[gentoo-user] Local mail server

[gentoo-user] Local mail server

[Peter Humphrey]

Afternoon all,

I'd like to set up a little box to be a local mail server. It would receive 
mails from other machines on the LAN, and it would fetch POP3 mail from my ISP 
and IMAP mail from google mail. KMail on my workstation would then read the 
mails via IMAP. That's all. I might want to add a few extras later, such as 
receiving SMTP mail for a .me domain I own. My present total of emails is 
about 4000.

I used to have a working system on a box that's now deceased [1], but in 
replicating it I'm having difficulty threading my way through the mutually 
inconsistent Gentoo mail server docs, omitting the bits I don't need and 
interpreting the rest. Bits I don't need? Database backend, web-mail access, 
web admin tools, fancy multi-user authorisation, any other baroque complexity.

So I'm asking what systems other people use. I can't be unusual in what I 
want, so there must be lots of solutions out there somewhere. Would anyone 
like to offer me some advice?

1.  Yes, of course I did have backups, but in juggling the media I managed to 
lose them. A world of advice to others: don't grow old.  :)

-- 
Regards,
Peter.

Re: [gentoo-user] Local mail server

[antlists]

On 19/07/2020 15:18, Peter Humphrey wrote:
> So I'm asking what systems other people use. I can't be unusual in what I
> want, so there must be lots of solutions out there somewhere. Would anyone
> like to offer me some advice?

Doing my best to remember my setup ...

Running postfix as my mail server. I never managed to get it working to 
SEND email, so clients had to be configured to send straight to my ISP. 
Don't send to google - it rewrites the headers ...

Used fetchmail to download, until an upgrade/fix/something broke MySQL 
so all my virtual email addresses broke.

Use Courier-IMAP to provide access from clients to the mail store.

I *think* that's all, but I dunno how long my system has been running 
(it hasn't even been updated for a couple of years :-( and apart from 
that MySQL problem it's been running untouched pretty much from day 1.

Cheers,
Wol

Re: [gentoo-user] Local mail server

[Michael]

[-- Attachment #1: Type: text/plain, Size: 1093 bytes --]

On Sunday, 19 July 2020 16:48:29 BST antlists wrote:
> On 19/07/2020 15:18, Peter Humphrey wrote:
> > So I'm asking what systems other people use. I can't be unusual in what I
> > want, so there must be lots of solutions out there somewhere. Would anyone
> > like to offer me some advice?
> 
> Doing my best to remember my setup ...
> 
> Running postfix as my mail server. I never managed to get it working to
> SEND email, so clients had to be configured to send straight to my ISP.
> Don't send to google - it rewrites the headers ...
> 
> Used fetchmail to download, until an upgrade/fix/something broke MySQL
> so all my virtual email addresses broke.
> 
> Use Courier-IMAP to provide access from clients to the mail store.
> 
> I *think* that's all, but I dunno how long my system has been running
> (it hasn't even been updated for a couple of years :-( and apart from
> that MySQL problem it's been running untouched pretty much from day 1.
> 
> Cheers,
> Wol

Notwithstanding a recent security vulnerability net-mail/dovecot may be able 
to do all you want/need from a home mailserver.

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [gentoo-user] Local mail server

[Steven Lembark]

Dovecot works well enough, catch is that it has some security
issues. My fix is to have it run on localhost and ssh tunnel 
local ports into 143 & 25 on the in-house server. At that point
postfix + dovecot work fine for me.


-- 
Steven Lembark
Workhorse Computing
lembark@wrkhors.com
+1 888 359 3508

Re: [gentoo-user] Local mail server

[Petric Frank]

[-- Attachment #1: Type: text/plain, Size: 559 bytes --]

Am Sonntag, 19. Juli 2020, 16:18:32 CEST schrieb Peter Humphrey:
> Afternoon all,
>
> I'd like to set up a little box to be a local mail server. It would receive
> mails from other machines on the LAN, and it would fetch POP3 mail from my
> ISP and IMAP mail from google mail.

For me this was a good starting point:
  https://wiki.gentoo.org/wiki/Complete_Virtual_Mail_Server[1]

I placed a Gentoo VM for this on my Proxmox VM server doing the job.

regards
  Petric


--------
[1] https://wiki.gentoo.org/wiki/Complete_Virtual_Mail_Server

[-- Attachment #2: Type: text/html, Size: 3113 bytes --]

Re: [gentoo-user] Local mail server

[Grant Taylor]

On 7/19/20 8:18 AM, Peter Humphrey wrote:
> Afternoon all,

Hi,

> I'd like to set up a little box to be a local mail server. It would 
> receive mails from other machines on the LAN, and it would fetch 
> POP3 mail from my ISP and IMAP mail from google mail. KMail on my 
> workstation would then read the mails via IMAP. That's all. I might 
> want to add a few extras later, such as receiving SMTP mail for a 
> .me domain I own. My present total of emails is about 4000.

That should be quite possible to do.

IMHO there's not much difference in an internal only and an externally 
accessible mail server as far as the software & configuration that's on 
said server.  The only real difference is what the world thinks of it.

> I used to have a working system on a box that's now deceased 
> [1], but in replicating it I'm having difficulty threading my 
> way through the mutually inconsistent Gentoo mail server docs, 
> omitting the bits I don't need and interpreting the rest. Bits I 
> don't need? Database backend, web-mail access, web admin tools, 
> fancy multi-user authorisation, any other baroque complexity.

