From owner-freebsd-stable@FreeBSD.ORG Sat Apr 20 19:13:51 2013 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 551E06D7 for ; Sat, 20 Apr 2013 19:13:51 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) by mx1.freebsd.org (Postfix) with ESMTP id B996AAF6 for ; Sat, 20 Apr 2013 19:13:50 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.2.117.99]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.6/8.14.6) with ESMTP id r3KJDbBQ054856 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Sat, 20 Apr 2013 20:13:43 +0100 (BST) (envelope-from matthew@FreeBSD.org) DKIM-Filter: OpenDKIM Filter v2.8.2 smtp.infracaninophile.co.uk r3KJDbBQ054856 Authentication-Results: smtp.infracaninophile.co.uk/r3KJDbBQ054856; dkim=none reason="no signature"; dkim-adsp=none (unprotected policy) Message-ID: <5172E8DA.5000503@FreeBSD.org> Date: Sat, 20 Apr 2013 20:13:30 +0100 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130328 Thunderbird/17.0.5 MIME-Version: 1.0 To: freebsd-stable@freebsd.org Subject: Re: Unable to get sendmail submission port to listen on IPv6 References: <51713C5C.9070009@beatsnet.com> <20130419140011.GA87089@icarus.home.lan> <5172DB52.4060008@beatsnet.com> In-Reply-To: <5172DB52.4060008@beatsnet.com> X-Enigmail-Version: 1.5.1 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="----enig2LVBBQMLTUWBWBILLBUMW" X-Virus-Scanned: clamav-milter 0.97.7 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-1.6 required=5.0 tests=AWL,BAYES_00,SPF_SOFTFAIL autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Apr 2013 19:13:51 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2LVBBQMLTUWBWBILLBUMW Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 20/04/2013 19:15, Beat Siegenthaler wrote: > On 19.04.13 16:00, Jeremy Chadwick wrote: >>> Hi all, >>> >>> I did not recognize that 587 is only listening onIy on IPv4. Maybe it= 's >>> new, maybe it was alltime so. >>> >>> sendmail 25090 root 4u IPv4 0xfffffe01e810f3d0 0t0 TCP *:25 (LI= STEN) >>> sendmail 25090 root 5u IPv6 0xfffffe01a988f000 0t0 TCP *:25 (LI= STEN) >>> sendmail 25090 root 6u IPv4 0xfffffe011c53d000 0t0 TCP *:587 (L= ISTEN) >>> > Still no luck... >>> >>> Multiple things: >>> >>> 1. The files that "control" sendmail are `hostname`.mc and >>> `hostname`.submit.mc. The freebsd.mc and freebsd.submit.mc are "stoc= k" >>> examples. >>> >>> I assume you're already familiar with the need to run "make" in >>> /etc/mail. > Of course. Yes. >> >> 2. `hostname`.mc controls options/features for the daemon -- i.e. the >> thing that is listening on TCP ports. `hostname`.submit.mc is for >> outbound mail. You're wanting sendmail to listen on TCP port 587, whi= ch >> is what's used by SMTP clients (ex. Eudora, Thunderbird, etc.) trying = to >> send mail to sendmail (rather than the classic model/method of using >> port 25). > Yes, You are right. I was confused, about "`hostname`.submit.mc" and > port 587 named "submission" in /etc/services >> >> 3. What you need to add is here: >> >> http://lists.freebsd.org/pipermail/freebsd-questions/2004-March/040006= =2Ehtml > I tried this and many other things, believe me. Result is always the sa= me. > (Many Providers block 25 for residential networks nowadays) > And I hate it when i have delays caused by ports not listening on IPv6.