Still no apparent fix on ipv6 spamd?

["Dan Mahoney, System Admin" <da...@prime.gushi.org>]

All,

I mentioned this on the mailing lists a few years ago.

I notice that there still doesn't seem to be a clean way to just make 
spamd listen on all (v4 and v6) addresses by default, nor is there a way 
to listen on multiple addresses with multiple -A options.

This means that if you want to listen on v6, none of your v4 clients can 
connect.

I also note that like all standard resolver libraries, if you specify a 
hostname to spamc, it tries the v6 variant first -- so the default 
behaviors between spamc and spamd are still conflicting.  Nor is there an 
option in spamc to say "use this hostname, but only try v4".

Has anyone come up with patches for the above, or is the solution really 
to just hard-code the ipv4 address everywhere when doing a remote-connect 
(or perhaps define alternate v4-only hostnames for your spamd hosts).

-Dan

-- 

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------

Re: Still no apparent fix on ipv6 spamd?

["Dan Mahoney, System Admin" <da...@prime.gushi.org>]

On Tue, 25 Sep 2012, Kevin A. McGrail wrote:

>
> On 9/25/2012 5:02 PM, Dan Mahoney, System Admin wrote:
>> I mentioned this on the mailing lists a few years ago.
>> 
>> I notice that there still doesn't seem to be a clean way to just make spamd 
>> listen on all (v4 and v6) addresses by default, nor is there a way to 
>> listen on multiple addresses with multiple -A options.
>> 
>> This means that if you want to listen on v6, none of your v4 clients can 
>> connect.
>> 
>> I also note that like all standard resolver libraries, if you specify a 
>> hostname to spamc, it tries the v6 variant first -- so the default 
>> behaviors between spamc and spamd are still conflicting.  Nor is there an 
>> option in spamc to say "use this hostname, but only try v4".
>> 
>> Has anyone come up with patches for the above, or is the solution really to 
>> just hard-code the ipv4 address everywhere when doing a remote-connect (or 
>> perhaps define alternate v4-only hostnames for your spamd hosts). 
> Hi Dan!
>
> I'm working on packaging an RC for 3.4.0 and ipv6 is a big focus of this 
> release. Can you open a bug about these issues with as much information as 
> you can, please?

You got it.  Later today, probably.  Do you prefer one bug or multiple 
(there's at least four or five issues in this)?

-Dan

-- 

Pika Pika Pika!

-Pikachu, of Pokemon fame.

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------

Re: Still no apparent fix on ipv6 spamd?

["Kevin A. McGrail" <KM...@PCCC.com>]

On 9/29/2012 4:29 PM, Ibrahim Harrani wrote:
> Hi Kevin,
>
> When do you plan to release 3.4.0 RC?
Very soon.  On Oct 15th, I successfully built the tarball with all of 
the build scripts using a non-zones system.  That took more work than I 
hoped but was a huge step forward.

I also now have 3.4.0 trunk running on 3 production systems for live 
testing.  There are a lot of great features in this version but I 
predict this may uncover a lot of little problems.

My next hurdle is to figure out all the infrastructure changes that are 
needed to jump to a 3.4 versus a 3.3 revision.

So I could technically call the 10/15 version a release candidate but 
I'm unwilling to do that.

regards,
KAM

Re: Still no apparent fix on ipv6 spamd?

[Ibrahim Harrani <ib...@gmail.com>]

Hi Kevin,

When do you plan to release 3.4.0 RC?

Thanks

On Wed, Sep 26, 2012 at 12:04 AM, Kevin A. McGrail <KM...@pccc.com> wrote:
>
> On 9/25/2012 5:02 PM, Dan Mahoney, System Admin wrote:
>>
>> I mentioned this on the mailing lists a few years ago.
>>
>> I notice that there still doesn't seem to be a clean way to just make
>> spamd listen on all (v4 and v6) addresses by default, nor is there a way to
>> listen on multiple addresses with multiple -A options.
>>
>> This means that if you want to listen on v6, none of your v4 clients can
>> connect.
>>
>> I also note that like all standard resolver libraries, if you specify a
>> hostname to spamc, it tries the v6 variant first -- so the default behaviors
>> between spamc and spamd are still conflicting.  Nor is there an option in
>> spamc to say "use this hostname, but only try v4".
>>
>> Has anyone come up with patches for the above, or is the solution really
>> to just hard-code the ipv4 address everywhere when doing a remote-connect
>> (or perhaps define alternate v4-only hostnames for your spamd hosts).
>
> Hi Dan!
>
> I'm working on packaging an RC for 3.4.0 and ipv6 is a big focus of this
> release. Can you open a bug about these issues with as much information as
> you can, please?
>
> Regards,
> KAM

Re: Still no apparent fix on ipv6 spamd?

