Unable to get sendmail submission port to listen on IPv6

Matthew Seaman matthew at FreeBSD.org
Sat Apr 20 19:13:51 UTC 2013 

On 20/04/2013 19:15, Beat Siegenthaler wrote:
> On 19.04.13 16:00, Jeremy Chadwick wrote:
>>> Hi all,
>>>
>>> I did not recognize that 587 is only listening onIy on IPv4. Maybe it's
>>> new, maybe it was alltime so.
>>>
>>> sendmail  25090	root  4u  IPv4 0xfffffe01e810f3d0  0t0   TCP *:25 (LISTEN)
>>> sendmail  25090	root  5u  IPv6 0xfffffe01a988f000  0t0   TCP *:25 (LISTEN)
>>> sendmail  25090	root  6u  IPv4 0xfffffe011c53d000  0t0   TCP *:587 (LISTEN)
>>>
> Still no luck...
>>>
>>> Multiple things:
>>>
>>> 1. The files that "control" sendmail are `hostname`.mc and
>>> `hostname`.submit.mc.  The freebsd.mc and freebsd.submit.mc are "stock"
>>> examples.
>>>
>>> I assume you're already familiar with the need to run "make" in
>>> /etc/mail.
> Of course. Yes.
>>
>> 2. `hostname`.mc controls options/features for the daemon -- i.e. the
>> thing that is listening on TCP ports.  `hostname`.submit.mc is for
>> outbound mail.  You're wanting sendmail to listen on TCP port 587, which
>> is what's used by SMTP clients (ex. Eudora, Thunderbird, etc.) trying to
>> send mail to sendmail (rather than the classic model/method of using
>> port 25).
> Yes, You are right. I was confused, about "`hostname`.submit.mc" and
> port 587 named "submission" in /etc/services
>>
>> 3. What you need to add is here:
>>
>> http://lists.freebsd.org/pipermail/freebsd-questions/2004-March/040006.html
> I tried this and many other things, believe me. Result is always the same.
> (Many Providers block 25 for residential networks nowadays)
> And I hate it when i have delays caused by ports not listening on IPv6.
> Did somebody managed to have 587 listening v6? with 9-STABLE
> 

Sure.

lucid-nonsense:/home/matthew:# sockstat | grep sendmail
smmsp    sendmail   2737  3  dgram  -> /var/run/log
root     sendmail   2735  3  dgram  -> /var/run/logpriv
root     sendmail   2735  4  tcp6
2001:8b0:151:1:54f9:9484:e8b0:12d1:25 *:*
smmsp    sendmail   2453  3  dgram  -> /var/run/log
root     sendmail   2450  3  tcp4   127.0.0.1:25          *:*
root     sendmail   2450  4  dgram  -> /var/run/logpriv
root     sendmail   2450  5  tcp4   81.2.117.97:25        *:*
root     sendmail   2450  6  tcp6
2001:8b0:151:1:3cd3:cd67:fafa:3d78:25 *:*
root     sendmail   2450  7  tcp6   ::1:25                *:*
root     sendmail   2450  8  tcp4   127.0.0.1:587         *:*
root     sendmail   2450  9  tcp4   81.2.117.97:587       *:*
root     sendmail   2450  10 tcp6
2001:8b0:151:1:3cd3:cd67:fafa:3d78:587 *:*
root     sendmail   2450  11 tcp6   ::1:587               *:*

The only change I made to the ${HOSTNAME}.submit.mc was to tell it to
listen on ::1 -- the last two lines look like this:

dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1]
FEATURE(`msp', `[IPv6:::1]', `MSA')dnl

For ${HOSTNAME}.mc, you need at least the following to have the sendmail
daemon listen on the specified addresses (IPv4 and IPv6):

FEATURE(no_default_msa)dnl ## overridden with DAEMON_OPTIONS below

[...]

dnl
dnl Where the sendmail daemon should talk
dnl
CLIENT_OPTIONS(`Name=IPv4, Addr=127.0.0.1, Family=inet')dnl
CLIENT_OPTIONS(`Name=IPv4, Addr=81.2.117.97, Family=inet')dnl
CLIENT_OPTIONS(`Name=IPv6, Addr=::1, Family=inet6')dnl
CLIENT_OPTIONS(`Name=IPv6, Addr=2001:8b0:151:1:3cd3:cd67:fafa:3d78,
Family=inet6')dnl
dnl
dnl Where the sendmail daemon should listen
dnl
DAEMON_OPTIONS(`Name=IPv4, Addr=127.0.0.1, M=A, Family=inet')dnl
DAEMON_OPTIONS(`Name=IPv4, Addr=81.2.117.97, M=A, Family=inet')dnl
DAEMON_OPTIONS(`Name=IPv6, Addr=2001:8b0:151:1:3cd3:cd67:fafa:3d78, M=A,
Family=inet6')dnl
DAEMON_OPTIONS(`Name=IPv6, Addr=::1, M=A, Family=inet6')dnl
DAEMON_OPTIONS(`Name=MSA, Addr=127.0.0.1, Port=587, M=E')dnl
DAEMON_OPTIONS(`Name=MSA, Addr=81.2.117.97, Port=587, M=Ea')dnl
DAEMON_OPTIONS(`Name=MSA, Addr=2001:8b0:151:1:3cd3:cd67:fafa:3d78,
Port=587, M=Ea, Family=inet6')dnl
DAEMON_OPTIONS(`Name=MSA, Addr=::1, Port=587, M=E, Family=inet6')dnl

Pay attention to the M=... flags in the above: they control whether
authentication is required and whether an authenticated connection can
relay through the server.

You'll almost certainly want to enable SASL for providing login and
probably TLS to prevent snooping of passwords on the wire.  SASL
provides alternatives, but STARTTLS followed by LOGIN works for me.

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 268 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20130420/8fe24484/attachment.sig>

More information about the freebsd-stable mailing list