July 1, 2020 7:34 AM, "Harald Dunkel" <harald.dun...@aixigo.com> wrote:
> Hi folks, > > spamd(8) still mentions 127.0.0.1, but no indication of IPv6 support. > Looking on Google for "openbsd spamd ipv6" gives me some entries of > 2015 and 2016, but no up-to-date information. Please excuse if I am > too blind to see. > > I am a big fan of spamd, but I wonder is spamd in a dead-end wrt IP > address families? Would you recommend "IPv4 only" for EMail? I was just wondering about this too! I can't see a clear answer anywhere online either. I went looking because I realized that # /etc/pf.conf pass in log proto tcp to any port smtp divert-to 127.0.0.1 port spamd was becoming # pfctl -s rules pass in log inet proto tcp from any to any port = 25 flags S/SA divert-to 127.0.0.1 port 8025 I wondered where that `inet` was coming from. Eventually I realized that maybe pf was implying it from the divert-to, since, according to pf.conf(5): > divert-to [...] The packets will not be modified [...] so if a packet comes in as IPv4 (inet) is has to stay IPv4. I tried # /etc/pf.conf pass in log proto tcp to any port smtp divert-to 127.0.0.1 port spamd pass in log proto tcp to any port smtp divert-to ::1 port spamd and this became # pfctl -s rules pass in log inet proto tcp from any to any port = 25 flags S/SA divert-to 127.0.0.1 port 8025 pass in log inet6 proto tcp from any to any port = 25 flags S/SA divert-to ::1 port 8025 However if I actually tried to connect via IPv6 (`nc -6 mail.myserver.com 25`) I just get an immediately closed connection, presumably because ::1:8025 isn't open. Come to think of it, because spamd uses IP addresses to do its job, for this to happen the database format needs to be augmented to store the longer addresses, so it's not necessarily a simple change, and that's probably why it hasn't happened yet. I just double-checked by digging around in the code (which I am not finally experienced enough for, phew) and found: https://github.com/openbsd/src/blob/cf8f31167b4af5c8ea769ff3d8a5974a24fec6bb/libexec/spamd/spamd.c#L1427 smtplisten = socket(AF_INET, SOCK_STREAM, 0); So yeah, it looks like it's still inet-only, no inet6 here. -Nick