spamd vs IPv6

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

spamd vs IPv6

Harald Dunkel
Hi folks,

spamd(8) still mentions 127.0.0.1, but no indication of IPv6 support.
Looking on Google for "openbsd spamd ipv6" gives me some entries of
2015 and 2016, but no up-to-date information. Please excuse if I am
too blind to see.

I am a big fan of spamd, but I wonder is spamd in a dead-end wrt IP
address families? Would you recommend "IPv4 only" for EMail?


Regards
Harri

Reply | Threaded
Open this post in threaded view
|

Re: spamd vs IPv6

Nick Guenther-2
July 1, 2020 7:34 AM, "Harald Dunkel" <[hidden email]> wrote:

> Hi folks,
>
> spamd(8) still mentions 127.0.0.1, but no indication of IPv6 support.
> Looking on Google for "openbsd spamd ipv6" gives me some entries of
> 2015 and 2016, but no up-to-date information. Please excuse if I am
> too blind to see.
>
> I am a big fan of spamd, but I wonder is spamd in a dead-end wrt IP
> address families? Would you recommend "IPv4 only" for EMail?

I was just wondering about this too! I can't see a clear answer anywhere online either.




I went looking because I realized that

# /etc/pf.conf
pass in log proto tcp to any port smtp divert-to 127.0.0.1 port spamd

was becoming

# pfctl -s rules
pass in log inet proto tcp from any to any port = 25 flags S/SA divert-to 127.0.0.1 port 8025

I wondered where that `inet` was coming from. Eventually I realized that maybe pf was implying it from the divert-to, since, according to pf.conf(5):

>     divert-to [...] The packets will not be modified [...]

so if a packet comes in as IPv4 (inet) is has to stay IPv4.

I tried

# /etc/pf.conf
pass in log proto tcp to any port smtp divert-to 127.0.0.1 port spamd
pass in log proto tcp to any port smtp divert-to ::1 port spamd

and this became

# pfctl -s rules      
pass in log inet proto tcp from any to any port = 25 flags S/SA divert-to 127.0.0.1 port 8025
pass in log inet6 proto tcp from any to any port = 25 flags S/SA divert-to ::1 port 8025


However if I actually tried to connect via IPv6 (`nc -6 mail.myserver.com 25`) I just get an immediately closed connection, presumably because ::1:8025 isn't open.


Come to think of it, because spamd uses IP addresses to do its job, for this to happen the database format needs to be augmented to store the longer addresses, so it's not necessarily a simple change, and that's probably why it hasn't happened yet.

I just double-checked by digging around in the code (which I am not finally experienced enough for, phew) and found: https://github.com/openbsd/src/blob/cf8f31167b4af5c8ea769ff3d8a5974a24fec6bb/libexec/spamd/spamd.c#L1427

        smtplisten = socket(AF_INET, SOCK_STREAM, 0);

So yeah, it looks like it's still inet-only, no inet6 here.

-Nick

Reply | Threaded
Open this post in threaded view
|

Re: spamd vs IPv6

Edgar Pettijohn III-2
Have you tried starting spamd with '-l ::1' to alter its address to bind
to?
Edgar


On Feb 22, 2021 10:11 AM, Nick Guenther <[hidden email]> wrote:

  July 1, 2020 7:34 AM, "Harald Dunkel" <[hidden email]>
  wrote:

  > Hi folks,
  >
  > spamd(8) still mentions 127.0.0.1, but no indication of IPv6
  support.
  > Looking on Google for "openbsd spamd ipv6" gives me some entries of
  > 2015 and 2016, but no up-to-date information. Please excuse if I am
  > too blind to see.
  >
  > I am a big fan of spamd, but I wonder is spamd in a dead-end wrt IP
  > address families? Would you recommend "IPv4 only" for EMail?

  I was just wondering about this too! I can't see a clear answer
  anywhere online either.




  I went looking because I realized that

  # /etc/pf.conf
  pass in log proto tcp to any port smtp divert-to 127.0.0.1 port spamd

  was becoming

  # pfctl -s rules
  pass in log inet proto tcp from any to any port = 25 flags S/SA
  divert-to 127.0.0.1 port 8025

  I wondered where that `inet` was coming from. Eventually I realized
  that maybe pf was implying it from the divert-to, since, according to
  pf.conf(5):

  >     divert-to [...] The packets will not be modified [...]

  so if a packet comes in as IPv4 (inet) is has to stay IPv4.

  I tried

  # /etc/pf.conf
  pass in log proto tcp to any port smtp divert-to 127.0.0.1 port spamd
  pass in log proto tcp to any port smtp divert-to ::1 port spamd

  and this became

  # pfctl -s rules    
  pass in log inet proto tcp from any to any port = 25 flags S/SA
  divert-to 127.0.0.1 port 8025
  pass in log inet6 proto tcp from any to any port = 25 flags S/SA
  divert-to ::1 port 8025


  However if I actually tried to connect via IPv6 (`nc -6
  mail.myserver.com 25`) I just get an immediately closed connection,
  presumably because ::1:8025 isn't open.


  Come to think of it, because spamd uses IP addresses to do its job,
  for this to happen the database format needs to be augmented to store
  the longer addresses, so it's not necessarily a simple change, and
  that's probably why it hasn't happened yet.

  I just double-checked by digging around in the code (which I am not
  finally experienced enough for, phew) and found:
  https://github.com/openbsd/src/blob/cf8f31167b4af5c8ea769ff3d8a5974a24fec6bb/libexec/spamd/spamd.c#L1427

  smtplisten = socket(AF_INET, SOCK_STREAM, 0);

  So yeah, it looks like it's still inet-only, no inet6 here.

  -Nick
Reply | Threaded
Open this post in threaded view
|

Re: spamd vs IPv6

Nick Guenther-2
February 22, 2021 1:22 PM, "Edgar Pettijohn" <[hidden email]> wrote:

> Have you tried starting spamd with '-l ::1' to alter its address to bind
> to?

I hadn't! But it's no help:

comms# /usr/libexec/spamd -l ::1 -d -v -G 15:4:864 -C /etc/letsencrypt/live/comms.kousu.ca/fullchain.pem -K /etc/letsencrypt/live/comms.kousu.ca/privkey.paranoid.pem
spamd: getaddrinfo: no address associated with name

Reply | Threaded
Open this post in threaded view
|

Re: spamd vs IPv6

Edgar Pettijohn III-2
On Mon, Feb 22, 2021 at 06:28:29PM +0000, Nick Guenther wrote:

> February 22, 2021 1:22 PM, "Edgar Pettijohn" <[hidden email]> wrote:
>
> > Have you tried starting spamd with '-l ::1' to alter its address to bind
> > to?
>
> I hadn't! But it's no help:
>
> comms# /usr/libexec/spamd -l ::1 -d -v -G 15:4:864 -C /etc/letsencrypt/live/comms.kousu.ca/fullchain.pem -K /etc/letsencrypt/live/comms.kousu.ca/privkey.paranoid.pem
> spamd: getaddrinfo: no address associated with name
>

Looks like its hardcoded to only support inet4.