There are a LOT of ways to do this.  You need to pick the program that 
you want to use for various functions:

  - SMTP: Sendmail (my preference), Postfix (quite popular), etc.
  - IMAP: Courier (my preference), Dovecot (quite popular), etc.
  - POP3: Courier, Dovecot (?), QPopper (?), etc.
  - LDA: Procmail (my preference), delivermail, etc.

Pick the programs that you want to run, possibly influenced by what they 
do and don't support to find an overlap that works.  E.g. Maildir used 
to be less well supported than it is today.

You have already indicated that you want to use fetchmail (or something 
like it).

> So I'm asking what systems other people use. I can't be unusual in what 
> I want, so there must be lots of solutions out there somewhere. Would 
> anyone like to offer me some advice?

I actually think it's more unusual to want to run an email server that 
doesn't receive email directly from the world vs one that does.  But 
whatever you want.

As others have alluded to, sending email may be tricky, but ultimately 
possible to do.  It will have a LOT to do with what domain name you use, 
and if you have your server smart host through something else.

> 1.  Yes, of course I did have backups, but in juggling the media I 
> managed to lose them. A world of advice to others: don't grow old.  :)

Oops!



-- 
Grant. . . .
unix || die

Re: [gentoo-user] Local mail server

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 830 bytes --]

On Sun, 19 Jul 2020 15:18:32 +0100, Peter Humphrey wrote:

> I used to have a working system on a box that's now deceased [1], but
> in replicating it I'm having difficulty threading my way through the
> mutually inconsistent Gentoo mail server docs, omitting the bits I
> don't need and interpreting the rest. Bits I don't need? Database
> backend, web-mail access, web admin tools, fancy multi-user
> authorisation, any other baroque complexity.

I use Postfix for SMTP, Dovecot for IMAP and getmail to fetch mail from a
POP3 account (other mail is delivered directory to Postfix).

I also use procmail for filtering - although if you already have this set
up in KMail, that should suffice - and dspam for spam filtering.


-- 
Neil Bothwick

Never ask a geek why, just nod your head and slowly back away
 

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [gentoo-user] Local mail server

[Peter Humphrey]

On Monday, 20 July 2020 12:33:50 BST Neil Bothwick wrote:

> I use Postfix for SMTP, Dovecot for IMAP and getmail to fetch mail from a
> POP3 account (other mail is delivered directory to Postfix).

That's what I want to use, except for fetchmail instead of getmail.

I'm taking the suggestions in this thread (thanks), and following the simple 
mail server guide [1]. I've made precisely two changes in main.cf: soft_bounce 
= yes, mynetworks_style = host. Everything else is left at its default.

Postfix starts okay, but when I 'telnet localhost 25' I get this in the log:

fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, 
specify at least one working instance of: reject_unauth_destination, 
defer_unauth_destination, reject, defer, defer_if_permit or 
check_relay_domains

Which of those restrictions do I specify, and where, and why aren't they set 
by default?

> I also use procmail for filtering - although if you already have this set
> up in KMail, that should suffice - and dspam for spam filtering.

Yes, KMail is fine for this, with spamassassin.

1.  https://wiki.gentoo.org/wiki/Postfix

-- 
Regards,
Peter.

Re: [gentoo-user] Local mail server

[antlists]

On 20/07/2020 15:55, Peter Humphrey wrote:
> fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions,
> specify at least one working instance of: reject_unauth_destination,
> defer_unauth_destination, reject, defer, defer_if_permit or
> check_relay_domains
> 
> Which of those restrictions do I specify, and where, and why aren't they set
> by default?

I'm guessing that's because it needs to know what to do with an email ...

The language is odd, but I suspect it's saying "do I relay this message 
and if so how, or do I deliver and and if so how do I know where and to 
who?"

None of these can be known by default...

Cheers,
Wol

Re: [gentoo-user] Local mail server

[Michael Orlitzky]

On 2020-07-20 12:39, antlists wrote:
> On 20/07/2020 15:55, Peter Humphrey wrote:
>> fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions,
>> specify at least one working instance of: reject_unauth_destination,
>> defer_unauth_destination, reject, defer, defer_if_permit or
>> check_relay_domains
>>
>> Which of those restrictions do I specify, and where, and why aren't they set
>> by default?
> 

(I missed the original mail, so I'm replying here.)

If you don't specify one of those restrictions in one of those places,
your mail server is an open relay. Postfix doesn't let you do that.

One of them is set by default; smtpd_relay_restrictions end with
defer_unauth_destination on new installs.

Re: [gentoo-user] Local mail server

[William Kenworthy]

I have used "https://wiki.gentoo.org/wiki/Mailfiltering_Gateway/en" or
variations of for many years - currently on an lxc instance on a low
power arm server.  Handles 1-200 emails (including spam) a day with
potentially up to quite a few thousand.  I am using the configuration
without mysql etc.  My biggest maintenance on it is trying to keep the
permissions correct after upgrades etc., otherwise as the families mail
gateway its quite reliable.

