[packages/postfix.git] / postfix-ipv6.patch

Note:
	IPv6 support depends on v6-capable getifaddrs() function
	(i.e. from USAGI libinet6, not glibc)

	non-getifaddrs v6 support is not complete - network masks
	are not read, which could cause postfix to act as open-relay
	(when using mynetworks_style!=host and permit_mynetworks),
	so I decided to add #errors if getifaddrs is not supported.

	If you write (correctly working) missing code, please send
	it to me and I'll add it to patch.

				Jakub Bogusz <qboosh@pld.org.pl>

diff -Nur postfix-2.0.9.orig/makedefs postfix-2.0.9/makedefs
--- postfix-2.0.9.orig/makedefs	Thu Jan 23 14:45:02 2003
+++ postfix-2.0.9/makedefs	Fri Apr 18 20:55:35 2003
@@ -52,6 +52,21 @@
 SYSTEM=`(uname -s) 2>/dev/null`
 RELEASE=`(uname -r) 2>/dev/null`
 VERSION=`(uname -v) 2>/dev/null`
+if test -f /usr/include/netinet6/in6.h; then
+	grep __KAME__ /usr/include/netinet6/in6.h 2>&1 >/dev/null
+	if [ $?  = 1 ]; then
+		INET6=
+	else
+		if [ -f /usr/local/v6/lib/libinet6.a ]; then
+			INET6=kame
+		else
+			INET6=kame-merged
+		fi
+	fi
+fi
+if [ -z "$INET6" -a -f /usr/include/netinet/ip6.h -a -f /usr/include/linux/icmpv6.h ]; then
+	INET6=linux
+fi
 
 case "$VERSION" in
  dcosx*) SYSTEM=$VERSION;;
@@ -318,6 +333,26 @@
 
 : ${CC='gcc $(WARN)'} ${OPT='-O'} ${DEBUG='-g'} ${AWK=awk}
 
+case "$INET6" in
+kame)
+	CCARGS="$CCARGS -DINET6 -D__ss_family=ss_family -D__ss_len=ss_len"
+	if test -f /usr/local/v6/lib/libinet6.a; then
+		SYSLIBS="$SYSLIBS -L/usr/local/v6/lib -linet6"
+	fi
+	;;
+kame-merged)
+	CCARGS="$CCARGS -DINET6 -D__ss_family=ss_family -D__ss_len=ss_len"
+	;;
+linux)
+	CCARGS="$CCARGS -DINET6 -D__ss_family=ss_family"
+	if test -f /usr/include/libinet6/netinet/ip6.h -a \
+		-f /usr/lib/libinet6.a; then 
+		CCARGS="$CCARGS -I/usr/include/libinet6 -DUSAGI_LIBINET6"
+		SYSLIBS="$SYSLIBS -linet6"
+	fi
+	;;
+esac
+
 export SYSTYPE AR ARFL RANLIB SYSLIBS CC OPT DEBUG AWK OPTS
 
 sed 's/  / /g' <<EOF
diff -Nur postfix-2.0.9.orig/src/global/Makefile.in postfix-2.0.9/src/global/Makefile.in
--- postfix-2.0.9.orig/src/global/Makefile.in	Fri Apr 18 20:55:10 2003
+++ postfix-2.0.9/src/global/Makefile.in	Fri Apr 18 20:55:35 2003
@@ -19,7 +19,7 @@
 	timed_ipc.c tok822_find.c tok822_node.c tok822_parse.c \
 	tok822_resolve.c tok822_rewrite.c tok822_tree.c xtext.c bounce_log.c \
 	flush_clnt.c mail_conf_time.c mbox_conf.c mbox_open.c abounce.c \
-	verp_sender.c match_parent_style.c mime_state.c header_token.c \
+	verp_sender.c match_parent_style.c mime_state.c header_token.c wildcard_inet_addr.c\
 	strip_addr.c virtual8_maps.c hold_message.c dict_proxy.c mail_dict.c \
 	pfixtls.c
 OBJS	= been_here.o bounce.o canon_addr.o cleanup_strerror.o clnt_stream.o \
@@ -42,7 +42,7 @@
 	timed_ipc.o tok822_find.o tok822_node.o tok822_parse.o \
 	tok822_resolve.o tok822_rewrite.o tok822_tree.o xtext.o bounce_log.o \
 	flush_clnt.o mail_conf_time.o mbox_conf.o mbox_open.o abounce.o \
-	verp_sender.o match_parent_style.o mime_state.o header_token.o \
+	verp_sender.o match_parent_style.o mime_state.o header_token.o wildcard_inet_addr.o\
 	strip_addr.o virtual8_maps.o hold_message.o dict_proxy.o mail_dict.o \
 	pfixtls.o
 HDRS	= been_here.h bounce.h canon_addr.h cleanup_user.h clnt_stream.h \
@@ -61,7 +61,7 @@
 	rewrite_clnt.h sent.h smtp_stream.h split_addr.h string_list.h \
 	sys_exits.h timed_ipc.h tok822.h xtext.h bounce_log.h flush_clnt.h \
 	mbox_conf.h mbox_open.h abounce.h qmqp_proto.h verp_sender.h \
-	match_parent_style.h quote_flags.h mime_state.h header_token.h \
+	match_parent_style.h quote_flags.h mime_state.h header_token.h wildcard_inet_addr.h\
 	lex_822.h strip_addr.h virtual8_maps.h hold_message.h dict_proxy.h \
 	mail_dict.h pfixtls.h
 TESTSRC	= rec2stream.c stream2rec.c recdump.c
diff -Nur postfix-2.0.9.orig/src/global/mynetworks.c postfix-2.0.9/src/global/mynetworks.c
--- postfix-2.0.9.orig/src/global/mynetworks.c	Sun Feb 25 02:46:07 2001
+++ postfix-2.0.9/src/global/mynetworks.c	Fri Apr 18 20:55:35 2003
@@ -50,6 +50,11 @@
 #include <vstring.h>
 #include <inet_addr_list.h>
 #include <name_mask.h>
+#ifdef INET6
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#endif
 
