Re: 3.0.3: "mynetworks" values are busted and missing ipv6 info

2016-02-09 Thread Wietse Venema 
Quanah Gibson-Mount:
> --On Monday, February 08, 2016 8:00 PM -0500 Wietse Venema 
>  wrote:
> 
> > Quanah Gibson-Mount:
> >> In Postfix > 3.0.x, the value from postconf mynetworks returns incorrect
> >> netmask values, and it is missing IPv6 entirely:
> >
> > This depends on the inet_protocols setting.
> >
> ># postconf inet_protocols=all
> ># postconf mynetworks
> > mynetworks = 127.0.0.1/32 192.168.122.1/32 168.100.189.7/32 [::1]/128
> > [fe80::223:55ff:fe5c:3985]/128
> 
> And the invalid netmask?  Which was the 1st part of what I was noting.  It 
> should be 127.0.0.1/8 for example, not 127.0.0.1/32.

RTFM. Also in the RELEASE_NOTES.

Wietse

$ man 5 postconf | less +/'^mynetworks_style'
mynetworks_style (default: Postfix >= 3.0: host, Postfix < 3.0: subnet)
   The  method to generate the default value for the mynetworks parameter.
   This is the list of trusted networks for relay access control etc.
...

$ postconf -d mynetworks_style
mynetworks_style = ${{$compatibility_level} < {2} ? {subnet} : {host}}

Re: 3.0.3: "mynetworks" values are busted and missing ipv6 info

2016-02-09 Thread Quanah Gibson-Mount 
--On Tuesday, February 09, 2016 6:14 AM -0500 Wietse Venema 
 wrote:



Quanah Gibson-Mount:

--On Monday, February 08, 2016 8:00 PM -0500 Wietse Venema
 wrote:

> Quanah Gibson-Mount:
>> In Postfix > 3.0.x, the value from postconf mynetworks returns
>> incorrect netmask values, and it is missing IPv6 entirely:
>
> This depends on the inet_protocols setting.
>
># postconf inet_protocols=all
># postconf mynetworks
> mynetworks = 127.0.0.1/32 192.168.122.1/32 168.100.189.7/32 [::1]/128
> [fe80::223:55ff:fe5c:3985]/128

And the invalid netmask?  Which was the 1st part of what I was noting.
It  should be 127.0.0.1/8 for example, not 127.0.0.1/32.




Is there any way to get the entire behavior to be as it was in 2.x and 
previous?  I can set the style to hosts, but I want the entire interface 
data set correctly regardless of what the current inet_protocols option is 
set to.


--Quanah


--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.

Zimbra ::  the leader in open source messaging and collaboration
A division of Synacor, Inc

Re: 3.0.3: "mynetworks" values are busted and missing ipv6 info

2016-02-09 Thread Tom Hendrikx 


On 09-02-16 12:14, Wietse Venema wrote:
> Quanah Gibson-Mount:
>> --On Monday, February 08, 2016 8:00 PM -0500 Wietse Venema 
>>  wrote:
>>
>>> Quanah Gibson-Mount:
 In Postfix > 3.0.x, the value from postconf mynetworks returns incorrect
 netmask values, and it is missing IPv6 entirely:
>>>
>>> This depends on the inet_protocols setting.
>>>
>>> # postconf inet_protocols=all
>>> # postconf mynetworks
>>> mynetworks = 127.0.0.1/32 192.168.122.1/32 168.100.189.7/32 [::1]/128
>>> [fe80::223:55ff:fe5c:3985]/128
>>
>> And the invalid netmask?  Which was the 1st part of what I was noting.  It 
>> should be 127.0.0.1/8 for example, not 127.0.0.1/32.
> 
> RTFM. Also in the RELEASE_NOTES.
> 
>   Wietse
> 
> $ man 5 postconf | less +/'^mynetworks_style'
> mynetworks_style (default: Postfix >= 3.0: host, Postfix < 3.0: subnet)
>The  method to generate the default value for the mynetworks parameter.
>This is the list of trusted networks for relay access control etc.
>   ...
> 
> $ postconf -d mynetworks_style
> mynetworks_style = ${{$compatibility_level} < {2} ? {subnet} : {host}}
> 

You could argue that "mynetworks_style = host" still should set the
subnet for 127.0.0.1 to /8, and not /32

Regards,
Tom

Re: 3.0.3: "mynetworks" values are busted and missing ipv6 info

2016-02-09 Thread Wietse Venema 
Tom Hendrikx:
> > $ postconf -d mynetworks_style
> > mynetworks_style = ${{$compatibility_level} < {2} ? {subnet} : {host}}
> > 
> 
> You could argue that "mynetworks_style = host" still should set the
> subnet for 127.0.0.1 to /8, and not /32

On many systems, an interface address of 127.0.0.1 is not a wild-card
address for the entire subnet, not even on the loopback interface.