= > Did somebody managed to have 587 listening v6? with 9-STABLE >=20 Sure. lucid-nonsense:/home/matthew:# sockstat | grep sendmail smmsp sendmail 2737 3 dgram -> /var/run/log root sendmail 2735 3 dgram -> /var/run/logpriv root sendmail 2735 4 tcp6 2001:8b0:151:1:54f9:9484:e8b0:12d1:25 *:* smmsp sendmail 2453 3 dgram -> /var/run/log root sendmail 2450 3 tcp4 127.0.0.1:25 *:* root sendmail 2450 4 dgram -> /var/run/logpriv root sendmail 2450 5 tcp4 81.2.117.97:25 *:* root sendmail 2450 6 tcp6 2001:8b0:151:1:3cd3:cd67:fafa:3d78:25 *:* root sendmail 2450 7 tcp6 ::1:25 *:* root sendmail 2450 8 tcp4 127.0.0.1:587 *:* root sendmail 2450 9 tcp4 81.2.117.97:587 *:* root sendmail 2450 10 tcp6 2001:8b0:151:1:3cd3:cd67:fafa:3d78:587 *:* root sendmail 2450 11 tcp6 ::1:587 *:* The only change I made to the ${HOSTNAME}.submit.mc was to tell it to listen on ::1 -- the last two lines look like this: dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1] FEATURE(`msp', `[IPv6:::1]', `MSA')dnl For ${HOSTNAME}.mc, you need at least the following to have the sendmail daemon listen on the specified addresses (IPv4 and IPv6): FEATURE(no_default_msa)dnl ## overridden with DAEMON_OPTIONS below [...] dnl dnl Where the sendmail daemon should talk dnl CLIENT_OPTIONS(`Name=3DIPv4, Addr=3D127.0.0.1, Family=3Dinet')dnl CLIENT_OPTIONS(`Name=3DIPv4, Addr=3D81.2.117.97, Family=3Dinet')dnl CLIENT_OPTIONS(`Name=3DIPv6, Addr=3D::1, Family=3Dinet6')dnl CLIENT_OPTIONS(`Name=3DIPv6, Addr=3D2001:8b0:151:1:3cd3:cd67:fafa:3d78, Family=3Dinet6')dnl dnl dnl Where the sendmail daemon should listen dnl DAEMON_OPTIONS(`Name=3DIPv4, Addr=3D127.0.0.1, M=3DA, Family=3Dinet')dnl DAEMON_OPTIONS(`Name=3DIPv4, Addr=3D81.2.117.97, M=3DA, Family=3Dinet')dn= l DAEMON_OPTIONS(`Name=3DIPv6, Addr=3D2001:8b0:151:1:3cd3:cd67:fafa:3d78, M= =3DA, Family=3Dinet6')dnl DAEMON_OPTIONS(`Name=3DIPv6, Addr=3D::1, M=3DA, Family=3Dinet6')dnl DAEMON_OPTIONS(`Name=3DMSA, Addr=3D127.0.0.1, Port=3D587, M=3DE')dnl DAEMON_OPTIONS(`Name=3DMSA, Addr=3D81.2.117.97, Port=3D587, M=3DEa')dnl DAEMON_OPTIONS(`Name=3DMSA, Addr=3D2001:8b0:151:1:3cd3:cd67:fafa:3d78, Port=3D587, M=3DEa, Family=3Dinet6')dnl DAEMON_OPTIONS(`Name=3DMSA, Addr=3D::1, Port=3D587, M=3DE, Family=3Dinet6= ')dnl Pay attention to the M=3D... flags in the above: they control whether authentication is required and whether an authenticated connection can relay through the server. You'll almost certainly want to enable SASL for providing login and probably TLS to prevent snooping of passwords on the wire. SASL provides alternatives, but STARTTLS followed by LOGIN works for me. Matthew --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey ------enig2LVBBQMLTUWBWBILLBUMW Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlFy6OEACgkQ8Mjk52CukIx8gQCfXpe48nXy4udQkzLrrAaEdv2v Rs8AoIssVLH82Z69xSrSDXxSK+nHr6RV =PSN6 -----END PGP SIGNATURE----- ------enig2LVBBQMLTUWBWBILLBUMW--