Archive

Archive for August, 2009

IPv6 support for qmail-jms1

August 7th, 2009

This post is part of a series of posts dedicated to IPv6 support for qmail:

IPv6 support in qmail

Supporting IPv6 in qmail largely revolves around DNS lookups. Patches for tcpserver and sslserver allow incoming connections over IPv6. In order to support IPv6 in qmail:

  • DNS lookups should prefer AAAA records, falling back to A records only if AAAA records are not available
  • All code referencing IP addresses should support IPv4 and IPv6 addresses
  • SPF queries should support IPv6 addresses

The fujiwara patch

A qmail IPv6 patch has existed since 2002 that covers the first two issues above. It is written to apply cleanly on the base qmail-1.03 distributed on Daniel Bernstein’s site. It does not include support for SPF queries as SPF is not included in the original version of qmail.

Server Admin ,

IPv6 support for jgreylist

August 7th, 2009

This post is part of a series of posts dedicated to IPv6 support for qmail:

jgreylist Changes

jgreylist is a program provided by John Simpson to allow greylisting in qmail. John provides two versions, one written in Perl, and one written in C. I chose to only patch the C version.

jgreylist works by using the unix timestamps of empty files to track when individual IP address or class C blocks last visited your qmail server. John does a great job of explaining how this works on his jgreylist page. You should understand how his program, especially the C version, works and is configured before continuing.

Server Admin ,

IPv6 support for sslserver

August 7th, 2009

This post is part of a series of posts dedicated to IPv6 support for qmail:

ucspi-ssl

The ucspi-ssl package provides the sslserver program. sslserver accepts incoming SSL connections and passes them to another program such as qmail-smtpd. sslserver is almost identical to tcpserver except that it deals with encrypted SSL traffic rather than clear text.

I could not find an IPv6 patch for sslserver, however I was able to port the tcpserver patch to sslserver. You can easily apply my ucspi-ssl-0.70-ipv6.patch:

$ wget http://www.superscript.com/ucspi-ssl/ucspi-ssl-0.70.tar.gz
$ wget http://www.bltweb.net/qmail/ucspi-ssl-0.70-ipv6.patch
$ tar -xzf ucspi-ssl-0.70.tar.gz
$ cd host/superscript.com/net/ucspi-ssl-0.70
$ patch -p1 < ../../../../ucspi-ssl-0.70-ipv6.patch
$ package/compile
$ sudo package/install

sslserver

To understand what the sslserver portion of the IPv6 patch does, you should be familiar with the sslserver man page and read about how tcpserver handles IPv6 on Fefe’s ucspi-tcp page. Essentially, if a client connects via IPv4, sslserver exhibits it’s normal behavior. If a client connects with IPv6, the PROTO environment variable will be set to “SSL6” instead of “SSL“.

Server Admin ,

IPv6 support for tcpserver and rblsmtpd

August 7th, 2009

This post is part of a series of posts dedicated to IPv6 support for qmail:

ucspi-tcp

The ucspi-tcp package provides the tcpserver and rblsmtpd programs. tcpserver accepts incoming TCP connections and passes them to another program such as qmail-smtpd. rblsmtpd blocks connections from RBL listed IPs.

Thanks to Fefe, a patch has been around for a while that adds IPv6 support to tcpserver. Fefe’s patch does not touch rblsmtpd, however.

I’ve modified Fefe’s patch to patch rblsmtpd as well. You can easily apply my ucspi-tcp-0.88-ipv6.patch:

$ wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
$ wget http://www.bltweb.net/qmail/ucspi-tcp-0.88-ipv6.patch
$ tar -xzf ucspi-tcp-0.88.tar.gz
$ cd ucspi-tcp-0.88
$ patch -p1 < ../ucspi-tcp-0.88-ipv6.patch
$ make
$ sudo make install

tcpserver

To understand what the tcpserver portion of the IPv6 patch does, you should read Fefe’s ucspi-tcp page. Essentially, if a client connects via IPv4, tcpserver exhibits it’s normal behavior. If a client connects with IPv6, the PROTO environment variable will be set to “TCP6“.

Server Admin ,

Qmail IPv6

August 7th, 2009

Adding IPv6 support to qmail can be a daunting task. A modern qmail system includes several different components, with various patches and configuration options for each. There are a few patches on the internet that claim to add IPv6 support for a specific component, but I had trouble finding patches for every piece of my qmail install.

I’m not trying to defend IPv6. I realize there are many people with strong feelings towards the subject, including qmail’s author. Switching to IPv6 is a monumental task. It may never happen, but something needs to – we can’t keep NATing forever.

Many software projects have already added support for IPv6. My Gentoo box has been on an IPv6 network, via Hurricane Electric’s free tunnel broker service for a while now. Mac OS X has support for IPv6, as do the latest versions of Windows. Even Windows XP can support IPv6 if enabled. Postfix, Exim, and Sendmail all support IPv6.

Server Admin , ,