BillK


On 19/7/20 10:18 pm, Peter Humphrey wrote:
> Afternoon all,
>
> I'd like to set up a little box to be a local mail server. It would receive 
> mails from other machines on the LAN, and it would fetch POP3 mail from my ISP 
> and IMAP mail from google mail. KMail on my workstation would then read the 
> mails via IMAP. That's all. I might want to add a few extras later, such as 
> receiving SMTP mail for a .me domain I own. My present total of emails is 
> about 4000.
>
> I used to have a working system on a box that's now deceased [1], but in 
> replicating it I'm having difficulty threading my way through the mutually 
> inconsistent Gentoo mail server docs, omitting the bits I don't need and 
> interpreting the rest. Bits I don't need? Database backend, web-mail access, 
> web admin tools, fancy multi-user authorisation, any other baroque complexity.
>
> So I'm asking what systems other people use. I can't be unusual in what I 
> want, so there must be lots of solutions out there somewhere. Would anyone 
> like to offer me some advice?
>
> 1.  Yes, of course I did have backups, but in juggling the media I managed to 
> lose them. A world of advice to others: don't grow old.  :)
>

Re: [gentoo-user] Local mail server

[Peter Humphrey]

On Monday, 20 July 2020 18:25:28 BST Michael Orlitzky wrote:
> On 2020-07-20 12:39, antlists wrote:
> > On 20/07/2020 15:55, Peter Humphrey wrote:
> >> fatal: in parameter smtpd_relay_restrictions or
> >> smtpd_recipient_restrictions, specify at least one working instance of:
> >> reject_unauth_destination, defer_unauth_destination, reject, defer,
> >> defer_if_permit or check_relay_domains
--->8
> If you don't specify one of those restrictions in one of those places,
> your mail server is an open relay. Postfix doesn't let you do that.
> 
> One of them is set by default; smtpd_relay_restrictions end with
> defer_unauth_destination on new installs.

That command doesn't appear in my main.cf.

I ended up adding the following to main.cf:

-------
# Allow connections from trusted networks only.
smtpd_client_restrictions = permit_mynetworks, reject

# Don't talk to mail systems that don't know their own hostname.
smtpd_helo_restrictions = reject_unknown_helo_hostname

# Don't accept mail from domains that don't exist.
smtpd_sender_restrictions = reject_unknown_sender_domain

smtpd_recipient_restrictions = permit_mynetworks,
    permit_sasl_authenticated,

smtpd_relay_restrictions = permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination

# Block clients that speak too early.
smtpd_data_restrictions = reject_unauth_pipelining

-------

Those came from http://www.postfix.org/SMTPD_ACCESS_README.html.

I don't know what use the page https://wiki.gentoo.org/wiki/Postfix is: it 
hasn't helped me at all.

As usual, though, the kind people on this list certainly have! Thank you all.

-- 
Regards,
Peter.

Re: [gentoo-user] Local mail server

[Peter Humphrey]

On Sunday, 19 July 2020 15:18:32 BST I wrote:

<snipped>

I think I'm nearly there, but still one config problem eludes me.

The setup is fetchmail > postfix > dovecot.

Postfix is trying to deliver some mail (not all) to me@this-workstation instead 
of to its own machine, and I can't see why. I've tried a couple of relay-host 
settings, but then I just get "warning: relayhost configuration problem" in the 
log, so relay-host is now back to its default value.

Here's an excerpt from main.cf:

myhostname = serv.<my.local.domain>
mydomain = <my.local.domain>
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

I've tried omitting $mydomain from that last line, but it didn't help.

Can anyone see what I'm missing? (More of main.cf if needed.)

-- 
Regards,
Peter.

Re: [gentoo-user] Local mail server

[james]

On 7/25/20 8:09 AM, Peter Humphrey wrote:
> On Sunday, 19 July 2020 15:18:32 BST I wrote:
> 
> <snipped>
> 
> I think I'm nearly there, but still one config problem eludes me.
> 
> The setup is fetchmail > postfix > dovecot.
> 
> Postfix is trying to deliver some mail (not all) to me@this-workstation instead
> of to its own machine, and I can't see why. I've tried a couple of relay-host
> settings, but then I just get "warning: relayhost configuration problem" in the
> log, so relay-host is now back to its default value.
> 
> Here's an excerpt from main.cf:
> 
> myhostname = serv.<my.local.domain>
> mydomain = <my.local.domain>
> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
> 
> I've tried omitting $mydomain from that last line, but it didn't help.
> 
> Can anyone see what I'm missing? (More of main.cf if needed.)

Hello Peter,

I just ran across this document. I hope you find it relevant to your 
mail issues.


https://bridge.grumpy-troll.org/2020/07/small-mailserver-bcp/

Small Mailserver Best Current Practices


James

Re: [gentoo-user] Local mail server

[Peter Humphrey]

On Monday, 27 July 2020 22:10:59 BST james wrote:

> I just ran across this document. I hope you find it relevant to your
> mail issues.
> 
> https://bridge.grumpy-troll.org/2020/07/small-mailserver-bcp/
> 
> Small Mailserver Best Current Practices

Thank you James.

I seem to have fixed my problem by removing the specific addresses from 
mynetworks and setting mynetworkstyle = subnet.

That doesn't make sense to me, but hey-ho.

-- 
Regards,
Peter.

