On 9/4/23 12:36, Michael Peddemors wrote:
However, I 'get' this persons' opinion, from a developers perspective.
The system should either run, or provide a clear reason why it didn't
startup (that reason could be .. You have selected * but IPv6 is not
available). Doesn't really matter what the dependency is, whether a
missing package, or a service not responding, there should be sane
checks, and turning off IPv6 is probably a lot more popular than you
think, given the increased attack vector and other observed issues.
But of course, the listen directive can easily be modified. Just harder
for newbies looking for an 'out of the box' solution.
The following is in my /etc/dovecot/dovecot.conf file. Ubuntu 22, using
the official dovecot APT repo:
# A comma separated list of IPs or hosts where to listen in for
connections.
# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
# If you want to specify non-default ports or anything more complex,
# edit conf.d/master.conf.
listen = *
My dovecot (version 2:2.3.20-3+ubuntu20.04) works just fine. I have
IPv6 completely disabled on the server.
The comment in my config file indicates that * should be all available
IPv4 interfaces, which contradicts what you said above. Maybe on my
version the comment is right and for newer versions it isn't?
I have found a bunch of software that will refuse to run if IPv6 is
disabled unless configured explicitly to use v4 and disable v6. I find
this trend disturbing. In one case (atftpd) it took me a very long time
to determine that the lack of an IPv6 interface was the cause for the
program not starting. Once I figured that out, I just added "--ipv4" to
the /etc/default/atftpd file and it started working.
Even if * really means "all interfaces" and not "all IPv4 interfaces" as
the comment indicates ... if no IPv6 interfaces are found, dovecot
should proceed with the interfaces it finds, not fail when none of those
interfaces have IPv6 addressing.
To the OP: Was it obvious in logs that IPv6 was the problem? In a lot
of cases programs that refuse to start without IPv6 being available will
do so silently. It's the silently part that's the real problem with
this trend.
Thanks,
Shawn
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
