Re: [courier-users] IPV6 and Debian testing

2011-01-24 Thread Stefan Hornburg (Racke) 
On 01/22/2011 08:34 PM, Alessandro Vesely wrote:
 On 21/Jan/11 12:58, Sam Varshavchik wrote:
 Gordon Messmer writes:
 If Courier specifically sets IPV6_V6ONLY to int 0, it should
 override Debian's behavior and allow the application to function
 normally:

 int on = 0;
 if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
(char *)on, sizeof(on)) == -1)
 perror(setsockopt IPV6_V6ONLY);

 Splendid. We have our solution.

 I'm in the middle of pulling all the innards out, and hopefully
 putting them back, sometime soon, but this is going to be the next
 thing on the chopping block.

 Will that have a chance to make it in squeeze before it rolls out?
 (When is that due?)


No, as the release date is scheduled 5th/6th February, right at FOSDEM
:-). I suppose we can get packages with Gordon's patch applied into
the first point release for Squeeze. Also, I'll check if there is still
time to get a hint about that problem into the release notes.

Regards
Racke

-- 
LinuXia Systems = http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP = http://www.icdevgroup.org/
Interchange Development Team


--
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] IPV6 and Debian testing

2011-01-22 Thread Alessandro Vesely 
On 21/Jan/11 12:58, Sam Varshavchik wrote:
 Gordon Messmer writes:
 If Courier specifically sets IPV6_V6ONLY to int 0, it should
 override Debian's behavior and allow the application to function
 normally:

int on = 0;
if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
   (char *)on, sizeof(on)) == -1)
perror(setsockopt IPV6_V6ONLY);
 
 Splendid. We have our solution.
 
 I'm in the middle of pulling all the innards out, and hopefully
 putting them back, sometime soon, but this is going to be the next
 thing on the chopping block.

Will that have a chance to make it in squeeze before it rolls out?
(When is that due?)

-- 























--
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] IPV6 and Debian testing

2011-01-22 Thread Sam Varshavchik 

Alessandro Vesely writes:


On 21/Jan/11 12:58, Sam Varshavchik wrote:

Gordon Messmer writes:

If Courier specifically sets IPV6_V6ONLY to int 0, it should
override Debian's behavior and allow the application to function
normally:

   int on = 0;
   if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
  (char *)on, sizeof(on)) == -1)
   perror(setsockopt IPV6_V6ONLY);


Splendid. We have our solution.

I'm in the middle of pulling all the innards out, and hopefully
putting them back, sometime soon, but this is going to be the next
thing on the chopping block.


Will that have a chance to make it in squeeze before it rolls out?
(When is that due?)


Yes, I put this in. Just finished everything - it's a major rewrite of all 
unicode conversion code, which predated iconv(). All the custom unicode code 
and character sets, are gone and replaced by iconv, except for the 
upper/lower/titlecase conversion tables, and character width tables. iconv() 
has no equivalent functionality.


Not sure what the schedule is. I'll have some tarballs shortly, but there 
are more changes here than happened in quite a few years, so for a little 
while it's better to proceed cautiously. A lot of stuff can potentially 
break. Hopefully not, we'll seeā€¦





pgpjFuXyjWf8H.pgp
Description: PGP signature
--
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] IPV6 and Debian testing

2011-01-21 Thread Gordon Messmer 
On 01/20/2011 07:19 PM, Sam Varshavchik wrote:
 Gordon Messmer writes:
 Wouldn't the easiest fix be to use IPV6_V6ONLY mentioned in section
 5.3 of RFC 3493?

 No, that's something that's unrelated.

I really think they're the same thing.  The documentation for the 
IPV6_V6ONLY sockopt indicates that this is a boolean value controlling 
whether or not an AF_INET6 is V6ONLY or not.

The Linux man page for ipv6 further clarifies that 
/proc/sys/net/ipv6/bindv6only, which Debian has set to 1 specifies the 
default value for IPV6_V6ONLY.

If Courier specifically sets IPV6_V6ONLY to int 0, it should override 
Debian's behavior and allow the application to function normally:

   int on = 0;
   if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
  (char *)on, sizeof(on)) == -1)
   perror(setsockopt IPV6_V6ONLY);

--
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] IPV6 and Debian testing

2011-01-21 Thread Sam Varshavchik 

Gordon Messmer writes:


On 01/20/2011 07:19 PM, Sam Varshavchik wrote:

Gordon Messmer writes:

Wouldn't the easiest fix be to use IPV6_V6ONLY mentioned in section
5.3 of RFC 3493?


