imap container doesn't support IPv6 clients over proxy-protocol
OdyX opened this issue · comments
Environment & Version
- Version:
2.0
Description
My setup is a front machine with IPv4 & IPv6, with a Haproxy reverse-proxy to the Mailu machine, that only has IPv4:
frontend imap
bind 0.0.0.0:143
bind :::143
mode tcp
option tcplog
default_backend mailu_imap
backend mailu_imap
mode tcp
stick store-request src
stick-table type ip size 200k expire 30m
server flosstools_mailu ipv4@10.9.9.1:143 check send-proxy-v2
frontend imaps
bind 0.0.0.0:993
bind :::993
mode tcp
option tcplog
default_backend mailu_imaps
backend mailu_imaps
mode tcp
stick store-request src
stick-table type ip size 200k expire 30m
server flosstools_mailu ipv4@10.9.9.1:993 check send-proxy-v2
With this setup, when connecting over IPv6 to the front machine, the imap container has this in the logs:
imap_1 | Feb 27 07:31:27 imap-login: Error: haproxy(v1): Client disconnected: Proxied local address is invalid (address=`192.168.203.9', rip=192.168.203.9)
Where as the front container says:
front_1 | 2024/02/27 07:48:07 [error] 15#15: *12099 recv() failed (104: Connection reset by peer) while reading response from upstream, client: 2a02:121e:139e:xxxxx, server: 0.0.0.0:993, login: "xxxxxx", upstream: 192.168.203.5:143
If I comment the bind ::: lines in the haproxy configuration (hence making the haproxy front not listening to IPv6 anymore), errors vanish and my email client just works.
Replication Steps
IPv6 client -> Haproxy reverse proxy with send-proxy-v2 -> Mailu machine in IPv4 -> front container -> imap container.
I have an easy toggle between "works" and "doesn't work", so happy to help debug this further!
That's a known problem that has been addressed in master; you need this patch applied to dovecot
https://git.alpinelinux.org/aports/tree/main/dovecot/submission-proxy-Add-IPV6-prefix-to-IPv6-addresses.patch
...
We do not want to upgrade to a newer version on 2.0
Indeed: ad5b6fe is the commit on master. Thanks for the reference.