 /* Global library. */
 
@@ -75,6 +80,9 @@
 const char *mynetworks(void)
 {
     static VSTRING *result;
+#ifdef INET6
+    char hbuf[NI_MAXHOST];
+#endif
 
     if (result == 0) {
 	char   *myname = "mynetworks";
@@ -87,6 +95,13 @@
 	int     junk;
 	int     i;
 	int     mask_style;
+#ifdef INET6
+	struct sockaddr *sa;
+	struct sockaddr_in6 *addr6;
+	struct sockaddr_in6 *mask6;
+	struct in6_addr net6;
+	int j;
+#endif
 
 	mask_style = name_mask("mynetworks mask style", mask_styles,
 			       var_mynetworks_style);
@@ -96,8 +111,45 @@
 	my_mask_list = own_inet_mask_list();
 
 	for (i = 0; i < my_addr_list->used; i++) {
+#ifdef INET6
+	    sa = (struct sockaddr *)&my_addr_list->addrs[i];
+	    if (sa->sa_family == AF_INET6) {
+		addr6 = (struct sockaddr_in6 *)sa;
+		mask6 = (struct sockaddr_in6 *)&my_mask_list->addrs[i];
+
+		switch (mask_style) {
+		case MASK_STYLE_CLASS:
+		    /* treat as subnet for IPv6 */
+		case MASK_STYLE_SUBNET:
+		    for (j=0; j<16; j++)
+			net6.s6_addr[j] = addr6->sin6_addr.s6_addr[j] & mask6->sin6_addr.s6_addr[j];
+		    for(shift=128; shift>0; shift--)
+			if ((mask6->sin6_addr.s6_addr[(shift-1) / 8]) & (0x80 >> ((shift-1) % 8)))
+			    break;
+		    break;
+		case MASK_STYLE_HOST:
+		    memcpy (&net6, &(addr6->sin6_addr), sizeof(net6));
+		    shift=128;
+		    break;
+	        default:
+		    msg_panic("unknown mynetworks mask style: %s",
+			      var_mynetworks_style);
+		}
+		inet_ntop(AF_INET6, &net6, hbuf, sizeof(hbuf));
+		if (!shift)
+		    msg_warn("%s: skipped network with zero mask: [%s/0]", myname, hbuf);
+		else
+		    vstring_sprintf_append(result, "[%s/%d] ", hbuf, shift);
+		continue;
+	    } else if (sa->sa_family != AF_INET) {
+		continue;
+	    }
+	    addr = ntohl(((struct sockaddr_in *)sa)->sin_addr.s_addr);
+	    mask = ntohl(((struct sockaddr_in *)&my_mask_list->addrs[i])->sin_addr.s_addr);
+#else
 	    addr = ntohl(my_addr_list->addrs[i].s_addr);
 	    mask = ntohl(my_mask_list->addrs[i].s_addr);
+#endif
 
 	    switch (mask_style) {
 
@@ -119,8 +171,15 @@
 		    mask = IN_CLASSD_NET;
 		    shift = IN_CLASSD_NSHIFT;
 		} else {
+#ifdef INET6
+		    if (getnameinfo(sa, SA_LEN(sa), hbuf, sizeof(hbuf), NULL, 0,
+			    NI_NUMERICHOST))
+			strncpy(hbuf, "???", sizeof(hbuf));
+		    msg_fatal("%s: bad address class: %s", myname, hbuf);
+#else
 		    msg_fatal("%s: bad address class: %s",
 			      myname, inet_ntoa(my_addr_list->addrs[i]));
+#endif
 		}
 		break;
 