No, that's something that's unrelated.


I really think they're the same thing.  The documentation for the 
IPV6_V6ONLY sockopt indicates that this is a boolean value controlling 
whether or not an AF_INET6 is V6ONLY or not.


The Linux man page for ipv6 further clarifies that 
/proc/sys/net/ipv6/bindv6only, which Debian has set to 1 specifies the 
default value for IPV6_V6ONLY.


If Courier specifically sets IPV6_V6ONLY to int 0, it should override 
Debian's behavior and allow the application to function normally:


   int on = 0;
   if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
  (char *)on, sizeof(on)) == -1)
   perror(setsockopt IPV6_V6ONLY);


Splendid. We have our solution.

I'm in the middle of pulling all the innards out, and hopefully putting them 
back, sometime soon, but this is going to be the next thing on the chopping 
block.





pgpyeSnlPrHtp.pgp
Description: PGP signature
--
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] IPV6 and Debian testing

2011-01-20 Thread Sam Varshavchik 

Mark Constable writes:


I upgraded to Debian testing with courier-mta 0.65.0 on one server
about 6 months ago and courier stopped working with strange network
errors so I moved that mail host to another non-Debian box. Today I
finally found a solution after seeing this and some more googling...

# strace testmxlookup debian.org
[...]
sendto(3, IC\1\0\0\1\0\0\0\0\0\0\6debian\3org\0\0\17\0\1, 28, 0, {sa_family=AF_INET6, 
sin6_port=htons(53), inet_pton(AF_INET6, :::127.0.0.1, sin6_addr), 
sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 ENETUNREACH (Network is unreachable)
[...]

 edit /etc/sysctl.d/bindv6only.conf
 change net.ipv6.bindv6only = 1 to 0
 invoke-rc.d procps restart

This setting only affected courier, all other services seemed to
work just fine.

My question is how to configure courier-mta to work with the above
default net.ipv6.bindv6only = 1 setting for when Debian testing
becomes stable and I go to upgrade other servers?


The problem is that IPv6-mapped IPv4 addresses are a part of the official 
IPv6 spec. If you have an IPV6 socket, you are expected to be able to use it 
to contact IPv4 addresses. RFC 4038, 4.2.


Courier's code relies on being able to use IPv6 sockets to connect to either 
IPv4 or IPv6 addresses. There is no way to configure that an IPv4 socket be 
used for IPv4 addresses, and IPv6 sockets for IPv6 addresses. Doing 
something like this requires some code rewriting.





pgpcspF0oziiq.pgp
Description: PGP signature
--
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] IPV6 and Debian testing

2011-01-20 Thread Mark Constable 
On 21/01/11, Sam Varshavchik wrote:
  My question is how to configure courier-mta to work with the
  above default net.ipv6.bindv6only = 1 setting for when Debian
  testing becomes stable and I go to upgrade other servers?
 
 The problem is that IPv6-mapped IPv4 addresses are a part of the
 official IPv6 spec. If you have an IPV6 socket, you are expected
 to be able to use it to contact IPv4 addresses. RFC 4038, 4.2.
 
 Courier's code relies on being able to use IPv6 sockets to connect
 to either IPv4 or IPv6 addresses. There is no way to configure
 that an IPv4 socket be used for IPv4 addresses, and IPv6 sockets
 for IPv6 addresses. Doing something like this requires some code
 rewriting.

Perhaps this could be a heads up that when Debian 6 (squeeze) is
released in the next month or so that this will become an issue for
Debian stable + courier users.

~ cat /etc/sysctl.d/bindv6only.conf
# This sysctl sets the default value of the IPV6_V6ONLY socket option.
#
# When disabled, IPv6 sockets will also be able to send and receive IPv4
# traffic with addresses in the form :::192.0.2.1 and daemons listening
# on IPv6 sockets will also accept IPv4 connections.
#
# When IPV6_V6ONLY is enabled, daemons interested in both IPv4 and IPv6
# connections must open two listening sockets.
# This is the default behaviour of almost all modern operating systems.

net.ipv6.bindv6only = 1


For future googlers, I had to change the above 1 to 0 for courier to work.

--markc

--
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] IPV6 and Debian testing

2011-01-20 Thread Sam Varshavchik 

Mark Constable writes:


On 21/01/11, Sam Varshavchik wrote:

 My question is how to configure courier-mta to work with the
 above default net.ipv6.bindv6only = 1 setting for when Debian
 testing becomes stable and I go to upgrade other servers?

