Mark Martinec:
> After an instant success of switching our Redis server to
> listen only on a link-local (scoped) IPv6 address (RFC 4007),
> along with switching its clients (Amavis, SpamAssassin,
> logfeeder), I got greedy and tried to do the same with postfix,
> which didn't like my idea:
>
> master.cf:
> [fe80::1%lo0]:10025 inet n - n - - smtpd
> results in:
> postfix/master[83621]: fatal: /usr/local/etc/postfix/master.cf: line
> 245:
> valid hostname or network address required in "[fe80::1%lo0]:10025"
>
> similarly:
> smtpd_proxy_filter=inet:[fe80::1%lo0]:10012
> results in:
> postfix/smtpd[23918]: fatal: [fe80::1%lo0]:10012:
> valid hostname or network address required
>
> Admittedly it's not a particularly asked-for feature, although
> it may come handy with limiting access to some service to hosts
> on the same L2 link for free (without a need for a host-firewall),
> and it'd be nice for consistency with other services (telnet,
> ping6, ...).
>
> Considering that getaddrinfo() already handles scope syntax
> avoiding a need to deal with if_nametoindex(3) manually, it's
> probably just a matter of updating the config file syntax
> parsing to recognize scoped IP address. Or am I wrong?
This is likely to break tons of stuff. The function that validates
address syntax is called from many places in Postfix, all the way
to the code that validates IPv6 address literals (user@[ipv6:addr]).
I don't even know if we want to allow scoped addresses there.
Wietse
> A quick reference:
>
> RFC 4007: IPv6 Scoped Address Architecture, sect 11: textual
> representation
> RFC 6874 A <zone_id> SHOULD contain only ASCII characters
> classified as "unreserved" for use in URIs [RFC 3986]
> RFC 3986: unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
>
> http://tools.ietf.org/html/rfc4291
> http://tools.ietf.org/html/rfc3493
> http://tools.ietf.org/html/rfc4007
>
> Mark
>