% telnet 127.0.0.2 22
Trying 127.0.0.2...
telnet: connect to address 127.0.0.2: Can't assign requested address
telnet: Unable to connect to remote host

Therefore, I'll stick with host==/32 for all IPv4 addresses.

Wietse

Re: 3.0.3: "mynetworks" values are busted and missing ipv6 info

2016-02-09 Thread Wietse Venema 
Wietse Venema:
> Quanah Gibson-Mount:
> > Is there any way to get the entire behavior to be as it was in 2.x and 
> > previous?  I can set the style to hosts, but I want the entire interface 
> > data set correctly regardless of what the current inet_protocols option is 
> > set to.
> 
> We aim to please:
> 
> http://www.postfix.org/COMPATIBILITY_README.html
> 
> When the major release number changes, it is for a good reason.
> 
> The "inet_protocols" setting is not covered by this, because it hasn't 
> changed.

BTW, with inet_protocols=ipv4, Postfix has never included IPv6
addresses in the default mynetworks value. Including IPv6 addresses
would not make any sense when Postfix cannot accept or create IPv6
connections.

Wietse

Re: 3.0.3: "mynetworks" values are busted and missing ipv6 info

2016-02-09 Thread Wietse Venema 
Quanah Gibson-Mount:
> Is there any way to get the entire behavior to be as it was in 2.x and 
> previous?  I can set the style to hosts, but I want the entire interface 
> data set correctly regardless of what the current inet_protocols option is 
> set to.

We aim to please:

http://www.postfix.org/COMPATIBILITY_README.html

When the major release number changes, it is for a good reason.

The "inet_protocols" setting is not covered by this, because it hasn't changed.

Wietse

Re: 3.0.3: "mynetworks" values are busted and missing ipv6 info

2016-02-09 Thread Quanah Gibson-Mount 
--On Tuesday, February 09, 2016 11:00 AM -0500 Wietse Venema 
 wrote:



The "inet_protocols" setting is not covered by this, because it hasn't
changed.


BTW, with inet_protocols=ipv4, Postfix has never included IPv6
addresses in the default mynetworks value. Including IPv6 addresses
would not make any sense when Postfix cannot accept or create IPv6
connections.


Thanks.  In going over the old 2.x system, inet_protocols wasn't explicitly 
set in main.cf, so it defaulted to "all".  Now I have it explicitly set to 
what postfix ships with, which is "ipv4" as the default.


I realize I don't use mynetworks the way you probably anticipated. ;)  I've 
redone my build so that it behaves the way I need it to work.


--Quanah

--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.

Zimbra ::  the leader in open source messaging and collaboration
A division of Synacor, Inc

Re: 3.0.3: "mynetworks" values are busted and missing ipv6 info

2016-02-09 Thread Quanah Gibson-Mount 
--On Tuesday, February 09, 2016 8:56 AM -0800 Quanah Gibson-Mount 
 wrote:



--On Tuesday, February 09, 2016 11:00 AM -0500 Wietse Venema
 wrote:


The "inet_protocols" setting is not covered by this, because it hasn't
changed.


BTW, with inet_protocols=ipv4, Postfix has never included IPv6
addresses in the default mynetworks value. Including IPv6 addresses
would not make any sense when Postfix cannot accept or create IPv6
connections.


Thanks.  In going over the old 2.x system, inet_protocols wasn't
explicitly set in main.cf, so it defaulted to "all".  Now I have it
explicitly set to what postfix ships with, which is "ipv4" as the default.

I realize I don't use mynetworks the way you probably anticipated. ;)
I've redone my build so that it behaves the way I need it to work.


Even after setting the style to "host", it still generates the incorrect 
netmask:


[zimbra@zre-ldap003 ~]$ postconf mynetworks mynetworks_style
mynetworks = 127.0.0.1/32 10.137.242.53/32 [::1]/128 
[fc00:10:137:242::53]/128 [fe80::250:56ff:fe8f:cbcd]/128

mynetworks_style = host


--Quanah

--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.