@@ -146,6 +205,18 @@
 			  var_mynetworks_style);
 	    }
 	    net.s_addr = htonl(addr & mask);
+	    if (shift == BITS_PER_ADDR) {
+#ifdef INET6
+		if (getnameinfo(sa, SA_LEN(sa), hbuf, sizeof(hbuf), NULL, 0,
+			NI_NUMERICHOST))
+		    strncpy(hbuf, "???", sizeof(hbuf));
+		msg_warn("%s: skipped network with zero mask: %s/0", myname, hbuf);
+#else
+		msg_warn("%s: skipped network with zero mask: %s/0",
+			 myname, inet_ntoa(my_addr_list->addrs[i]));
+#endif
+		continue;
+	    }
 	    vstring_sprintf_append(result, "%s/%d ",
 				   inet_ntoa(net), BITS_PER_ADDR - shift);
 	}
diff -Nur postfix-2.0.9.orig/src/global/own_inet_addr.c postfix-2.0.9/src/global/own_inet_addr.c
--- postfix-2.0.9.orig/src/global/own_inet_addr.c	Fri Oct 25 01:19:19 2002
+++ postfix-2.0.9/src/global/own_inet_addr.c	Fri Apr 18 20:55:35 2003
@@ -50,6 +50,10 @@
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <string.h>
+#ifdef INET6
+#include <sys/socket.h>
+#include <netdb.h>
+#endif
 
 #ifdef STRCASECMP_IN_STRINGS_H
 #include <strings.h>
@@ -113,10 +117,11 @@
      */
     else {
 	bufp = hosts = mystrdup(var_inet_interfaces);
-	while ((host = mystrtok(&bufp, sep)) != 0)
+	while ((host = mystrtok(&bufp, sep)) != 0) {
 	    if (inet_addr_host(addr_list, host) == 0)
 		msg_fatal("config variable %s: host not found: %s",
 			  VAR_INET_INTERFACES, host);
+	}
 	myfree(hosts);
 
 	/*
@@ -133,15 +138,39 @@
 	    msg_fatal("could not find any active network interfaces");
 	for (nvirtual = 0; nvirtual < addr_list->used; nvirtual++) {
 	    for (nlocal = 0; /* see below */ ; nlocal++) {
-		if (nlocal >= local_addrs.used)
+		if (nlocal >= local_addrs.used) {
+#ifdef INET6
+		    char hbuf[NI_MAXHOST];
+		    if (getnameinfo((struct sockaddr *)&addr_list->addrs[nvirtual],
+		        SS_LEN(addr_list->addrs[nvirtual]), hbuf,
+		        sizeof(hbuf), NULL, 0, NI_NUMERICHOST) != 0)
+			strncpy(hbuf, "???", sizeof(hbuf));
+		    msg_fatal("parameter %s: no local interface found for %s",
+			      VAR_INET_INTERFACES, hbuf);
+#else
 		    msg_fatal("parameter %s: no local interface found for %s",
 			      VAR_INET_INTERFACES,
 			      inet_ntoa(addr_list->addrs[nvirtual]));
+#endif
+		}
+#ifdef INET6
+		if (addr_list->addrs[nvirtual].ss_family == 
+		    local_addrs.addrs[nlocal].ss_family &&
+		    SS_LEN(addr_list->addrs[nvirtual]) == 
+		    SS_LEN(local_addrs.addrs[nlocal]) &&
+		    memcmp(&addr_list->addrs[nvirtual],
+		    &local_addrs.addrs[nlocal],
+		    SS_LEN(local_addrs.addrs[nlocal])) == 0) {
+		    inet_addr_list_append(mask_list, (struct sockaddr *)&local_masks.addrs[nlocal]);
+		    break;
+		}
+#else
 		if (addr_list->addrs[nvirtual].s_addr
 		    == local_addrs.addrs[nlocal].s_addr) {
 		    inet_addr_list_append(mask_list, &local_masks.addrs[nlocal]);
 		    break;
 		}
+#endif
 	    }
 	}
 	inet_addr_list_free(&local_addrs);
@@ -151,6 +180,42 @@
 