Re: [gentoo-user] Local mail server

[james]

On 7/28/20 4:23 AM, Peter Humphrey wrote:
> On Monday, 27 July 2020 22:10:59 BST james wrote:
> 
>> I just ran across this document. I hope you find it relevant to your
>> mail issues.
>>
>> https://bridge.grumpy-troll.org/2020/07/small-mailserver-bcp/
>>
>> Small Mailserver Best Current Practices
> 
> Thank you James.
> 
> I seem to have fixed my problem by removing the specific addresses from
> mynetworks and setting mynetworkstyle = subnet.
> 
> That doesn't make sense to me, but hey-ho.
> 


Good news.

But I'm still looking for that complete list of (gentoo ebuild) codes to 
run on top of 2-4 stems, for a small, but feature rich solution for

(2) DNS resolvers, (?) mail-servers for a robust mail system that "I" 
admin, and (1) internet facing web server and (1) internal only facing 
or limited outward facing Web server for development and security based 
testing. Static IP are basically $5/month from my ISP.

So this is a point of curiosity for you or anyone with such a setup; but 
only what they wish to reveal publically. A private disclosure, and 
howto is ok too,
and I'll respect your privacy of such detail.

Eventually, when the Rasp.Pi_4 can map or at least utilize 16G of ram, I 
want to move the entire operation to Rp4s.  Then I can have one setup 
stationary, and one mobile in my RV. The thought is the RF (pseudo) 
statics are dominate, unless I travel to an area in the US, that does 
not have connectivity for a mobile rig.

Anyone is encouraged, publically or privately, to make suggestions. 
Eventually, the choices and basic instruction should make it to a web 
page document.

If several folks go down this pathway, then the security and security 
testing semantics, to ensure it is robustly safe, could be well 
documents, via a group effort. So all can benefit and stay safe. Adding 
a secure version of Slack, to these stacks, would be pretty cool too.

After all, such a setup would be sweet, and allow for for travel and 
still be in charge of all of your resources.

Re: [gentoo-user] Local mail server

[Wols Lists]

On 28/07/20 16:01, james wrote:
> (2) DNS resolvers, (?) mail-servers for a robust mail system that "I"
> admin, and (1) internet facing web server and (1) internal only facing
> or limited outward facing Web server for development and security based
> testing. Static IP are basically $5/month from my ISP.

Do you really want to pay for a static IP? I'd go IPv6 instead.

I learnt my v4 in the days of 10-base-2, and I'd really love to update
to punching holes in a v6 router. Limited risk, and no worries about
static IPs, NATing, all that legacy stuff ... :-)

Cheers,
Wol

Re: [gentoo-user] Local mail server

[james]

On 7/28/20 12:05 PM, Wols Lists wrote:
> On 28/07/20 16:01, james wrote:
>> (2) DNS resolvers, (?) mail-servers for a robust mail system that "I"
>> admin, and (1) internet facing web server and (1) internal only facing
>> or limited outward facing Web server for development and security based
>> testing. Static IP are basically $5/month from my ISP.
> 
> Do you really want to pay for a static IP? I'd go IPv6 instead.
> 
> I learnt my v4 in the days of 10-base-2, and I'd really love to update
> to punching holes in a v6 router. Limited risk, and no worries about
> static IPs, NATing, all that legacy stuff ... :-)
> 
> Cheers,
> Wol
> 


It's the bandwidth provider's policy. Static IPs (4 or 6) requires a 
monthly fee. If you know a way around this, with full privileges one 
gets with static IP addresses, I'm all ears.....?

I do not want some limited/dysfunctional solution. I want/need the full 
ability of what static IPs addresses bring. (all ports open etc).

I am curious about your details via IPv6 and static (permanently 
assigned ) addresses.

James

Re: [gentoo-user] Local mail server

[Grant Taylor]

On 7/28/20 5:18 PM, james wrote:
> If you know a way around this, with full privileges one gets with static 
> IP addresses, I'm all ears.....?

A hack that I see used is to pick up a small VPS for a nominal monthly 
fee and establish a VPN to it.  Have it's IP (and ports) directed 
through the VPN to your local system.  You get just about everything, 
save for what's specifically needed for the VPN.



-- 
Grant. . . .
unix || die

Re: [gentoo-user] Local mail server

[Wols Lists]

On 29/07/20 00:18, james wrote:
> It's the bandwidth provider's policy. Static IPs (4 or 6) requires a
> monthly fee. If you know a way around this, with full privileges one
> gets with static IP addresses, I'm all ears.....?

????? I can understand a fee for a static IP4 - they've run out, after
all, and people are fighting over them ...

Don't ISPs get a 2^64 allocation of IP6 *network* addresses? They should
just allocate one to your router and that's that! Still, I wouldn't put
it past them to charge extra for what should be free.
> 
> I do not want some limited/dysfunctional solution. I want/need the full
> ability of what static IPs addresses bring. (all ports open etc).

That's not what a static IP brings, that's what a "globally known" IP
brings - if your router advertises its address to something like dyndns
every time it starts, you'll have the same result. Snag is, that's a
chargeable subscription, I believe.
> 
> I am curious about your details via IPv6 and static (permanently
> assigned ) addresses.

