imap/docs/IPv6.txt

/* ========================================================================
 * Copyright 1988-2006 University of Washington
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * 
 * ========================================================================
 */

The following information about configuring inetd and xinetd for IPv6 was
contributed by a user.  I have not checked it for accuracy or completeness,
but have included it as-is in the hope that it may be useful:

---------------------------------------------------------------------------
One thing you might consider adding to the docs are hints for setting up
inetd or xinetd to simultaneously listen on BOTH IPv4 and IPv6 for
different OS.

Some OS want to see separate IPv4-only and IPv6-only listening sockets
configured in inetd.conf or xinetd.conf.  Others will accept IPv4
connections on lines configured for IPv6 and actually generate errors if
you have both configured when inetd or xinetd start up.  It's not clear to
me whether this difference is due to how inetd or xinetd are built or
whether it's due to the kernel's IP stack implementation.  I suspect it's
really the latter.  Below are some examples:

Here's a fragment of /usr/local/etc/xinetd.conf for a FreeBSD 4.9 server:

service imap
{
        socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = root
        server          = /usr/local/libexec/imapd
}
service imap
{
        flags           = IPv6
        socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = root
        server          = /usr/local/libexec/imapd
}
service imaps
{
        socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = root
        server          = /usr/local/libexec/imapd
}
service imaps
{
        flags           = IPv6
        socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = root
        server          = /usr/local/libexec/imapd
}

Note that you have to specify a nearly identical paragraph for each
service which differs only by the 'flags = IPv6'.  An equivalent
inetd.conf would look something like:

imap  stream  tcp     nowait  root    /usr/local/libexec/imapd        imapd
imap  stream  tcp6    nowait  root    /usr/local/libexec/imapd        imapd
imaps stream  tcp     nowait  root    /usr/local/libexec/imapd        imapd
imaps stream  tcp6    nowait  root    /usr/local/libexec/imapd        imapd

The man pages for inetd suggest that if you use a single entry with
'tcp46' replacing either 'tcp' or 'tcp6' the system will listen on both
types of addresses.  At least for the case of FreeBSD this is actually
incorrect.

Now if you were to use the above xinetd.conf on Fedora Linux, it would
complain.  What does work under Linux is to create a single service
paragraph for each service which will accept connections on both IPv4 and
IPv6:

In /etc/xinetd.d/imap:

service imap
{
        flags       = IPv6
        disable     = no
        socket_type = stream
        wait        = no
        user        = root
        server      = /usr/local/sbin/imapd
}

In /etc/xinetd.d/imaps:

service imaps
{
        flags       = IPv6
        disable     = no
        socket_type = stream
        wait        = no
        user        = root
        server      = /usr/local/sbin/imapd
}

The man page for xinetd says the IPv6 flag means xinetd will listen ONLY
on IPv6.  However the actual behaviour (for Fedora Linux) is to listen on
both IPv4 and IPv6.

All of the above also applies to ipop3d.  Anyway, this might save some
folks a little bit of head scratching time.
---------------------------------------------------------------------------
Addendum from the original submitter:
---------------------------------------------------------------------------
I've since learned that the discrepancy really is a function of the OS.
It seems those systems that force you to create separate IPv4 and IPv6
listeners in inetd (or xinetd) are the same systems that also disable
IPv4-mapped IPv6 addresses by default.  This is a boot-time configuration
option.  If you enable IPv4-mapped IPv6 addresses, then the 'tcp46' option
in inetd works and the simplified config would look like:

imap4   stream  tcp46   nowait  root    /usr/local/libexec/imapd        imapd
imaps   stream  tcp46   nowait  root    /usr/local/libexec/imapd        imapd

In FreeBSD, enabling IPv4-mapped addresses is done by adding
ipv6_ipv4mapping="YES" to /etc/rc.conf (in addition to ipv6_enable="YES").
Source from upstream; imap-2007f.tar.gz MD5 2126fd125ea26b73b20f01fcd5940369 2019-01-03 11:12:17 +01:00			`/* ========================================================================`
			`* Copyright 1988-2006 University of Washington`
			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`*`
			`* ========================================================================`
			`*/`

			`The following information about configuring inetd and xinetd for IPv6 was`
			`contributed by a user. I have not checked it for accuracy or completeness,`
			`but have included it as-is in the hope that it may be useful:`