The problem is that IPv6-mapped IPv4 addresses are a part of the
official IPv6 spec. If you have an IPV6 socket, you are expected
to be able to use it to contact IPv4 addresses. RFC 4038, 4.2.

Courier's code relies on being able to use IPv6 sockets to connect
to either IPv4 or IPv6 addresses. There is no way to configure
that an IPv4 socket be used for IPv4 addresses, and IPv6 sockets
for IPv6 addresses. Doing something like this requires some code
rewriting.


Perhaps this could be a heads up that when Debian 6 (squeeze) is
released in the next month or so that this will become an issue for
Debian stable + courier users.

~ cat /etc/sysctl.d/bindv6only.conf
# This sysctl sets the default value of the IPV6_V6ONLY socket option.
#
# When disabled, IPv6 sockets will also be able to send and receive IPv4
# traffic with addresses in the form :::192.0.2.1 and daemons listening
# on IPv6 sockets will also accept IPv4 connections.
#
# When IPV6_V6ONLY is enabled, daemons interested in both IPv4 and IPv6
# connections must open two listening sockets.
# This is the default behaviour of almost all modern operating systems.

net.ipv6.bindv6only = 1


For future googlers, I had to change the above 1 to 0 for courier to work.


One way of mitigating this situation for your specific case, of DNS 
resolution on localhost, is to append


nameserver ::1

In addition to nameserver 127.0.0.1 in /etc/resolv.conf. If Courier fails 
to reach 127.0.0.1, it should then try ::1, and succeed.


This won't address, though, outgoing connections. Courier will still try to 
use IPv6 sockets to connect to IPv4 addresses for sending mail. The only 
thing that can be done there is to smarthost all outgoing mail, to another 
IPv6 relay.





pgpk7AhLftNXs.pgp
Description: PGP signature
--
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] IPV6 and Debian testing

2011-01-20 Thread Gordon Messmer 
On 01/20/2011 03:31 PM, Sam Varshavchik wrote:
 Courier's code relies on being able to use IPv6 sockets to connect to
 either IPv4 or IPv6 addresses. There is no way to configure that an IPv4
 socket be used for IPv4 addresses, and IPv6 sockets for IPv6 addresses.
 Doing something like this requires some code rewriting.

Wouldn't the easiest fix be to use IPV6_V6ONLY mentioned in section 5.3 
of RFC 3493?

--
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] IPV6 and Debian testing

2011-01-20 Thread Sam Varshavchik 

Gordon Messmer writes:


On 01/20/2011 03:31 PM, Sam Varshavchik wrote:

Courier's code relies on being able to use IPv6 sockets to connect to
either IPv4 or IPv6 addresses. There is no way to configure that an IPv4
socket be used for IPv4 addresses, and IPv6 sockets for IPv6 addresses.
Doing something like this requires some code rewriting.


Wouldn't the easiest fix be to use IPV6_V6ONLY mentioned in section 5.3 
of RFC 3493?


No, that's something that's unrelated.

But RFC 3493 also serves as a clear counterexample to what Debian's doing. 
The language in section 3.7 is just as clear as day:


  Applications may use AF_INET6 sockets to open TCP connections to IPv4
  nodes, or send UDP packets to IPv4 nodes, by simply encoding the
  destination's IPv4 address as an IPv4-mapped IPv6 address, and
  passing that address, within a sockaddr_in6 structure, in the
  connect() or sendto() call.

With such, clear, unambiguous language, you can't help but ask yourself not 
only WTF is Debian's default config explicitly does the opposite, but why is 
that option even in the Linux kernel to start with?


So now you have not one, but multiple RFCs document that IPv6 sockets should 
be interoperable IPv4, and I just do not understand why this freight train 
is going in exactly the opposite direction. This one's a headscratcher.




pgp0d73B69flc.pgp
Description: PGP signature
--
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] IPV6 and Debian testing

2011-01-20 Thread Mark Constable 
On 21/01/11, Sam Varshavchik wrote:
 With such, clear, unambiguous language, you can't help but
 ask yourself not only WTF is Debian's default config explicitly
 does the opposite, but why is that option even in the Linux
 kernel to start with?

I was going to post a bugreport but there is already one from
a year ago, and the default setting is still 1 !!!

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=561264

--markc

--
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users