That's why I need to dig and investigate :-) My first ISP in the days of
dial-up allocated a static IP as a matter of course. Not only was it
useful to use, it suited them because customers could only use it on one
computer at a time otherwise routing got screwed up :-)

Then we went to broadband, and in effect it was static because the
modem/router was always on ...


It'll be interesting digging through all this. Just try and make sure
you use your router as a firewall. I think my router drops all incoming
connections BY DEFAULT. But I can open up any port I want, either to
re-route to an internal computer or just pass through to it.

My first investigations would be (1) how do I advertise my router's
network address on dyndns, and (2) once the outside world knows my IP,
how do I let stuff through my router/firewall.

Cheers,
Wol

[gentoo-user] Re: Local mail server

[Grant Edwards]

On 2020-07-29, Wols Lists <antlists@youngman.org.uk> wrote:

> ????? I can understand a fee for a static IP4 - they've run out,
> after all, and people are fighting over them ...
>
> Don't ISPs get a 2^64 allocation of IP6 *network* addresses? They
> should just allocate one to your router and that's that! Still, I
> wouldn't put it past them to charge extra for what should be free.

Pricing isn't based on cost.  Pricing is based on what people are
willing to pay.  People are willing to pay extra for a static IPv6
address, therefore static IPv6 addresses cost extra.

--
Grant

Re: [gentoo-user] Re: Local mail server

[Peter Humphrey]

On Wednesday, 29 July 2020 13:59:11 BST Grant Edwards wrote:

> Pricing isn't based on cost.  Pricing is based on what people are
> willing to pay.  People are willing to pay extra for a static IPv6
> address, therefore static IPv6 addresses cost extra.

Aren't all IPv6 addresses static? Mine certainly are.

-- 
Regards,
Peter.

Re: [gentoo-user] Re: Local mail server

[antlists]

On 29/07/2020 16:41, Peter Humphrey wrote:
> On Wednesday, 29 July 2020 13:59:11 BST Grant Edwards wrote:
> 
>> Pricing isn't based on cost.  Pricing is based on what people are
>> willing to pay.  People are willing to pay extra for a static IPv6
>> address, therefore static IPv6 addresses cost extra.
> 
> Aren't all IPv6 addresses static? Mine certainly are.
> 
I think there's static, and there's effectively static.

If your router is running 24/7, then the IP won't change even if it's 
DHCP. But your router only needs to be switched off or otherwise off the 
network for the TTL (time to live), and DHCP will assign you a different 
IP when it comes back.

That's server-side configuration, so if the ISP doesn't elicitly 
allocate you an address in their DHCP setup, what you've got is 
effectively static not really static.

But it really should be so damn simple - take the ISP's network address, 
add the last three octets of the customer's router or something like 
that, and there's the customer's network v6 assigned to the customer's 
router. One fixed address that won't change unless the customer changes 
router or ISP.

I need to learn how v6 works ... :-)

Cheers,
Wol

Re: [gentoo-user] Re: Local mail server

[Peter Humphrey]

On Wednesday, 29 July 2020 16:55:27 BST antlists wrote:

> I think there's static, and there's effectively static.
> 
> If your router is running 24/7, then the IP won't change even if it's
> DHCP. But your router only needs to be switched off or otherwise off the
> network for the TTL (time to live), and DHCP will assign you a different
> IP when it comes back.

My ISP confirms that my addresses are static. Both IPv4 and IPv6. I don't pay 
extra for static addresses, though I did have to request a v4 one some years 
ago to avoid being blocked from this mail list.

> That's server-side configuration, so if the ISP doesn't elicitly
> allocate you an address in their DHCP setup, what you've got is
> effectively static not really static.
> 
> But it really should be so damn simple - take the ISP's network address,
> add the last three octets of the customer's router or something like
> that, and there's the customer's network v6 assigned to the customer's
> router. One fixed address that won't change unless the customer changes
> router or ISP.

I don't recognise anything like that pattern in my addresses.

> I need to learn how v6 works ... :-)

Me too. I thought I was set up right, but I now doubt it.

-- 
Regards,
Peter.

[gentoo-user] Re: Local mail server

[Grant Edwards]

On 2020-07-29, Peter Humphrey <peter@prh.myzen.co.uk> wrote:
> On Wednesday, 29 July 2020 13:59:11 BST Grant Edwards wrote:
>
>> Pricing isn't based on cost.  Pricing is based on what people are
>> willing to pay.  People are willing to pay extra for a static IPv6
>> address, therefore static IPv6 addresses cost extra.
>
> Aren't all IPv6 addresses static?

I don't know what most ISPs are doing.  I couldn't get IPv6 via
Comcast (or whatever they're called this week) working with OpenWRT
(probably my fault, and I didn't really need it). So I never figured
out if the IPv6 address I was getting was static or not.

There is DHPCv6 (I've implemented it), but I have no idea if anybody
actually uses it.  Even if they are using DHCPv6, they can be using it
to hand out static addresses.

> Mine certainly are.

The assumption always seemed to be that switching to IPv6 meant the
end of NAT and the end of dynamic addresses.

--
Grant

Re: [gentoo-user] Re: Local mail server

[Ralph Seichter]

* Grant Edwards:

> Pricing is based on what people are willing to pay. People are willing
> to pay extra for a static IPv6 address, therefore static IPv6
> addresses cost extra.

