Dovecot refuses to install/run on machine without IPv6
Hi,
I just tried to install Dovecot (version 2.3.19.1 9b53102964) on a Debian 12 server I'm building. It failed because Dovecot's default listen address is explicitly "*, ::" and it appears to have no logic to determine if there actually is an IPv6-enabled interface or that IPv6 is enabled on the target machine before it tries to listen on it. If dovecot wants to listen on IPv6 by default, that's neither here nor there, but if this is default behaviour it should check first.
I'm curious if it's the same behaviour for machines without IPv4.
Kurt Fitzner
On 06/08/2024 21:08, Kurt Fitzner via dovecot wrote:
Hi,
I just tried to install Dovecot (version 2.3.19.1 9b53102964) on a Debian 12 server I'm building. It failed because Dovecot's default listen address is explicitly "*, ::" and it appears to have no logic to determine if there actually is an IPv6-enabled interface or that IPv6 is enabled on the target machine before it tries to listen on it. If dovecot wants to listen on IPv6 by default, that's neither here nor there, but if this is default behaviour it should check first.
I'm curious if it's the same behaviour for machines without IPv4.
Kurt Fitzner
Kurt
I can understand the issues you mention about running Dovecot with a configuration that does not match up with the network configuration of the server. I was curious about what errors you were finding on the install. I am not sure why Dovecot would refuse to install.
Strange to say even though I do have ipv6 configured on the network interface I have your same issue about running Dovecot (and not just Dovecot) on a system that uses systemd. The default systemd scripts don't work for me when rebooting, since the ipv6 interfaces come up later than the ipv4 ones and I never worked out if there was a dependency I could add in the scripts to ensure that Dovecot is started only when the ipv6 interfaces were up. So on every reboot Dovecot startup fails because it doesn't find the ipv6 address, but when started later it works since by that time ipv6 is available.
If Dovecot was modified in the way you were suggesting, it would cause a problem for me. Since then it would check for ipv6 (not yet up) and only bind to ipv4. It would be running but without the configured ipv6. Current behaviour where it refuses to run, is a much better situation, since I just have a cron job that checks if it is not running and starts dovecot by which time ipv6 is ready.
John
On 7/08/24 07:08, Kurt Fitzner via dovecot wrote:
Hi,
I just tried to install Dovecot (version 2.3.19.1 9b53102964) on a Debian 12 server I'm building. It failed because Dovecot's default listen address is explicitly "*, ::" and it appears to have no logic to determine if there actually is an IPv6-enabled interface or that IPv6 is enabled on the target machine before it tries to listen on it. If dovecot wants to listen on IPv6 by default, that's neither here nor there, but if this is default behaviour it should check first.
How does this affect installation?
I would not expect dovecot to work out of the box without having to change at least some settings to suit my specific installation. Most servers nowadays are dual stack so *, :: makes sense as a default. In your case you simply need to edit your dovecot.conf and add (or uncomment) listen = *.
I'm curious if it's the same behaviour for machines without IPv4.
Machines without IPv4 enabled are even more of a rarity than ones without IPv6 nowadays.
Peter
On 07/08/2024 13:05 EEST Peter via dovecot <dovecot@dovecot.org> wrote:
On 7/08/24 07:08, Kurt Fitzner via dovecot wrote:
Hi,
I just tried to install Dovecot (version 2.3.19.1 9b53102964) on a Debian 12 server I'm building. It failed because Dovecot's default listen address is explicitly "*, ::" and it appears to have no logic to determine if there actually is an IPv6-enabled interface or that IPv6 is enabled on the target machine before it tries to listen on it. If dovecot wants to listen on IPv6 by default, that's neither here nor there, but if this is default behaviour it should check first.
How does this affect installation?
I would not expect dovecot to work out of the box without having to change at least some settings to suit my specific installation. Most servers nowadays are dual stack so *, :: makes sense as a default. In your case you simply need to edit your dovecot.conf and add (or uncomment) listen = *.
I'm curious if it's the same behaviour for machines without IPv4.
Machines without IPv4 enabled are even more of a rarity than ones without IPv6 nowadays.
Just want to point out that the OP problem is that he has AF_INET6 disabled.
Dovecot is totaly happy to start if there is ::1 available on the system. Notably this usually happens with Docker or some systems where AF_INET6 has been intentionally disabled.
In these cases it's imo the operator's responsibility to change the listen line to match their preference, and in dovecot's Docker images, we have changed listen to just * for the docker reason.
It does not require you to have *publicly routable* ipv4 or ipv6, just localhost will suffice.
Aki
On 2024-08-07 07:23, Aki Tuomi wrote:
On 07/08/2024 13:05 EEST Peter via dovecot <dovecot@dovecot.org> wrote:
On 7/08/24 07:08, Kurt Fitzner via dovecot wrote: Hi,
I just tried to install Dovecot (version 2.3.19.1 9b53102964) on a Debian 12 server I'm building. It failed because Dovecot's default listen address is explicitly "*, ::" and it appears to have no logic to determine if there actually is an IPv6-enabled interface or that IPv6 is enabled on the target machine before it tries to listen on it. If dovecot wants to listen on IPv6 by default, that's neither here nor there, but if this is default behaviour it should check first. How does this affect installation?
I would not expect dovecot to work out of the box without having to change at least some settings to suit my specific installation. Most servers nowadays are dual stack so *, :: makes sense as a default. In your case you simply need to edit your dovecot.conf and add (or uncomment) listen = *.
I'm curious if it's the same behaviour for machines without IPv4.
Machines without IPv4 enabled are even more of a rarity than ones without IPv6 nowadays.
I think it's bad practice, however ubiquitous both are right now, to assume either.
Just want to point out that the OP problem is that he has AF_INET6 disabled.
Dovecot is totaly happy to start if there is ::1 available on the system. Notably this usually happens with Docker or some systems where AF_INET6 has been intentionally disabled.
In these cases it's imo the operator's responsibility to change the listen line to match their preference, and in dovecot's Docker images, we have changed listen to just * for the docker reason.
It does not require you to have *publicly routable* ipv4 or ipv6, just localhost will suffice.
Setting a default listen address to an address family that you don't know exists on target machines is fine, as long as it's a not-fatal failure if that address family doesn't exist. Admitedly the installation failure I experienced was because of a Debianism, which wants to start the service at install time. I'm not actually sure if the failure was right at the end of the install, or if there were other installation steps after the failure that were aborted. Rather than dig through the install scripts (and out of an abundance of caution) I simply tore out Dovecott, enabled IPv6, and then reinstalled it just to make sure all installation steps were followed.
I can't think of another Linux service anywhere that sets a default
listen to adapters on an address family and then makes it a fatal error
if that family doesn't exist. One shouldn't have to enable an address
family one doesn't use in order to get a service to install properly.
Please either make this a non-fatal error, or by default have Dovecot
not listen on anything and require the user to explicitly set the listen
adapters in the config file. Don't you think that a warning in the
journal is the more appropriate level of response to a default listen
adapter not existing?
Thanks
Hi @Kurt I think For machines without IPv4, the behavior might be similar but for IPv6 addresses. Dovecot generally tries to bind to all specified addresses & if an address is not available or not configured correctly it can cause issue;. I have a few suggestions to handle this you can check Configuration Adjustment Check IPv6 Support Consult Dovecot Documentation You can take Community Feedback
participants (5)
-
Aki Tuomi
-
John Fawcett
-
Kurt Fitzner
-
leoniemeeyr@gmail.com
-
Peter