Zimbra ::  the leader in open source messaging and collaboration
A division of Synacor, Inc

Re: 3.0.3: "mynetworks" values are busted and missing ipv6 info

2016-02-09 Thread Wietse Venema 
Quanah Gibson-Mount:
> --On Tuesday, February 09, 2016 12:36 PM -0500 Viktor Dukhovni 
>  wrote:
> 
> >
> >> On Feb 9, 2016, at 12:14 PM, Quanah Gibson-Mount 
> >> wrote:
> >>
> >> Even after setting the style to "host", it still generates the incorrect
> >> netmask:
> >>
> >> [zimbra@zre-ldap003 ~]$ postconf mynetworks mynetworks_style
> >> mynetworks = 127.0.0.1/32 10.137.242.53/32 [::1]/128
> >> [fc00:10:137:242::53]/128 [fe80::250:56ff:fe8f:cbcd]/128
> >> mynetworks_style = host
> >
> > The mask is correct.  With "host" mynetworks is limited to the list of
> > interface addresses verbatim, the interface subnet mask is not used.
> 
> So this is a significant regression vs 2.x.  I need it to return valid 
> values based on what the netmask settings are for the interface.

mynetworks_style=host has always worked this way.  The difference
with mynetworks_style=subnet is intentional. Different settings
give two different results.

Just go with COMPATIBILITY_READMNE guidelines: if the new default
is not what you want, set the old default in main.cf. 

Wietse

Re: 3.0.3: "mynetworks" values are busted and missing ipv6 info

2016-02-09 Thread Quanah Gibson-Mount 
--On Tuesday, February 09, 2016 1:24 PM -0500 Viktor Dukhovni 
 wrote:



Sounds like you want "mynetworks_style = subnet", so go ahead and
do that, provided no hosts sharing the same subnet are untrusted
(for relay and the like).


Yeah, just got that sorted out.  I was thinking the old default was host, 
not subnet, so had the logic reversed. ;)


Thanks!

--Quanah

--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.

Zimbra ::  the leader in open source messaging and collaboration
A division of Synacor, Inc

Re: 3.0.3: "mynetworks" values are busted and missing ipv6 info

2016-02-09 Thread Viktor Dukhovni 

> On Feb 9, 2016, at 12:51 PM, Quanah Gibson-Mount  wrote:
> 
> So this is a significant regression vs 2.x.  I need it to return valid values 
> based on what the netmask settings are for the interface.

I repeat: there is no regression, the pain is self-inficted.

The defaults are backwards-compatible.  Given an existing main.cf
file, Postfix >= 3.0 will behave just like Postfix 2.x, but will
issue warnings when using backwards compatible *defaults*.

The compatibility_level is set to 2 only when stock main.cf files
are installed on a fresh system.  For new deployments (rather than
upgrades) the new defaults are intentional improvements, and not
"regressions".

   See http://www.postfix.org/COMPATIBILITY_README.html

To suppress the warnings set the parameter in question explicitly
and/or raise the compatibility level to enable the new defaults.

Sounds like you want "mynetworks_style = subnet", so go ahead and
do that, provided no hosts sharing the same subnet are untrusted
(for relay and the like).

-- 
Viktor.

Re: 3.0.3: "mynetworks" values are busted and missing ipv6 info

2016-02-09 Thread Viktor Dukhovni 

> On Feb 9, 2016, at 12:14 PM, Quanah Gibson-Mount  wrote:
> 
> Even after setting the style to "host", it still generates the incorrect 
> netmask:
> 
> [zimbra@zre-ldap003 ~]$ postconf mynetworks mynetworks_style
> mynetworks = 127.0.0.1/32 10.137.242.53/32 [::1]/128 
> [fc00:10:137:242::53]/128 [fe80::250:56ff:fe8f:cbcd]/128
> mynetworks_style = host

The mask is correct.  With "host" mynetworks is limited to the list of
interface addresses verbatim, the interface subnet mask is not used.

-- 
Viktor.

Re: 3.0.3: "mynetworks" values are busted and missing ipv6 info

2016-02-09 Thread Viktor Dukhovni 

> On Feb 9, 2016, at 11:56 AM, Quanah Gibson-Mount  wrote:
> 
> Thanks.  In going over the old 2.x system, inet_protocols wasn't explicitly 
> set in main.cf, so it defaulted to "all".  Now I have it explicitly set to 
> what postfix ships with, which is "ipv4" as the default.

