Unable to get sendmail submission port to listen on IPv6
Matthew Seaman
matthew at FreeBSD.org
Sat Apr 20 19:13:51 UTC 2013
On 20/04/2013 19:15, Beat Siegenthaler wrote:
> On 19.04.13 16:00, Jeremy Chadwick wrote:
>>> Hi all,
>>>
>>> I did not recognize that 587 is only listening onIy on IPv4. Maybe it's
>>> new, maybe it was alltime so.
>>>
>>> sendmail 25090 root 4u IPv4 0xfffffe01e810f3d0 0t0 TCP *:25 (LISTEN)
>>> sendmail 25090 root 5u IPv6 0xfffffe01a988f000 0t0 TCP *:25 (LISTEN)
>>> sendmail 25090 root 6u IPv4 0xfffffe011c53d000 0t0 TCP *:587 (LISTEN)
>>>
> Still no luck...
>>>
>>> Multiple things:
>>>
>>> 1. The files that "control" sendmail are `hostname`.mc and
>>> `hostname`.submit.mc. The freebsd.mc and freebsd.submit.mc are "stock"
>>> examples.
>>>
>>> I assume you're already familiar with the need to run "make" in
>>> /etc/mail.
> Of course. Yes.
>>
>> 2. `hostname`.mc controls options/features for the daemon -- i.e. the
>> thing that is listening on TCP ports. `hostname`.submit.mc is for
>> outbound mail. You're wanting sendmail to listen on TCP port 587, which
>> is what's used by SMTP clients (ex. Eudora, Thunderbird, etc.) trying to
>> send mail to sendmail (rather than the classic model/method of using
>> port 25).
> Yes, You are right. I was confused, about "`hostname`.submit.mc" and
> port 587 named "submission" in /etc/services
>>
>> 3. What you need to add is here:
>>
>> http://lists.freebsd.org/pipermail/freebsd-questions/2004-March/040006.html
> I tried this and many other things, believe me. Result is always the same.
> (Many Providers block 25 for residential networks nowadays)
> And I hate it when i have delays caused by ports not listening on IPv6.
> Did somebody managed to have 587 listening v6? with 9-STABLE
>
Sure.
lucid-nonsense:/home/matthew:# sockstat | grep sendmail
smmsp sendmail 2737 3 dgram -> /var/run/log
root sendmail 2735 3 dgram -> /var/run/logpriv
root sendmail 2735 4 tcp6
2001:8b0:151:1:54f9:9484:e8b0:12d1:25 *:*
smmsp sendmail 2453 3 dgram -> /var/run/log
root sendmail 2450 3 tcp4 127.0.0.1:25 *:*
root sendmail 2450 4 dgram -> /var/run/logpriv
root sendmail 2450 5 tcp4 81.2.117.97:25 *:*
root sendmail 2450 6 tcp6
2001:8b0:151:1:3cd3:cd67:fafa:3d78:25 *:*
root sendmail 2450 7 tcp6 ::1:25 *:*
root sendmail 2450 8 tcp4 127.0.0.1:587 *:*
root sendmail 2450 9 tcp4 81.2.117.97:587 *:*
root sendmail 2450 10 tcp6
2001:8b0:151:1:3cd3:cd67:fafa:3d78:587 *:*
root sendmail 2450 11 tcp6 ::1:587 *:*
The only change I made to the ${HOSTNAME}.submit.mc was to tell it to
listen on ::1 -- the last two lines look like this:
dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1]
FEATURE(`msp', `[IPv6:::1]', `MSA')dnl
For ${HOSTNAME}.mc, you need at least the following to have the sendmail
daemon listen on the specified addresses (IPv4 and IPv6):
FEATURE(no_default_msa)dnl ## overridden with DAEMON_OPTIONS below
[...]
dnl
dnl Where the sendmail daemon should talk
dnl
CLIENT_OPTIONS(`Name=IPv4, Addr=127.0.0.1, Family=inet')dnl
CLIENT_OPTIONS(`Name=IPv4, Addr=81.2.117.97, Family=inet')dnl
CLIENT_OPTIONS(`Name=IPv6, Addr=::1, Family=inet6')dnl
CLIENT_OPTIONS(`Name=IPv6, Addr=2001:8b0:151:1:3cd3:cd67:fafa:3d78,
Family=inet6')dnl
dnl
dnl Where the sendmail daemon should listen
dnl
DAEMON_OPTIONS(`Name=IPv4, Addr=127.0.0.1, M=A, Family=inet')dnl
DAEMON_OPTIONS(`Name=IPv4, Addr=81.2.117.97, M=A, Family=inet')dnl
DAEMON_OPTIONS(`Name=IPv6, Addr=2001:8b0:151:1:3cd3:cd67:fafa:3d78, M=A,
Family=inet6')dnl
DAEMON_OPTIONS(`Name=IPv6, Addr=::1, M=A, Family=inet6')dnl
DAEMON_OPTIONS(`Name=MSA, Addr=127.0.0.1, Port=587, M=E')dnl
DAEMON_OPTIONS(`Name=MSA, Addr=81.2.117.97, Port=587, M=Ea')dnl
DAEMON_OPTIONS(`Name=MSA, Addr=2001:8b0:151:1:3cd3:cd67:fafa:3d78,
Port=587, M=Ea, Family=inet6')dnl
DAEMON_OPTIONS(`Name=MSA, Addr=::1, Port=587, M=E, Family=inet6')dnl
Pay attention to the M=... flags in the above: they control whether
authentication is required and whether an authenticated connection can
relay through the server.
You'll almost certainly want to enable SASL for providing login and
probably TLS to prevent snooping of passwords on the wire. SASL
provides alternatives, but STARTTLS followed by LOGIN works for me.
Matthew
--
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 268 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20130420/8fe24484/attachment.sig>
More information about the freebsd-stable
mailing list