[Bug 6840] Documentation for IPV6 in spamd inconsistent

[bu...@bugzilla.spamassassin.org]

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6840

--- Comment #2 from Mark Martinec <Ma...@ijs.si> ---
Done. Proofreading appreciated.

> In general, there's no mention of IPV6 documentation in the spamd manpage.
> This includes:
> 1) For -i, stating that it will "listen on all interfaces" if no address is
> given, and then saying that this is equal to 0.0.0.0.  If anything, that
> should at least be amended to "listen on all ipv4 interfaces".

Fixed - with changes in Bug 6841.  The --listen (a.k.a. -i) can now be
specified multiple times and can deal with IPv4, IPv6 and Unix sockets:


Usage:

 -i [ip_or_name[:port]], --listen=[ip_or_name[:port]] Listen on IP addr and
port

The --listen option (or -i) may be specified multiple times, its syntax
is: [ ssl: ] [ host-name-or-IP-address ] [ : port ]  or an absolute path
(filename) of a Unix socket.  If port is omitted it defaults to --port or
to 783.  Option --ssl implies a prefix 'ssl:'.  An IPv6 address should be
enclosed in square brackets, e.g. [::1]:783, an IPv4 address may be but
need not be enclosed in square brackets.  An asterisk '*' in place of a
hostname implies an unspecified address, ('0.0.0.0' or '::'), i.e. it
binds to all interfaces. An empty option value implies '*'.


POD:

=item B<-i> [I<ipaddress>[:<port>]], B<--listen>[=I<ipaddress>[:<port>]]

Additional alias names for this option are --listen-ip and --ip-address.
Tells spamd to listen on the specified IP address (defaults to a loopback
address).  If no value is specified after the switch, or an asterisk '*'
stands in place of <ipaddress>, spamd will listen on all interfaces - this
is equivalent to address '0.0.0.0' for IPv4 and to '::' for IPv6.
You can also use a valid hostname which will make spamd listen on all
addresses that a name resolves to. The option may be specified multiple
times. See also options -4 and -6 for restricting address family to IPv4
or to IPv6. If a port is specified it overrides the --port (and --ssl-port)
setting for this socket. An IPv6 addresses should be enclosed in square
brackets, e.g. [::1]:783. For compatibility the square brackets on an IPv6
address may be omitted if a port number specification is also omitted.

=item B<-p> I<port>, B<--port>=I<port>

Optionally specifies the port number for the server to listen on (default:
783).

If the B<--ssl> switch is used, and B<--ssl-port> is not supplied, then this
port will be used to accept SSL connections instead of unencrypted connections.
If the B<--ssl> switch is used, and B<--ssl-port> is set, then unencrypted
connections will be accepted on the B<--port> at the same time as encrypted
connections are accepted at B<--ssl-port>.

=item B<-4>, B<--ipv4only>, B<--ipv4-only>, B<--ipv4>

Use IPv4 where applicable, do not use IPv6.
The option affects a set of listen sockets (see option C<--listen>)
and disables IPv6 for DNS tests.

=item B<-6>

Use IPv6 where applicable, do not use IPv4.
The option affects a set of listen sockets, see option C<--listen>.
Installing a module IO::Socket::IP is recommended if spamd is expected
to receive requests over IPv6.


> 2) No examples of an ipv6 address for the -A option.  Additionally,
> it should probably be brought into compliance with RFC5737 and RFC4839,
> which define address blocks reserved for documentation purposes for
> ipv4 and ipv6, respectively.

Done:

=item B<-A> I<host,...>, B<--allowed-ips>=I<host,...>

Specify a comma-separated list of authorized hosts or networks which
can connect to this spamd instance. Each element of the list is either a
single IP addresses, or a range of IP addresses in address/masklength CIDR
notation, or ranges of IPv4 addresses by specifying 3 or less octets with
a trailing dot.  Hostnames are not supported, only IPv4 or IPv6 addresses.
This option can be specified multiple times, or can take a list of addresses
separated by commas.  IPv6 addresses may be (but need not be) enclosed
in square brackets for consistency with option B<--listen>.  Examples:

B<-A 10.11.12.13> -- only allow connections from C<10.11.12.13>.

B<-A 10.11.12.13,10.11.12.14> -- only allow connections from C<10.11.12.13> and
C<10.11.12.14>.

B<-A 10.200.300.0/24> -- allow connections from any machine in the range
C<10.200.300.*>.

B<-A 10.> -- allow connections from any machine in the range C<10.*.*.*>.

B<-A [2001:db8::]/32,192.0.2.0/24,::1,127.0.0.0/8> -- only accept
connections from specified test networks and from localhost.

In absence of the B<-A> option, connections are only accepted from
IP address 127.0.0.1 or ::1, i.e. from localhost on a loopback interface.


> 3) No clarification of the fact that -i can be specified only once (this
> is really another bug -- but if the bug stands, it should be noted here.)

Done.

> Note that there are other bugs being filed which I'll link to here in
> subsequent comments.

Done.

-- 
You are receiving this mail because:
You are the assignee for the bug.