Bug 682792

Summary: incorrect 'sendmail.mc' line for specifying IPv6 MTA listener
Product: Red Hat Enterprise Linux 5 Reporter: starlight
Component: sendmailAssignee: Jaroslav Škarvada <jskarvad>
Status: CLOSED WONTFIX QA Contact: qe-baseos-daemons
Severity: medium Docs Contact:
Priority: unspecified    
Version: 5.5   
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 918527 (view as bug list) Environment:
Last Closed: 2013-03-06 13:14:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 918527    

Description starlight 2011-03-07 15:44:53 UTC 
Description of problem:

The commented example line 143 of '/etc/mail/sendmail.mc'
is written incorrectly.

Version-Release number of selected component (if applicable):

RPM sendmail-8.13.8-8.el5

The line in question is written

DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')

and should be written

DAEMON_OPTIONS(`Name=MTA-v4, Family=inet')dnl
DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6')dnl

this is per an exchange with Claus Assmann at sendmail.org.

=========

Note however that this presents subsequent issues.

The line as originally written effectively specifies a single
IPv6 listener socket as the last two elements supercede the
first two elements.  Two problems derive from this:

1) Per Clauas, 'sendmail' is not presently intended to accept 
IPv4 connections on PF_INET6 listener sockets even though this 
is the convention with dual-stack OSs.  While it mostly works, a 
bug in the handling of DNSBL lists causes the syslog report for 
blocked connections to have the wrong value show in  arg2=.  
Instead of showing the return value from the DNSBL lookup
(e.g. 127.0.0.2), the IP address of the remote MTA is shown.
Probably other glitches exist.

2) If the correct form is used, Linux produces an error trying
to open the second, IPv6 listener on the global address for port
25.  This behavior is apparently the intended design in the Linux
kernel where it is expected that programs will listen for
both IPv4 and IPv6 connections from a single PF_INET6 listener
socket.  Once accepted, the type of a socket can be checked
and address-specific processing determined then.

Was able to work around this by specifying separate listeners
for each of IPv4 and IPv6 on each physical interface and
for the local loopback addresses.  For example:

DAEMON_OPTIONS(`Name=MTAv4_87, Family=inet, Addr=172.29.87.18')dnl
DAEMON_OPTIONS(`Name=MTAv4_88, Family=inet, Addr=172.29.88.18')dnl
DAEMON_OPTIONS(`Name=MTAv6_87, Family=inet6, Addr=2001:470:885c:87::18')dnl
DAEMON_OPTIONS(`Name=MTAv6_88, Family=inet6, Addr=2001:470:885c:88::18')dnl
DAEMON_OPTIONS(`Name=MTAv4_l, Family=inet, Addr=127.0.0.1')dnl
DAEMON_OPTIONS(`Name=MTAv6_l, Family=inet6, Addr=::1')dnl

However this is inconvenient.
Comment 1 Jaroslav Škarvada 2013-03-06 13:09:53 UTC 
This doesn't seem to be resolved in Red Hat Enterprise Linux 6, cloning.
Comment 2 Jaroslav Škarvada 2013-03-06 13:14:36 UTC 
Red Hat Enterprise Linux 5 entered Production 2 phase. The focus for minor releases during this phase lies on resolving urgent or high priority bugs. For more details see https://access.redhat.com/support/policy/updates/errata/. As this bug is not qualified as urgent or high priority it is closed with resolution WONTFIX. If this issue is critical for your business you can escalate it through the support channel (http://www.redhat.com/support/).