Somewhere, and some people. I'd be interested to hear from users who
still need to pay extra for IPv6. Here in Germany IPv6 usually comes at
not extra cost (I write "usually" because I don't know every single ISP
here; some only operate in a particular city.)

-Ralph

Re: [gentoo-user] Re: Local mail server

[Grant Taylor]

On 7/29/20 9:41 AM, Peter Humphrey wrote:
> Aren't all IPv6 addresses static?

No.

SLAAC and DHCPv6 are as dynamic as can be.

Static is certainly an option.  But I see SLAAC and DHCPv6 used frequently.



-- 
Grant. . . .
unix || die

Re: [gentoo-user] Re: Local mail server

[Grant Taylor]

On 7/29/20 1:28 PM, Grant Edwards wrote:
> I don't know what most ISPs are doing.  I couldn't get IPv6 via 
> Comcast (or whatever they're called this week) working with OpenWRT 
> (probably my fault, and I didn't really need it). So I never figured 
> out if the IPv6 address I was getting was static or not.

Ya....  That was probably a DHCPv6 for outside vs DHCPv6 Provider 
Delegation (PD) issue.  I remember running into that with Comcast.  I 
think for a while, they were mutually exclusive on Comcast.

> There is DHPCv6 (I've implemented it), but I have no idea if anybody 
> actually uses it.  Even if they are using DHCPv6, they can be using 
> it to hand out static addresses.

I've seen DHCPv6 used many times.  It can be stateless (in combination 
with SLAAC to manage the address) or stateful (where DHCPv6 manages the 
address).  Either way, there is a LOT more information that can be 
specified with DHCPv6 that simple SLAAC doesn't provide.  For a long 
time you couldn't dynamically determine DNS server IP addresses without 
DHCPv6 or static configuration.

> The assumption always seemed to be that switching to IPv6 meant the 
> end of NAT

That's what the IPv6 Zealots want you to think.

> and the end of dynamic addresses.

Nope, not at all.



-- 
Grant. . . .
unix || die

Re: [gentoo-user] Re: Local mail server

[Grant Taylor]

On 7/30/20 5:38 PM, Ralph Seichter wrote:
> I'd be interested to hear from users who still need to pay extra 
> for IPv6.

I'd be willing, if not happy, to pay a reasonable monthly fee to be able 
to get native IPv6 from my ISP.

But it's 2020 and my ISP doesn't support IPv6 at all.  :-(

As such, I use a tunnel for IPv6.



-- 
Grant. . . .
unix || die

[gentoo-user] Re: Local mail server

[Grant Edwards]

On 2020-07-31, Grant Taylor <gtaylor@gentoo.tnetconsulting.net> wrote:
> On 7/29/20 5:23 PM, james wrote:
>> Free static IPs?
>
> Sure.
>
> Sign up with Hurricane Electric for an IPv6 in IPv4 tunnel and request 
> that they route a /56 to you.  It's free.  #hazFun

If I had a week with nothing to do, I'd love to try to get something
like that working -- but, I assume you need a static IPv4 address.

--
Grant

[gentoo-user] Re: Local mail server

[Grant Edwards]

On 2020-07-31, Grant Taylor <gtaylor@gentoo.tnetconsulting.net> wrote:
> On 7/30/20 5:38 PM, Ralph Seichter wrote:
>> I'd be interested to hear from users who still need to pay extra 
>> for IPv6.
>
> I'd be willing, if not happy, to pay a reasonable monthly fee to be able 
> to get native IPv6 from my ISP.
>
> But it's 2020 and my ISP doesn't support IPv6 at all.  :-(

Some posts back, somebody mentioned what a "half way decent
datacenter" would do (or something like that).  There may be half way
decent ISPs in the US, but I haven't seen one in over 20 years since
the last one I was aware of stopped dealing with residential
customers.  They were a victem of the "race to the bottom" when not
enough residential customers were willing to pay $10 per month over
what Comcast or US-West was charging for half-assed, crippled internet
access).

--
Grant

[gentoo-user] Re: Local mail server

[Grant Edwards]

On 2020-07-31, Grant Taylor <gtaylor@gentoo.tnetconsulting.net> wrote:
> On 7/29/20 9:41 AM, Peter Humphrey wrote:
>> Aren't all IPv6 addresses static?
>
> No.
>
> SLAAC and DHCPv6 are as dynamic as can be.

Nit: DHCPv6 can be (and usually is) dynamic, but it doesn't have to
be. It's entirely possible to have a static IP address that your OS
(or firewall/router) acquires via DHCPv6 (or v4).  [I set up stuff
like that all the time.]

--
Grant

Re: [gentoo-user] Re: Local mail server

[Daniel Frey]

On 7/30/20 4:38 PM, Ralph Seichter wrote:
> * Grant Edwards:
> 
>> Pricing is based on what people are willing to pay. People are willing
>> to pay extra for a static IPv6 address, therefore static IPv6
>> addresses cost extra.
> 
> Somewhere, and some people. I'd be interested to hear from users who
> still need to pay extra for IPv6. Here in Germany IPv6 usually comes at
> not extra cost (I write "usually" because I don't know every single ISP
> here; some only operate in a particular city.)
> 
> -Ralph
> 

For where I am, if you need a static IPv4 address (which I do) IPv6 is 
not available at all from my ISP... it's not a matter of paying.