Actually, "ipv4" is not "the default".  The default is "all" in builds that 
support
IPv6 and don't override DEF_INET_PROTOCOLS via CCARGS:

src/util/sys_defs.h:
 /*
  * The Postfix 2.9 post-install workaround assumes that the inet_protocols
  * default value is "ipv4" when Postfix is compiled without IPv6 support.
  */
#ifndef DEF_INET_PROTOCOLS
#ifdef HAS_IPV6
#define DEF_INET_PROTOCOLS  INET_PROTO_NAME_ALL
#else
#define DEF_INET_PROTOCOLS  INET_PROTO_NAME_IPV4
#endif
#endif

IIRC, the only thing that changed in 3.x is the default value of 
mynetworks_style,
when the compatibility level is set high enough. This has no effect on the 
available
protocols.

Whatever pain you're experiencing looks rather self-inflicted.

-- 
Viktor.

Re: 3.0.3: "mynetworks" values are busted and missing ipv6 info

2016-02-09 Thread Quanah Gibson-Mount 
--On Tuesday, February 09, 2016 12:36 PM -0500 Viktor Dukhovni 
 wrote:





On Feb 9, 2016, at 12:14 PM, Quanah Gibson-Mount 
wrote:

Even after setting the style to "host", it still generates the incorrect
netmask:

[zimbra@zre-ldap003 ~]$ postconf mynetworks mynetworks_style
mynetworks = 127.0.0.1/32 10.137.242.53/32 [::1]/128
[fc00:10:137:242::53]/128 [fe80::250:56ff:fe8f:cbcd]/128
mynetworks_style = host


The mask is correct.  With "host" mynetworks is limited to the list of
interface addresses verbatim, the interface subnet mask is not used.


So this is a significant regression vs 2.x.  I need it to return valid 
values based on what the netmask settings are for the interface.


--Quanah

--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.

Zimbra ::  the leader in open source messaging and collaboration
A division of Synacor, Inc

Re: 3.0.3: "mynetworks" values are busted and missing ipv6 info

2016-02-08 Thread Benny Pedersen 

On 2016-02-09 05:30, Quanah Gibson-Mount wrote:


And the invalid netmask?  Which was the 1st part of what I was noting.
 It should be 127.0.0.1/8 for example, not 127.0.0.1/32.


postconf mynetworks_style

where is the invalid part ? :=)

Re: 3.0.3: "mynetworks" values are busted and missing ipv6 info

2016-02-08 Thread Quanah Gibson-Mount 
--On Monday, February 08, 2016 8:00 PM -0500 Wietse Venema 
 wrote:



Quanah Gibson-Mount:

In Postfix > 3.0.x, the value from postconf mynetworks returns incorrect
netmask values, and it is missing IPv6 entirely:


This depends on the inet_protocols setting.

# postconf inet_protocols=all
# postconf mynetworks
mynetworks = 127.0.0.1/32 192.168.122.1/32 168.100.189.7/32 [::1]/128
[fe80::223:55ff:fe5c:3985]/128


And the invalid netmask?  Which was the 1st part of what I was noting.  It 
should be 127.0.0.1/8 for example, not 127.0.0.1/32.


--Quanah

--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.

Zimbra ::  the leader in open source messaging and collaboration
A division of Synacor, Inc

Re: 3.0.3: "mynetworks" values are busted and missing ipv6 info

2016-02-08 Thread Wietse Venema 
Quanah Gibson-Mount:
> In Postfix > 3.0.x, the value from postconf mynetworks returns incorrect 
> netmask values, and it is missing IPv6 entirely:

This depends on the inet_protocols setting.

# postconf inet_protocols=all
# postconf mynetworks
mynetworks = 127.0.0.1/32 192.168.122.1/32 168.100.189.7/32 [::1]/128 
[fe80::223:55ff:fe5c:3985]/128

# postconf inet_protocols=ipv4
# postconf mynetworks
mynetworks = 127.0.0.1/32 192.168.122.1/32 168.100.189.7/32

# postconf inet_protocols=ipv6
# postconf mynetworks
mynetworks = [::1]/128 [fe80::223:55ff:fe5c:3985]/128

Wietse