Re: [courier-users] IPV6 and Debian testing
On 01/22/2011 08:34 PM, Alessandro Vesely wrote: On 21/Jan/11 12:58, Sam Varshavchik wrote: Gordon Messmer writes: If Courier specifically sets IPV6_V6ONLY to int 0, it should override Debian's behavior and allow the application to function normally: int on = 0; if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, (char *)on, sizeof(on)) == -1) perror(setsockopt IPV6_V6ONLY); Splendid. We have our solution. I'm in the middle of pulling all the innards out, and hopefully putting them back, sometime soon, but this is going to be the next thing on the chopping block. Will that have a chance to make it in squeeze before it rolls out? (When is that due?) No, as the release date is scheduled 5th/6th February, right at FOSDEM :-). I suppose we can get packages with Gordon's patch applied into the first point release for Squeeze. Also, I'll check if there is still time to get a hint about that problem into the release notes. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] IPV6 and Debian testing
On 21/Jan/11 12:58, Sam Varshavchik wrote: Gordon Messmer writes: If Courier specifically sets IPV6_V6ONLY to int 0, it should override Debian's behavior and allow the application to function normally: int on = 0; if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, (char *)on, sizeof(on)) == -1) perror(setsockopt IPV6_V6ONLY); Splendid. We have our solution. I'm in the middle of pulling all the innards out, and hopefully putting them back, sometime soon, but this is going to be the next thing on the chopping block. Will that have a chance to make it in squeeze before it rolls out? (When is that due?) -- -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] IPV6 and Debian testing
Alessandro Vesely writes: On 21/Jan/11 12:58, Sam Varshavchik wrote: Gordon Messmer writes: If Courier specifically sets IPV6_V6ONLY to int 0, it should override Debian's behavior and allow the application to function normally: int on = 0; if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, (char *)on, sizeof(on)) == -1) perror(setsockopt IPV6_V6ONLY); Splendid. We have our solution. I'm in the middle of pulling all the innards out, and hopefully putting them back, sometime soon, but this is going to be the next thing on the chopping block. Will that have a chance to make it in squeeze before it rolls out? (When is that due?) Yes, I put this in. Just finished everything - it's a major rewrite of all unicode conversion code, which predated iconv(). All the custom unicode code and character sets, are gone and replaced by iconv, except for the upper/lower/titlecase conversion tables, and character width tables. iconv() has no equivalent functionality. Not sure what the schedule is. I'll have some tarballs shortly, but there are more changes here than happened in quite a few years, so for a little while it's better to proceed cautiously. A lot of stuff can potentially break. Hopefully not, we'll seeā¦ pgpjFuXyjWf8H.pgp Description: PGP signature -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] IPV6 and Debian testing
On 01/20/2011 07:19 PM, Sam Varshavchik wrote: Gordon Messmer writes: Wouldn't the easiest fix be to use IPV6_V6ONLY mentioned in section 5.3 of RFC 3493? No, that's something that's unrelated. I really think they're the same thing. The documentation for the IPV6_V6ONLY sockopt indicates that this is a boolean value controlling whether or not an AF_INET6 is V6ONLY or not. The Linux man page for ipv6 further clarifies that /proc/sys/net/ipv6/bindv6only, which Debian has set to 1 specifies the default value for IPV6_V6ONLY. If Courier specifically sets IPV6_V6ONLY to int 0, it should override Debian's behavior and allow the application to function normally: int on = 0; if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, (char *)on, sizeof(on)) == -1) perror(setsockopt IPV6_V6ONLY); -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] IPV6 and Debian testing