			`---------------------------------------------------------------------------`
			`One thing you might consider adding to the docs are hints for setting up`
			`inetd or xinetd to simultaneously listen on BOTH IPv4 and IPv6 for`
			`different OS.`

			`Some OS want to see separate IPv4-only and IPv6-only listening sockets`
			`configured in inetd.conf or xinetd.conf. Others will accept IPv4`
			`connections on lines configured for IPv6 and actually generate errors if`
			`you have both configured when inetd or xinetd start up. It's not clear to`
			`me whether this difference is due to how inetd or xinetd are built or`
			`whether it's due to the kernel's IP stack implementation. I suspect it's`
			`really the latter. Below are some examples:`

			`Here's a fragment of /usr/local/etc/xinetd.conf for a FreeBSD 4.9 server:`

			`service imap`
			`{`
			`socket_type = stream`
			`protocol = tcp`
			`wait = no`
			`user = root`
			`server = /usr/local/libexec/imapd`
			`}`
			`service imap`
			`{`
			`flags = IPv6`
			`socket_type = stream`
			`protocol = tcp`
			`wait = no`
			`user = root`
			`server = /usr/local/libexec/imapd`
			`}`
			`service imaps`
			`{`
			`socket_type = stream`
			`protocol = tcp`
			`wait = no`
			`user = root`
			`server = /usr/local/libexec/imapd`
			`}`
			`service imaps`
			`{`
			`flags = IPv6`
			`socket_type = stream`
			`protocol = tcp`
			`wait = no`
			`user = root`
			`server = /usr/local/libexec/imapd`
			`}`

			`Note that you have to specify a nearly identical paragraph for each`
			`service which differs only by the 'flags = IPv6'. An equivalent`
			`inetd.conf would look something like:`

			`imap stream tcp nowait root /usr/local/libexec/imapd imapd`
			`imap stream tcp6 nowait root /usr/local/libexec/imapd imapd`
			`imaps stream tcp nowait root /usr/local/libexec/imapd imapd`
			`imaps stream tcp6 nowait root /usr/local/libexec/imapd imapd`

			`The man pages for inetd suggest that if you use a single entry with`
			`'tcp46' replacing either 'tcp' or 'tcp6' the system will listen on both`
			`types of addresses. At least for the case of FreeBSD this is actually`
			`incorrect.`

			`Now if you were to use the above xinetd.conf on Fedora Linux, it would`
			`complain. What does work under Linux is to create a single service`
			`paragraph for each service which will accept connections on both IPv4 and`
			`IPv6:`

			`In /etc/xinetd.d/imap:`

			`service imap`
			`{`
			`flags = IPv6`
			`disable = no`
			`socket_type = stream`
			`wait = no`
			`user = root`
			`server = /usr/local/sbin/imapd`
			`}`

			`In /etc/xinetd.d/imaps:`

			`service imaps`
			`{`
			`flags = IPv6`
			`disable = no`
			`socket_type = stream`
			`wait = no`
			`user = root`
			`server = /usr/local/sbin/imapd`
			`}`

			`The man page for xinetd says the IPv6 flag means xinetd will listen ONLY`
			`on IPv6. However the actual behaviour (for Fedora Linux) is to listen on`
			`both IPv4 and IPv6.`

			`All of the above also applies to ipop3d. Anyway, this might save some`
			`folks a little bit of head scratching time.`
			`---------------------------------------------------------------------------`
			`Addendum from the original submitter:`
			`---------------------------------------------------------------------------`
			`I've since learned that the discrepancy really is a function of the OS.`
			`It seems those systems that force you to create separate IPv4 and IPv6`
			`listeners in inetd (or xinetd) are the same systems that also disable`
			`IPv4-mapped IPv6 addresses by default. This is a boot-time configuration`
			`option. If you enable IPv4-mapped IPv6 addresses, then the 'tcp46' option`
			`in inetd works and the simplified config would look like:`

			`imap4 stream tcp46 nowait root /usr/local/libexec/imapd imapd`
			`imaps stream tcp46 nowait root /usr/local/libexec/imapd imapd`

			`In FreeBSD, enabling IPv4-mapped addresses is done by adding`
			`ipv6_ipv4mapping="YES" to /etc/rc.conf (in addition to ipv6_enable="YES").`