Re: spamd vs IPv6

Mon, 22 Feb 2021 10:19:54 -0800 

Have you tried starting spamd with '-l ::1' to alter its address to bind
to?
Edgar 


On Feb 22, 2021 10:11 AM, Nick Guenther <n...@kousu.ca> wrote:

  July 1, 2020 7:34 AM, "Harald Dunkel" <harald.dun...@aixigo.com>
  wrote:

  > Hi folks,
  >
  > spamd(8) still mentions 127.0.0.1, but no indication of IPv6
  support.
  > Looking on Google for "openbsd spamd ipv6" gives me some entries of
  > 2015 and 2016, but no up-to-date information. Please excuse if I am
  > too blind to see.
  >
  > I am a big fan of spamd, but I wonder is spamd in a dead-end wrt IP
  > address families? Would you recommend "IPv4 only" for EMail?

  I was just wondering about this too! I can't see a clear answer
  anywhere online either.




  I went looking because I realized that

  # /etc/pf.conf
  pass in log proto tcp to any port smtp divert-to 127.0.0.1 port spamd

  was becoming

  # pfctl -s rules
  pass in log inet proto tcp from any to any port = 25 flags S/SA
  divert-to 127.0.0.1 port 8025

  I wondered where that `inet` was coming from. Eventually I realized
  that maybe pf was implying it from the divert-to, since, according to
  pf.conf(5):

  >     divert-to [...] The packets will not be modified [...]

  so if a packet comes in as IPv4 (inet) is has to stay IPv4.

  I tried

  # /etc/pf.conf
  pass in log proto tcp to any port smtp divert-to 127.0.0.1 port spamd
  pass in log proto tcp to any port smtp divert-to ::1 port spamd

  and this became

  # pfctl -s rules     
  pass in log inet proto tcp from any to any port = 25 flags S/SA
  divert-to 127.0.0.1 port 8025
  pass in log inet6 proto tcp from any to any port = 25 flags S/SA
  divert-to ::1 port 8025


  However if I actually tried to connect via IPv6 (`nc -6
  mail.myserver.com 25`) I just get an immediately closed connection,
  presumably because ::1:8025 isn't open.


  Come to think of it, because spamd uses IP addresses to do its job,
  for this to happen the database format needs to be augmented to store
  the longer addresses, so it's not necessarily a simple change, and
  that's probably why it hasn't happened yet.

  I just double-checked by digging around in the code (which I am not
  finally experienced enough for, phew) and found:
  
https://github.com/openbsd/src/blob/cf8f31167b4af5c8ea769ff3d8a5974a24fec6bb/libexec/spamd/spamd.c#L1427

  smtplisten = socket(AF_INET, SOCK_STREAM, 0);

  So yeah, it looks like it's still inet-only, no inet6 here.

  -Nick

Reply via email to