On 2024-08-07 07:23, Aki Tuomi wrote:
On 07/08/2024 13:05 EEST Peter via dovecot dovecot@dovecot.org wrote:
On 7/08/24 07:08, Kurt Fitzner via dovecot wrote: Hi,
I just tried to install Dovecot (version 2.3.19.1 9b53102964) on a Debian 12 server I'm building. It failed because Dovecot's default listen address is explicitly "*, ::" and it appears to have no logic to determine if there actually is an IPv6-enabled interface or that IPv6 is enabled on the target machine before it tries to listen on it. If dovecot wants to listen on IPv6 by default, that's neither here nor there, but if this is default behaviour it should check first. How does this affect installation?
I would not expect dovecot to work out of the box without having to change at least some settings to suit my specific installation. Most servers nowadays are dual stack so *, :: makes sense as a default. In your case you simply need to edit your dovecot.conf and add (or uncomment) listen = *.
I'm curious if it's the same behaviour for machines without IPv4.
Machines without IPv4 enabled are even more of a rarity than ones without IPv6 nowadays.
I think it's bad practice, however ubiquitous both are right now, to assume either.
Just want to point out that the OP problem is that he has AF_INET6 disabled.
Dovecot is totaly happy to start if there is ::1 available on the system. Notably this usually happens with Docker or some systems where AF_INET6 has been intentionally disabled.
In these cases it's imo the operator's responsibility to change the listen line to match their preference, and in dovecot's Docker images, we have changed listen to just * for the docker reason.
It does not require you to have *publicly routable* ipv4 or ipv6, just localhost will suffice.
Setting a default listen address to an address family that you don't know exists on target machines is fine, as long as it's a not-fatal failure if that address family doesn't exist. Admitedly the installation failure I experienced was because of a Debianism, which wants to start the service at install time. I'm not actually sure if the failure was right at the end of the install, or if there were other installation steps after the failure that were aborted. Rather than dig through the install scripts (and out of an abundance of caution) I simply tore out Dovecott, enabled IPv6, and then reinstalled it just to make sure all installation steps were followed.
I can't think of another Linux service anywhere that sets a default
listen to adapters on an address family and then makes it a fatal error
if that family doesn't exist. One shouldn't have to enable an address
family one doesn't use in order to get a service to install properly.
Please either make this a non-fatal error, or by default have Dovecot
not listen on anything and require the user to explicitly set the listen
adapters in the config file. Don't you think that a warning in the
journal is the more appropriate level of response to a default listen
adapter not existing?
Thanks