4, you must specify IPv4. Having two ways to specify the same IP address is a security hole. Wietse
smtp-sink does not support all ipv6 addresses?
Hi,
I'm trying to setup a test environment using smtp-sink as a mail
receiver. For ipv4 I'm running smtp-sink on random addresses in
127.0.0.0/8, and was looking for the same trick on ipv6. My OS allows me
to (ab)use :::0:0/96 for this, but unfortunately, smtp-sink does not:
$ smtp-sink -v :::127.1.2.3:12345 100
smtp-sink: name_mask: all
smtp-sink: trying... [:::127.1.2.3]:12345
smtp-sink: fatal: bind :::127.1.2.3 port 12345: Invalid argument
$ smtp-sink -v :::7f01:203:12345 100
smtp-sink: name_mask: all
smtp-sink: trying... [:::127.1.2.3]:12345
smtp-sink: fatal: bind :::127.1.2.3 port 12345: Invalid argument
As shown below, postfix and smtp-sink are built with ipv6 support:
$ smtp-sink -v ::1:12345 100
smtp-sink: name_mask: all
smtp-sink: trying... [::1]:12345
smtp-sink: connect (AF_INET6 ::5b00:0:6e00:0)
smtp-sink: vstream_tweak_tcp: TCP_MAXSEG 21888
smtp-sink: fd=5: stream buffer size old=0 new=43776
smtp-sink: smtp_stream_setup: maxtime=100 enable_deadline=0
smtp-sink: helo test
smtp-sink: quit
smtp-sink: disconnect
And this is the way I want to actually connect to it (using postfix in
stead of smtp-sink, seems to work fine):
$ python3
Python 3.4.3+ (default, Oct 14 2015, 16:03:50)
[GCC 5.2.1 20151010] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import socket
>>> sock = socket.socket(socket.AF_INET6)
>>> sock.bind((':::127.1.2.3', 0))
>>> sock.connect((':::127.0.0.1', 25))
>>> sock.recv(1024)
b'220 tom-workstation ESMTP Postfix (Ubuntu)\r\n'
>>>
For the record: I'm hoping to be able to use an ipv6 address that is
available by default on a unix system (i.e. without explicitly setting
up an actual route-able address). Any ideas why this is isn't working?
Using postfix 2.11.3
Regards,
Tom
Re: smtp-sink does not support all ipv6 addresses?
Tom Hendrikx: > > Hi, > > I'm trying to setup a test environment using smtp-sink as a mail > receiver. For ipv4 I'm running smtp-sink on random addresses in > 127.0.0.0/8, and was looking for the same trick on ipv6. My OS allows me > to (ab)use :::0:0/96 for this, but unfortunately, smtp-sink does not: > > $ smtp-sink -v :::127.1.2.3:12345 100 > smtp-sink: name_mask: all > smtp-sink: trying... [:::127.1.2.3]:12345 > smtp-sink: fatal: bind :::127.1.2.3 port 12345: Invalid argument The bind(2) system call rejects the address. Postfix is the messenger of bad news. Don't blame the messenger. Wietse