["Dan Mahoney, System Admin" <da...@prime.gushi.org>]

On Tue, 25 Sep 2012, Kevin A. McGrail wrote:

>
> On 9/25/2012 5:02 PM, Dan Mahoney, System Admin wrote:
>> I mentioned this on the mailing lists a few years ago.
>> 
>> I notice that there still doesn't seem to be a clean way to just make spamd 
>> listen on all (v4 and v6) addresses by default, nor is there a way to 
>> listen on multiple addresses with multiple -A options.
>> 
>> This means that if you want to listen on v6, none of your v4 clients can 
>> connect.
>> 
>> I also note that like all standard resolver libraries, if you specify a 
>> hostname to spamc, it tries the v6 variant first -- so the default 
>> behaviors between spamc and spamd are still conflicting.  Nor is there an 
>> option in spamc to say "use this hostname, but only try v4".
>> 
>> Has anyone come up with patches for the above, or is the solution really to 
>> just hard-code the ipv4 address everywhere when doing a remote-connect (or 
>> perhaps define alternate v4-only hostnames for your spamd hosts). 
> Hi Dan!
>
> I'm working on packaging an RC for 3.4.0 and ipv6 is a big focus of this 
> release. Can you open a bug about these issues with as much information as 
> you can, please?

6840 (docs)
6841 (spamd)
6842 (spamc)

-Dan

-- 

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------

Re: Still no apparent fix on ipv6 spamd?

["Kevin A. McGrail" <KM...@PCCC.com>]

On 9/25/2012 5:02 PM, Dan Mahoney, System Admin wrote:
> I mentioned this on the mailing lists a few years ago.
>
> I notice that there still doesn't seem to be a clean way to just make 
> spamd listen on all (v4 and v6) addresses by default, nor is there a 
> way to listen on multiple addresses with multiple -A options.
>
> This means that if you want to listen on v6, none of your v4 clients 
> can connect.
>
> I also note that like all standard resolver libraries, if you specify 
> a hostname to spamc, it tries the v6 variant first -- so the default 
> behaviors between spamc and spamd are still conflicting.  Nor is there 
> an option in spamc to say "use this hostname, but only try v4".
>
> Has anyone come up with patches for the above, or is the solution 
> really to just hard-code the ipv4 address everywhere when doing a 
> remote-connect (or perhaps define alternate v4-only hostnames for your 
> spamd hosts). 
Hi Dan!

I'm working on packaging an RC for 3.4.0 and ipv6 is a big focus of this 
release. Can you open a bug about these issues with as much information 
as you can, please?

Regards,
KAM

Re: Still no apparent fix on ipv6 spamd?

[Greg Troxel <gd...@ir.bbn.com>]

"David F. Skoll" <df...@roaringpenguin.com> writes:

> On Tue, 25 Sep 2012 14:02:14 -0700 (PDT)
> "Dan Mahoney, System Admin" <da...@prime.gushi.org> wrote:
>
>> This means that if you want to listen on v6, none of your v4 clients
>> can connect.
>
> I think this is a FreeBSDism.  On Linux, something listening on
> :: will answer both IPv4 and IPv6 connection attempts.
>
> Maybe FreeBSD has a way to emulate that?

It's not quite right to call that a FreeBSDism; it's much messier than
that.

IPv6 supports a concept called mapped addresses, where v4 addresses can
be represented in v6 addresses.   A system can be configured to have
sockets that listen on :: also listen on INADDR_ANY and present the v4
addresses as mapped v6 addresses.

This feature is somewhat controversial, because of security concerns (if
the program didn't open a v4 socket, why is it possible to connect to it
over the net via v4?):

http://en.wikipedia.org/wiki/IPv4_mapped_address#IPv4-mapped_IPv6_addresses

On NetBSD, the default is that v6 sockets are only v6 (via sysctl):
"net.inet6.ip6.v6only = 1", and I believe OpenBSD and FreeBSD are the
same way.

See 
  http://tools.ietf.org/html/rfc3493
  http://tools.ietf.org/html/rfc3542#section-13

So I suspect that on Linux, v6only defaults to off (while on *BSD it
defaults to on).  Apparently on some systems it's always off because the
stacks are separate

IMHO, portable software should have two sockets, one on INADDR_ANY and
one on IN6ADDR_ANY.  But, setting the socket option may be a workaround.
It's certainly wrong to assume that an OS has a particular default.

Re: Still no apparent fix on ipv6 spamd?

["David F. Skoll" <df...@roaringpenguin.com>]

On Tue, 25 Sep 2012 14:02:14 -0700 (PDT)
"Dan Mahoney, System Admin" <da...@prime.gushi.org> wrote:

> This means that if you want to listen on v6, none of your v4 clients
> can connect.

I think this is a FreeBSDism.  On Linux, something listening on
:: will answer both IPv4 and IPv6 connection attempts.

Maybe FreeBSD has a way to emulate that?

Regards,

David.