Zimbra IPV6 pop/imap Dont Work[SOLVED]

[Carlos A. P. Cunha]

It has Zimbra server 8.7.1, in CentOS 7.
It has in this server IPV4 and IPV6, my problem is that with IPV6 services of pop3 / imap are not starting, in IPV4 everything is OK.

Performed:
zmprov ms `zmhostname` zimbraIPMode both
zmprov modifyConfig `zmhostname` zimbraIPMod both
/opt/zimbra/libexec/zmiptool
zmcontrol restart


More data follows:

netstat -nltp|grep -w tcp

IPV4:
tcp 0 0 127.0.0.1:10026 0.0.0.0:* OUÇA 21450/amavisd (mast
tcp 0 0 0.0.0.0:587 0.0.0.0:* OUÇA 22289/master
tcp 0 0 0.0.0.0:11211 0.0.0.0:* OUÇA 21328/memcached
tcp 0 0 127.0.0.1:3310 0.0.0.0:* OUÇA 21858/clamd
tcp 0 0 0.0.0.0:110 0.0.0.0:* OUÇA 21346/nginx: master
tcp 0 0 0.0.0.0:143 0.0.0.0:* OUÇA 21346/nginx: master
tcp 0 0 127.0.0.1:10032 0.0.0.0:* OUÇA 21450/amavisd (mast
tcp 0 0 0.0.0.0:80 0.0.0.0:* OUÇA 21346/nginx: master
tcp 0 0 0.0.0.0:465 0.0.0.0:* OUÇA 22289/master
tcp 0 0 0.0.0.0:22 0.0.0.0:* OUÇA 785/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* OUÇA 22289/master
tcp 0 0 0.0.0.0:443 0.0.0.0:* OUÇA 21346/nginx: master
tcp 0 0 127.0.0.1:23232 0.0.0.0:* OUÇA 21371/perl
tcp 0 0 127.0.0.1:23233 0.0.0.0:* OUÇA 21373/perl
tcp 0 0 0.0.0.0:993 0.0.0.0:* OUÇA 21346/nginx: master
tcp 0 0 0.0.0.0:995 0.0.0.0:* OUÇA 21346/nginx: master
tcp 0 0 MY-IP:389 0.0.0.0:* OUÇA 18781/slapd
tcp 0 0 127.0.0.1:10663 0.0.0.0:* OUÇA 20217/zmlogger: zmr
tcp 0 0 127.0.0.1:10024 0.0.0.0:* OUÇA 21450/amavisd (mast

IPV6:

netstat -nltp|grep -w tcp6

tcp6 0 0 ::1:10026 :::* OUÇA 21450/amavisd (mast
tcp6 0 0 ::1:7306 :::* OUÇA 20215/mysqld
tcp6 0 0 ::1:10027 :::* OUÇA 22289/master
tcp6 0 0 :::587 :::* OUÇA 22289/master
tcp6 0 0 :::11211 :::* OUÇA 21328/memcached
tcp6 0 0 ::1:10028 :::* OUÇA 22289/master
tcp6 0 0 ::1:10029 :::* OUÇA 22289/master
tcp6 0 0 ::1:10030 :::* OUÇA 22289/master
tcp6 0 0 ::1:3310 :::* OUÇA 21858/clamd
tcp6 0 0 ::1:10032 :::* OUÇA 21450/amavisd (mast
tcp6 0 0 127.0.0.1:8080 :::* OUÇA 20318/java
tcp6 0 0 :::465 :::* OUÇA 22289/master
tcp6 0 0 ::1:8465 :::* OUÇA 22058/opendkim
tcp6 0 0 :::7025 :::* OUÇA 20318/java
tcp6 0 0 :::22 :::* OUÇA 785/sshd
tcp6 0 0 :::25 :::* OUÇA 22289/master
tcp6 0 0 :::7993 :::* OUÇA 20318/java
tcp6 0 0 :::7995 :::* OUÇA 20318/java
tcp6 0 0 :::8443 :::* OUÇA 20318/java
tcp6 0 0 :::7071 :::* OUÇA 20318/java
tcp6 0 0 :::7072 :::* OUÇA 20318/java
tcp6 0 0 :::7073 :::* OUÇA 20318/java
tcp6 0 0 ::1:7171 :::* OUÇA 18801/java
tcp6 0 0 :::7780 :::* OUÇA 22088/httpd
tcp6 0 0 MY-IP:389 :::* OUÇA 18781/slapd
tcp6 0 0 :::7110 :::* OUÇA 20318/java
tcp6 0 0 :::7143 :::* OUÇA 20318/java
tcp6 0 0 ::1:10024 :::* OUÇA 21450/amavisd (mast
tcp6 0 0 ::1:10025 :::* OUÇA 22289/master

---

Config zimbraIPMod

zmprov -gacf|grep -i zimbraIPMod
zimbraIPMode: both

zmprov -gs `zmhostname`|grep -i zimbraIPMod
zimbraIPMode: both

Any idea how to make pop / imap start in ipv6?
Thanks

[Carlos A. P. Cunha]

Hello guys
Any idea ?

Regards

[Carlos A. P. Cunha]

Hello guys
Any idea ?

Regards

[DualBoot]

It seems that Nginx does not listen on Ipv6.
Maybe you can give a try with zimbraIpMode Ipv6 only.
Reconfigure the nginx and restart it to see if it make any changes.

[Carlos A. P. Cunha]

It seems that Nginx does not listen on Ipv6.
Maybe you can give a try with zimbraIpMode Ipv6 only.
Reconfigure the nginx and restart it to see if it make any changes.

Thanks for the reply.
I tried to leave only ipv6, the result was the same, the services that were in ipv6 stayed the same and the ipv4 did not (as expected), I went back to both option and stayed as it was before ...
Is it some BUG version 8.7?

