682792 – incorrect 'sendmail.mc' line for specifying IPv6 MTA listener

Bug 682792 - incorrect 'sendmail.mc' line for specifying IPv6 MTA listener

Summary: incorrect 'sendmail.mc' line for specifying IPv6 MTA listener

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	sendmail
Sub Component:
Version:	5.5
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Jaroslav Škarvada
QA Contact:	qe-baseos-daemons
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	918527
TreeView+	depends on / blocked

Reported:	2011-03-07 15:44 UTC by starlight
Modified:	2013-03-06 13:14 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	918527 (view as bug list)
Environment:
Last Closed:	2013-03-06 13:14:36 UTC
Target Upstream Version:
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description starlight 2011-03-07 15:44:53 UTC

Description of problem:

The commented example line 143 of '/etc/mail/sendmail.mc'
is written incorrectly.

Version-Release number of selected component (if applicable):

RPM sendmail-8.13.8-8.el5

The line in question is written

DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')

and should be written

DAEMON_OPTIONS(`Name=MTA-v4, Family=inet')dnl
DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6')dnl

this is per an exchange with Claus Assmann at sendmail.org.

=========

Note however that this presents subsequent issues.

The line as originally written effectively specifies a single
IPv6 listener socket as the last two elements supercede the
first two elements.  Two problems derive from this:

1) Per Clauas, 'sendmail' is not presently intended to accept 
IPv4 connections on PF_INET6 listener sockets even though this 
is the convention with dual-stack OSs.  While it mostly works, a 
bug in the handling of DNSBL lists causes the syslog report for 
blocked connections to have the wrong value show in  arg2=.  
Instead of showing the return value from the DNSBL lookup
(e.g. 127.0.0.2), the IP address of the remote MTA is shown.
Probably other glitches exist.

2) If the correct form is used, Linux produces an error trying
to open the second, IPv6 listener on the global address for port
25.  This behavior is apparently the intended design in the Linux
kernel where it is expected that programs will listen for
both IPv4 and IPv6 connections from a single PF_INET6 listener
socket.  Once accepted, the type of a socket can be checked
and address-specific processing determined then.

Was able to work around this by specifying separate listeners
for each of IPv4 and IPv6 on each physical interface and
for the local loopback addresses.  For example:

DAEMON_OPTIONS(`Name=MTAv4_87, Family=inet, Addr=172.29.87.18')dnl
DAEMON_OPTIONS(`Name=MTAv4_88, Family=inet, Addr=172.29.88.18')dnl
DAEMON_OPTIONS(`Name=MTAv6_87, Family=inet6, Addr=2001:470:885c:87::18')dnl
DAEMON_OPTIONS(`Name=MTAv6_88, Family=inet6, Addr=2001:470:885c:88::18')dnl
DAEMON_OPTIONS(`Name=MTAv4_l, Family=inet, Addr=127.0.0.1')dnl
DAEMON_OPTIONS(`Name=MTAv6_l, Family=inet6, Addr=::1')dnl

However this is inconvenient.

Comment 1 Jaroslav Škarvada 2013-03-06 13:09:53 UTC

This doesn't seem to be resolved in Red Hat Enterprise Linux 6, cloning.

Comment 2 Jaroslav Škarvada 2013-03-06 13:14:36 UTC

Red Hat Enterprise Linux 5 entered Production 2 phase. The focus for minor releases during this phase lies on resolving urgent or high priority bugs. For more details see https://access.redhat.com/support/policy/updates/errata/. As this bug is not qualified as urgent or high priority it is closed with resolution WONTFIX. If this issue is critical for your business you can escalate it through the support channel (http://www.redhat.com/support/).

Note You need to log in before you can comment on or make changes to this bug.