Dan

Re: [gentoo-user] Re: Local mail server

[Grant Taylor]

On 7/31/20 1:54 PM, Grant Edwards wrote:
> If I had a week with nothing to do, I'd love to try to get something 
> like that working

You don't need a week.  You don't even need a day.  You can probably 
have a test tunnel working (on your computer) in less than an hour. 
Then maybe a few more hours to get it to work on your existing equipment 
(router) robustly and automatically on reboot.

I encourage you to spend that initial hour.  I think  you will find that 
will be time well spent.

Hurricane Electric does have something else that will take more time, 
maybe a few minutes a day over a month or so.  Their IPv6 training 
program (I last looked a number of years ago) is a good introduction to 
IPv6 in general.  Once you complete it, they'll even send you a shirt as 
a nice perk.

Note:  H.E. IPv6 training is independent and not required for their 
IPv6-in-IPv4 tunnel service.

> but, I assume you need a static IPv4 address.

Nope.  Not really.

You do need a predictable IPv4 address.  I'm using a H.E. tunnel on a 
sticky IP (DHCP with long lease and renewals) perfectly fine.

If your IP does change, you just need to update the tunnel or create a 
new one to replace the old one.  This is all manged through their web 
interface.



-- 
Grant. . . .
unix || die

Re: [gentoo-user] Re: Local mail server

[Grant Taylor]

On 7/31/20 2:05 PM, Grant Edwards wrote:
> Nit: DHCPv6 can be (and usually is) dynamic, but it doesn't have to 
> be. It's entirely possible to have a static IP address that your OS 
> (or firewall/router) acquires via DHCPv6 (or v4).  [I set up stuff 
> like that all the time.]

Counter Nit:  That's still acquiring an address via /Dynamic/ Host 
Configuration Protocol (v6).  It /is/ a /dynamic/ process.

Static IP address has some very specific meaning when it comes to 
configuring TCP/IP stacks.  Specifically that you enter the address to 
be used, and it doesn't change until someone changes it in the 
configuration.

Either an IP address is statically entered -or- it's dynamic.

The fact that it's returning the same, possibly predictable, address is 
independent of the fact that it's a /dynamic/ process.



-- 
Grant. . . .
unix || die

Re: [gentoo-user] Re: Local mail server

[Grant Taylor]

On 7/31/20 2:01 PM, Grant Edwards wrote:
> There may be half way decent ISPs in the US, but I haven't seen one 
> in over 20 years since the last one I was aware of stopped dealing 
> with residential customers.  They were a victem of the "race to the 
> bottom" when not enough residential customers were willing to pay $10 
> per month over what Comcast or US-West was charging for half-assed, 
> crippled internet access).

I think there is probably a good correlation between size and desire to 
be good and provide service.

I've found that smaller ISPs (who actually try as opposed to cheating 
people) tend to be better.  Sadly, many of these Mom & Pop type ISPs 
were consumed during the aptly described race to the bottom.

:-(

I still do consulting work with a small M&P ISP in my home town and I 
have a small municipal ISP where I am now.  Both are quite good in many 
regards.  Unfortunately, neither of them offer IPv6.



-- 
Grant. . . .
unix || die

Re: [gentoo-user] Re: Local mail server

[antlists]

On 01/08/2020 19:48, Grant Taylor wrote:
> On 7/31/20 2:05 PM, Grant Edwards wrote:
>> Nit: DHCPv6 can be (and usually is) dynamic, but it doesn't have to 
>> be. It's entirely possible to have a static IP address that your OS 
>> (or firewall/router) acquires via DHCPv6 (or v4).  [I set up stuff 
>> like that all the time.]
> 
> Counter Nit:  That's still acquiring an address via /Dynamic/ Host 
> Configuration Protocol (v6).  It /is/ a /dynamic/ process.
> 
> Static IP address has some very specific meaning when it comes to 
> configuring TCP/IP stacks.  Specifically that you enter the address to 
> be used, and it doesn't change until someone changes it in the 
> configuration.
> 
> Either an IP address is statically entered -or- it's dynamic.
> 
> The fact that it's returning the same, possibly predictable, address is 
> independent of the fact that it's a /dynamic/ process.
> 
Counter counter nit: You may be *acquiring* it dynamically, but you can 
enter the address to be used into DHCP, and then it doesn't change until 
someone changes it in the configuration.

That was my IPv4 in the Demon days - DHCP was *guaranteed* to *always* 
return the same address. So either I retrieved it via DHCP from Demon, 
or I hard coded it into my computer, it didn't matter.

Cheers,
Wol

Re: [gentoo-user] Re: Local mail server

[antlists]

On 01/08/2020 19:52, Grant Taylor wrote:
> On 7/31/20 2:01 PM, Grant Edwards wrote:
>> There may be half way decent ISPs in the US, but I haven't seen one in 
>> over 20 years since the last one I was aware of stopped dealing with 
>> residential customers.  They were a victem of the "race to the bottom" 
>> when not enough residential customers were willing to pay $10 per 
>> month over what Comcast or US-West was charging for half-assed, 
>> crippled internet access).
> 
> I think there is probably a good correlation between size and desire to 
> be good and provide service.
> 
> I've found that smaller ISPs (who actually try as opposed to cheating 
> people) tend to be better.  Sadly, many of these Mom & Pop type ISPs 
> were consumed during the aptly described race to the bottom.
> 
> :-(
> 
> I still do consulting work with a small M&P ISP in my home town and I 
> have a small municipal ISP where I am now.  Both are quite good in many 
> regards.  Unfortunately, neither of them offer IPv6.
> 
That's one of the good things about the UK scene. In theory, and mostly 
in practice, the infrastructure (ie copper, fibre) is provided by a 
company which is not allowed to provide the service over it, so a 
mom-n-pop ISP can supposedly rent the link just as easily as a big ISP.