[JDunphy]

I tried to leave only ipv6, the result was the same, the services that were in ipv6 stayed the same and the ipv4 did not (as expected), I went back to both option and stayed as it was before ...
Is it some BUG version 8.7?

Are you saying that when you had:

Code: Select all

    listen                  [::]:143 ipv6only=off;
    or
    listen                  [::]:143;
    #listen                143;

that BOTH ipv4 and ipv6 were not working?

If that is not happening? Check this:

Code: Select all

cat /proc/sys/net/ipv6/bindv6only 
0

[Carlos A. P. Cunha]

I tried to leave only ipv6, the result was the same, the services that were in ipv6 stayed the same and the ipv4 did not (as expected), I went back to both option and stayed as it was before ...
Is it some BUG version 8.7?

Are you saying that when you had:

Code: Select all

    listen                  [::]:143 ipv6only=off;
    or
    listen                  [::]:143;
    #listen                143;

that BOTH ipv4 and ipv6 were not working?

If that is not happening? Check this:

Code: Select all

cat /proc/sys/net/ipv6/bindv6only 
0

Hello!!
When I put in Ipmode both, it is the same as the one I posted initially, when I put ipv4 only, it all goes up in ipv4, but when I only put ipv6 (colleague's tip up there), and it still does not sub-index imap / pop.

cat /proc/sys/net/ipv6/bindv6only
0

Thanks

[JDunphy]

When I put in Ipmode both, it is the same as the one I posted initially, when I put ipv4 only, it all goes up in ipv4, but when I only put ipv6 (colleague's tip up there), and it still does not sub-index imap / pop.

cat /proc/sys/net/ipv6/bindv6only
0

Thanks

What does "not sub-index imap/pop" mean? Assuming you have ipv6 and ipv4 firewalls enabled for those ports with centos 7, ipv4 should use the tcp6 socket. At least that is how I have seen it work with other daemons. For example, we have this:

Code: Select all

tcp6       0      0 :::443                  :::*                    LISTEN  

but there is no ipv4 socket in LISTEN mode... However we only use ipv4 and it also works. A netstat will show it connected via a tcp socket however as ESTABLISHED.

Code: Select all

tcp        0      0 X.X.X.X:44088    Y.Y.Y.Y:443      ESTABLISHED

As per RFC 3493 (Sections 3.7 and 5.3) an IPv6 socket will accept
connections from IPv4 hosts, which will be mapped into the IPv6 address
space.

Ref: http://unix.stackexchange.com/questions ... cp6/237747
Ref: https://tools.ietf.org/html/rfc3493#section-3.7

Could that be happening here?

[Carlos A. P. Cunha]

When I put in Ipmode both, it is the same as the one I posted initially, when I put ipv4 only, it all goes up in ipv4, but when I only put ipv6 (colleague's tip up there), and it still does not sub-index imap / pop.

cat /proc/sys/net/ipv6/bindv6only
0

Thanks

What does "not sub-index imap/pop" mean? Assuming you have ipv6 and ipv4 firewalls enabled for those ports with centos 7, ipv4 should use the tcp6 socket. At least that is how I have seen it work with other daemons. For example, we have this:

Code: Select all

tcp6       0      0 :::443                  :::*                    LISTEN  

but there is no ipv4 socket... However we only use ipv4. A netstat will show it connected via a tcp ipv4 socket however as ESTABLISHED.

Code: Select all

tcp        0      0 X.X.X.X:44088    Y.Y.Y.Y:443      ESTABLISHED

As per RFC 3493 (Sections 3.7 and 5.3) an IPv6 socket will accept
connections from IPv4 hosts, which will be mapped into the IPv6 address
space.

Ref: http://unix.stackexchange.com/questions ... cp6/237747
Ref: https://tools.ietf.org/html/rfc3493#section-3.7

Could that be happening here?

In the netstat that I posted it shows how are the sockets, but I believe that is not the question, since testing the connection via IPV6 does not connect, but IPv4 yes ....
: - |

[JDunphy]

Language seems to be a barrier so I just did what you did and it worked.

Here are my steps:

Code: Select all

zmprov ms `zmhostname` zimbraIPMode both
/opt/zimbra/libexec/zmiptool
zmcontrol restart

Now I wanted to verify what nginx was doing...

Code: Select all

cd /opt/zimbra/conf/nginx/includes
cat *pop3* *imap* |grep ipv6
    listen                  [::]:110 ipv6only=off;
    listen                  [::]:995 ipv6only=off;
    listen                  [::]:143 ipv6only=off;
    listen                  [::]:993 ipv6only=off;

Good... That is what I wanted.

Next... what did netstat report:

Code: Select all

netstat -na | egrep '(110|995|993|143)'
tcp        0      0 :::7110                     :::*                        LISTEN      
tcp        0      0 :::7143                     :::*                        LISTEN      
tcp        0      0 :::110                      :::*                        LISTEN      
tcp        0      0 :::143                      :::*                        LISTEN      
tcp        0      0 :::7993                     :::*                        LISTEN      
tcp        0      0 :::7995                     :::*                        LISTEN      
tcp        0      0 :::993                      :::*                        LISTEN      
tcp        0      0 :::995                      :::*                        LISTEN 

Finally, a test from a remote machine:

Code: Select all

openssl s_client -crlf -connect '[dddd:3333::f03c:91ff:fea1:740d]:993'
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
....
....
---
* OK IMAP4rev1 proxy server ready

I then repeated this with my ipv4 address with the same result. It worked.

The only thing I had to do was provide access via my firewall for ipv6 so my remote client could connect. I don't normally run ipv6 so this has been a good exercise to see what is involved.

Hope this helps.