I will reply to the email rather than press reply on the web mailing list page. Probably got this wrong too!
I don't consider our setup non-standard. It is a standard IPV4 setup. We will support IPV6 once our network security is reworked and everyone has a full understanding of IPV6 and it's challenges. An IPV6 stack on the box is an additional attack vector we are not setup up for at present. We will get there.
Simply assuming IPV6 is there and then crashing out when it's not is not useful when installing as part of another package or from the supported OS repos. Yes, I understand we can hack the config to workaround this. But only after the install has failed.
An example would be installing a virtualmin server for instance. A LAMP stack and all Packages are installed from the repos as part of an installer script. Dovecot crashes out as no IPV6 and that leaves the server in an unusable state.
I believe it really would be good practice to fallback to IPV4 only listeners if IPV6 listener fails. Rather than crash out.
Thank you for your consideration. Cheers
----- Original Message ----- From: "Michael Peddemors" michael@linuxmagic.com To: "dovecot" dovecot@dovecot.org Sent: Monday, 4 September, 2023 19:36:45 Subject: Re: DOvecot requires both IPv4 and IPV6 to start
On 2023-09-04 08:58, Eduardo M KALINOWSKI via dovecot wrote:
On 04/09/2023 11:12, TWHG Technical via dovecot wrote:
But that is not this issue. The issue is that dovecot is assuming that IPV6 is there and crashes out if it's not. Hacking the config to only listen on IP4 solves the problem but not while installing from standard repos to install the currently supported version.
dovecot can handle an IPv4-only setup, you just have to tell it to (by setting a custom 'listen' config entry, as you have already found out).
Your setup is non-standard, so it's expected that you'll have to make changes to accommodate that. Expecting that dovecot changes its default because of your particularities may be asking a little too much.
PS: It would be easier to follow the discussion if you actually replied to the messages (quoting the relevant parts) instead of sending a new message. But be sure to use a client that sets in-reply-to: or references: headers so that the thread is not broken.
However, I 'get' this persons' opinion, from a developers perspective.
The system should either run, or provide a clear reason why it didn't startup (that reason could be .. You have selected * but IPv6 is not available). Doesn't really matter what the dependency is, whether a missing package, or a service not responding, there should be sane checks, and turning off IPv6 is probably a lot more popular than you think, given the increased attack vector and other observed issues.
But of course, the listen directive can easily be modified. Just harder for newbies looking for an 'out of the box' solution.
-- "Catch the Magic of Linux..."
Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company.
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org