Bug#999612: exim 4.94.5 installation configures IPv6 by default on IPv4 only machines

sawbona at xsmail.com sawbona at xsmail.com
Sat Nov 13 16:58:56 GMT 2021 

Package: exim4
Version: 4.94.5
Severity: grave

On installation, Exim 4.94.5 will enable IPv6 *by default*, ignoring 
several mechanisms in place to explicitly disable IPv6:

1.
A kernel command line explicitly disabling ipv6:

[code]
ipv6.disable=1
[/code]

2.
An /etc/hosts file with no machine readable IPv6 lines:

[code]
user at chuck:~$ cat /etc/hosts
#
127.0.0.1         localhost  debian
#
# remmed to disable ip6
#::1                 localhost       ip6-localhost ip6-loopback
#fe00::0          ip6-localnet
#fe00::0          ip6-mcastprefix
#fe02::1          ip6-allnodes
#fe02::1          ip6-allrouters
user at chuck:~$
[/code]

3.
An /etc/ssh/ssh_config file explicitly disabling ipv6:

[code]
user at chuck:~$ cat /etc/ssh/ssh_config
--- snip ---
AddressFamily inet     # instead of 'any' or 'inet6'
--- snip ---
user at chuck:~$
[/code]

This in turn creates this paniclog message:

[code]
IPv6 socket creation failed: Address family not supported by protocol
[/code]

On a machine with a DNS server (Unbound) running on a VBox virtual 
machine which is also explicitly configured disable IPv6, there will 
also be a rather annoying 30s delay at boot time.

This seems to be due to Exim talking directly to the DNS resolver 
which will not answer AAAA queries as the machine it runs on is not 
configured to use IPv6.

After waiting for 30s, Exim will continue loading.

This can be avoided by adding this line to the 'Main' section of 
exim4.conf.template:

[code]
disable_ipv6 = true
[/code] 

Once update-exim4.conf is run and the machine reboots, the delay has 
gone away and there is no paniclog message.

To reproduce the problem, rolling back the edit of the 
exim4.conf.template will bring back the 30s delay and the paniclog 
message.

At the very least, add the disable_ipv6 = true (or false) to the 
exim4.conf.template file, with the proper comments so that the issue 
will not be hard to fix.

I had to add the line, it was not there by default in any of its 
possible variants:

ie: disable_ipv6 = true ; disable_ipv6 = false ; disable_ipv6 =

The *best* solution would be to have the installer check for the 
existence of the ipv6.disable=1 stanza in the kernel command line and 
then ask for IPv6 confirmation if the line is not there.

A very small portion of the web runs on IPv6 and it will be some 
years before IPv6 becomes the default option.

Thanks in advance.

More information about the Pkg-exim4-maintainers mailing list