When we move I'll almost certainly move to Andrews and Arnold, who are 
exactly that mom-n-pop setup that are run by a bunch of engineers, as 
opposed to accountants.

Cheers,
Wol

[gentoo-user] Re: Local mail server

[Grant Edwards]

On 2020-08-01, Grant Taylor <gtaylor@gentoo.tnetconsulting.net> wrote:

> Static IP address has some very specific meaning when it comes to 
> configuring TCP/IP stacks.  Specifically that you enter the address to 
> be used, and it doesn't change until someone changes it in the 
> configuration.

Right.  That's what I was talking about, except the configuration is
centralized in the DHCP Server.

> Either an IP address is statically entered -or- it's dynamic.

Statically entered in the DHCP server doesn't count as static?

--
Grant

Re: [gentoo-user] Re: Local mail server

[Grant Taylor]

On 8/1/20 5:36 PM, Grant Edwards wrote:
> Statically entered in the DHCP server doesn't count as static?

Not to the client computer that's running the DHCP client.

The computer is still configured to use a dynamic method to acquire it's 
IP address.



-- 
Grant. . . .
unix || die

Re: [gentoo-user] Re: Local mail server

[Grant Taylor]

On 8/1/20 1:53 PM, antlists wrote:
> That's one of the good things about the UK scene. In theory, and mostly 
> in practice, the infrastructure (ie copper, fibre) is provided by a 
> company which is not allowed to provide the service over it, so a 
> mom-n-pop ISP can supposedly rent the link just as easily as a big ISP.

For a long time, the incumbent telephone carrier was required to allow 
other companies to access the DSL network and provide service.

I've not kept up with the laws and have no idea of the current state.

> When we move I'll almost certainly move to Andrews and Arnold, who are 
> exactly that mom-n-pop setup that are run by a bunch of engineers, as 
> opposed to accountants.

:-)



-- 
Grant. . . .
unix || die

Re: [gentoo-user] Re: Local mail server

[james]

On 8/1/20 2:45 PM, Grant Taylor wrote:
> On 7/31/20 1:54 PM, Grant Edwards wrote:
>> If I had a week with nothing to do, I'd love to try to get something 
>> like that working
> 
> You don't need a week.� You don't even need a day.� You can probably 
> have a test tunnel working (on your computer) in less than an hour. Then 
> maybe a few more hours to get it to work on your existing equipment 
> (router) robustly and automatically on reboot.
> 
> I encourage you to spend that initial hour.� I think� you will find that 
> will be time well spent.
> 
> Hurricane Electric does have something else that will take more time, 
> maybe a few minutes a day over a month or so.� Their IPv6 training 
> program (I last looked a number of years ago) is a good introduction to 
> IPv6 in general.� Once you complete it, they'll even send you a shirt as 
> a nice perk.
> 
> Note:� H.E. IPv6 training is independent and not required for their 
> IPv6-in-IPv4 tunnel service.
> 
>> but, I assume you need a static IPv4 address.
> 
> Nope.� Not really.
> 
> You do need a predictable IPv4 address.� I'm using a H.E. tunnel on a 
> sticky IP (DHCP with long lease and renewals) perfectly fine.
> 
> If your IP does change, you just need to update the tunnel or create a 
> new one to replace the old one.� This is all manged through their web 
> interface.
> 
> 
> 

Here is an short read on the acceptance and usage of IPv6:

https://ungleich.ch/u/blog/2020-the-year-of-ipv6/

So, yes I am working on using IPv6, with my RV/mobile-lab.

hth,
Jams

Re: [gentoo-user] Re: Local mail server

[Grant Taylor]

On 8/7/20 2:06 PM, james wrote:
> Here is an short read on the acceptance and usage of IPv6:
> 
> https://ungleich.ch/u/blog/2020-the-year-of-ipv6/
> 
> So, yes I am working on using IPv6, with my RV/mobile-lab.

I think that IPv6 is a good thing.

But I would be remis to not say that IPv6 is somewhat of a black sheep 
in the email administrators community.

You still effectively must have IPv4 connectivity to your email server, 
lest a non-trivial percentage of email fail to flow.

I also know of a number of email administrators that are specifically 
dragging their feet regarding IPv6 because there hasn't yet been 
critical mass use of IPv6 /for/ /email/.

In fact, some of the early IPv6 adopters for email are spammers.  So 
some administrators stim this tide by being exclusively IPv4.

I think dual stack for email servers is great.  (Deal with the spam.) 
But being exclusively IPv6 on an email server is going to be problematic.

I'm focusing on email servers because that's what this thread had 
largely been about.



-- 
Grant. . . .
unix || die