Gordon Messmer writes: On 01/20/2011 07:19 PM, Sam Varshavchik wrote: Gordon Messmer writes: Wouldn't the easiest fix be to use IPV6_V6ONLY mentioned in section 5.3 of RFC 3493? No, that's something that's unrelated. I really think they're the same thing. The documentation for the IPV6_V6ONLY sockopt indicates that this is a boolean value controlling whether or not an AF_INET6 is V6ONLY or not. The Linux man page for ipv6 further clarifies that /proc/sys/net/ipv6/bindv6only, which Debian has set to 1 specifies the default value for IPV6_V6ONLY. If Courier specifically sets IPV6_V6ONLY to int 0, it should override Debian's behavior and allow the application to function normally: int on = 0; if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, (char *)on, sizeof(on)) == -1) perror(setsockopt IPV6_V6ONLY); Splendid. We have our solution. I'm in the middle of pulling all the innards out, and hopefully putting them back, sometime soon, but this is going to be the next thing on the chopping block. pgpyeSnlPrHtp.pgp Description: PGP signature -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] IPV6 and Debian testing
Mark Constable writes: I upgraded to Debian testing with courier-mta 0.65.0 on one server about 6 months ago and courier stopped working with strange network errors so I moved that mail host to another non-Debian box. Today I finally found a solution after seeing this and some more googling... # strace testmxlookup debian.org [...] sendto(3, IC\1\0\0\1\0\0\0\0\0\0\6debian\3org\0\0\17\0\1, 28, 0, {sa_family=AF_INET6, sin6_port=htons(53), inet_pton(AF_INET6, :::127.0.0.1, sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 ENETUNREACH (Network is unreachable) [...] edit /etc/sysctl.d/bindv6only.conf change net.ipv6.bindv6only = 1 to 0 invoke-rc.d procps restart This setting only affected courier, all other services seemed to work just fine. My question is how to configure courier-mta to work with the above default net.ipv6.bindv6only = 1 setting for when Debian testing becomes stable and I go to upgrade other servers? The problem is that IPv6-mapped IPv4 addresses are a part of the official IPv6 spec. If you have an IPV6 socket, you are expected to be able to use it to contact IPv4 addresses. RFC 4038, 4.2. Courier's code relies on being able to use IPv6 sockets to connect to either IPv4 or IPv6 addresses. There is no way to configure that an IPv4 socket be used for IPv4 addresses, and IPv6 sockets for IPv6 addresses. Doing something like this requires some code rewriting. pgpcspF0oziiq.pgp Description: PGP signature -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] IPV6 and Debian testing
On 21/01/11, Sam Varshavchik wrote: My question is how to configure courier-mta to work with the above default net.ipv6.bindv6only = 1 setting for when Debian testing becomes stable and I go to upgrade other servers? The problem is that IPv6-mapped IPv4 addresses are a part of the official IPv6 spec. If you have an IPV6 socket, you are expected to be able to use it to contact IPv4 addresses. RFC 4038, 4.2. Courier's code relies on being able to use IPv6 sockets to connect to either IPv4 or IPv6 addresses. There is no way to configure that an IPv4 socket be used for IPv4 addresses, and IPv6 sockets for IPv6 addresses. Doing something like this requires some code rewriting. Perhaps this could be a heads up that when Debian 6 (squeeze) is released in the next month or so that this will become an issue for Debian stable + courier users. ~ cat /etc/sysctl.d/bindv6only.conf # This sysctl sets the default value of the IPV6_V6ONLY socket option. # # When disabled, IPv6 sockets will also be able to send and receive IPv4 # traffic with addresses in the form :::192.0.2.1 and daemons listening # on IPv6 sockets will also accept IPv4 connections. # # When IPV6_V6ONLY is enabled, daemons interested in both IPv4 and IPv6 # connections must open two listening sockets. # This is the default behaviour of almost all modern operating systems. net.ipv6.bindv6only = 1 For future googlers, I had to change the above 1 to 0 for courier to work. --markc -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] IPV6 and Debian testing
Mark Constable writes: On 21/01/11, Sam Varshavchik wrote: My question is how to configure courier-mta to work with the above default net.ipv6.bindv6only = 1 setting for when Debian testing becomes stable and I go to upgrade other servers? The problem is that IPv6-mapped IPv4 addresses are a part of the official IPv6 spec. If you have an IPV6 socket, you are expected to be able to use it to contact IPv4 addresses. RFC 4038, 4.2. Courier's code relies on being able to use IPv6 sockets to connect to either IPv4 or IPv6 addresses. There is no way to configure that an IPv4 socket be used for IPv4 addresses, and IPv6 sockets for IPv6 addresses. Doing something like this requires some code rewriting. Perhaps this could be a heads up that when Debian 6 (squeeze) is released in the next month or so that this will become an issue for Debian stable + courier users. ~ cat /etc/sysctl.d/bindv6only.conf # This sysctl sets the default value of the IPV6_V6ONLY socket option. # # When disabled, IPv6 sockets will also be able to send and receive IPv4 # traffic with addresses in the form :::192.0.2.1 and daemons listening # on IPv6 sockets will also accept IPv4 connections. # # When IPV6_V6ONLY is enabled, daemons interested in both IPv4 and IPv6 # connections must open two listening sockets. # This is the default behaviour of almost all modern operating systems. net.ipv6.bindv6only = 1 For future googlers, I had to change the above 1 to 0 for courier to work. One way of mitigating this situation for your specific case, of DNS resolution on localhost, is to append nameserver ::1 In addition to nameserver 127.0.0.1 in /etc/resolv.conf. If Courier fails to reach 127.0.0.1, it should then try ::1, and succeed. This won't address, though, outgoing connections. Courier will still try to use IPv6 sockets to connect to IPv4 addresses for sending mail. The only thing that can be done there is to smarthost all outgoing mail, to another IPv6 relay. pgpk7AhLftNXs.pgp Description: PGP signature -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] IPV6 and Debian testing
On 01/20/2011 03:31 PM, Sam Varshavchik wrote: Courier's code relies on being able to use IPv6 sockets to connect to either IPv4 or IPv6 addresses. There is no way to configure that an IPv4 socket be used for IPv4 addresses, and IPv6 sockets for IPv6 addresses. Doing something like this requires some code rewriting. Wouldn't the easiest fix be to use IPV6_V6ONLY mentioned in section 5.3 of RFC 3493? -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] IPV6 and Debian testing
Gordon Messmer writes: On 01/20/2011 03:31 PM, Sam Varshavchik wrote: Courier's code relies on being able to use IPv6 sockets to connect to either IPv4 or IPv6 addresses. There is no way to configure that an IPv4 socket be used for IPv4 addresses, and IPv6 sockets for IPv6 addresses. Doing something like this requires some code rewriting. Wouldn't the easiest fix be to use IPV6_V6ONLY mentioned in section 5.3 of RFC 3493? No, that's something that's unrelated. But RFC 3493 also serves as a clear counterexample to what Debian's doing. The language in section 3.7 is just as clear as day: Applications may use AF_INET6 sockets to open TCP connections to IPv4 nodes, or send UDP packets to IPv4 nodes, by simply encoding the destination's IPv4 address as an IPv4-mapped IPv6 address, and passing that address, within a sockaddr_in6 structure, in the connect() or sendto() call. With such, clear, unambiguous language, you can't help but ask yourself not only WTF is Debian's default config explicitly does the opposite, but why is that option even in the Linux kernel to start with? So now you have not one, but multiple RFCs document that IPv6 sockets should be interoperable IPv4, and I just do not understand why this freight train is going in exactly the opposite direction. This one's a headscratcher. pgp0d73B69flc.pgp Description: PGP signature -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] IPV6 and Debian testing
On 21/01/11, Sam Varshavchik wrote: With such, clear, unambiguous language, you can't help but ask yourself not only WTF is Debian's default config explicitly does the opposite, but why is that option even in the Linux kernel to start with? I was going to post a bugreport but there is already one from a year ago, and the default setting is still 1 !!! http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=561264 --markc -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users