 /* own_inet_addr - is this my own internet address */
 
+#ifdef INET6
+int     own_inet_addr(struct sockaddr * addr)
+{
+    int     i;
+    char *p, *q;
+    int l;
+    struct sockaddr *sa;
+
+    if (addr_list.used == 0)
+	own_inet_addr_init(&addr_list, &mask_list);
+
+    for (i = 0; i < addr_list.used; i++) {
+	sa = (struct sockaddr *)&addr_list.addrs[i];
+	if (addr->sa_family != sa->sa_family)
+	    continue;
+	switch (addr->sa_family) {
+	case AF_INET:
+	    p = (char *)&((struct sockaddr_in *)addr)->sin_addr;
+	    q = (char *)&((struct sockaddr_in *)&addr_list.addrs[i])->sin_addr;
+	    l = sizeof(struct in_addr);
+	    break;
+	case AF_INET6:
+	    /* XXX scope */
+	    p = (char *)&((struct sockaddr_in6 *)addr)->sin6_addr;
+	    q = (char *)&((struct sockaddr_in6 *)&addr_list.addrs[i])->sin6_addr;
+	    l = sizeof(struct in6_addr);
+	    break;
+	default:
+	    continue;
+	}
+	if (memcmp(p, q, l) == 0)
+	    return (1);
+    }
+    return (0);
+}
+#else
 int     own_inet_addr(struct in_addr * addr)
 {
     int     i;
@@ -161,8 +226,8 @@
     for (i = 0; i < addr_list.used; i++)
 	if (addr->s_addr == addr_list.addrs[i].s_addr)
 	    return (1);
-    return (0);
 }
+#endif
 
 /* own_inet_addr_list - return list of addresses */
 
@@ -213,6 +278,45 @@
 
 /* proxy_inet_addr - is this my proxy internet address */
 
+#ifdef INET6
+int	proxy_inet_addr(struct sockaddr * addr)
+{
+    int     i;
+    char *p, *q;
+    int l;
+    struct sockaddr *sa;
+
+    if (*var_proxy_interfaces == 0)
+	return (0);
+
+    if (proxy_list.used == 0)
+	proxy_inet_addr_init(&proxy_list);
+
+    for (i = 0; i < proxy_list.used; i++) {
+	sa = (struct sockaddr *)&proxy_list.addrs[i];
+	if (addr->sa_family != sa->sa_family)
+	    continue;
+	switch (addr->sa_family) {
+	case AF_INET:
+	    p = (char *)&((struct sockaddr_in *)addr)->sin_addr;
+	    q = (char *)&((struct sockaddr_in *)&addr_list.addrs[i])->sin_addr;
+	    l = sizeof(struct in_addr);
+	    break;
+	case AF_INET6:
+	    /* XXX scope */
+	    p = (char *)&((struct sockaddr_in6 *)addr)->sin6_addr;
+	    q = (char *)&((struct sockaddr_in6 *)&addr_list.addrs[i])->sin6_addr;
+	    l = sizeof(struct in6_addr);
+	    break;
+	default:
+	    continue;
+	}
+	if (memcmp(p, q, l) == 0)
+	    return (1);
+    }
+    return (0);
+}
+#else
 int     proxy_inet_addr(struct in_addr * addr)
 {
     int     i;
@@ -228,6 +332,7 @@
 	    return (1);
     return (0);
 }
+#endif
 
 /* proxy_inet_addr_list - return list of addresses */
 
diff -Nur postfix-2.0.9.orig/src/global/own_inet_addr.h postfix-2.0.9/src/global/own_inet_addr.h
--- postfix-2.0.9.orig/src/global/own_inet_addr.h	Fri Oct 25 01:07:05 2002
+++ postfix-2.0.9/src/global/own_inet_addr.h	Fri Apr 18 20:55:35 2003
@@ -15,14 +15,25 @@
   * System library.
   */
 #include <netinet/in.h>
+#ifdef INET6
+#include <sys/socket.h>
+#endif
 
  /*
   * External interface.
   */
+#ifdef INET6
+extern int own_inet_addr(struct sockaddr *);
+#else
 extern int own_inet_addr(struct in_addr *);
+#endif
 extern struct INET_ADDR_LIST *own_inet_addr_list(void);
 extern struct INET_ADDR_LIST *own_inet_mask_list(void);
+#ifdef INET6
+extern int proxy_inet_addr(struct sockaddr *);
+#else
 extern int proxy_inet_addr(struct in_addr *);
+#endif
 extern struct INET_ADDR_LIST *proxy_inet_addr_list(void);
 
 /* LICENSE
diff -Nur postfix-2.0.9.orig/src/global/peer_name.c postfix-2.0.9/src/global/peer_name.c
--- postfix-2.0.9.orig/src/global/peer_name.c	Sun Jan 28 16:23:02 2001
+++ postfix-2.0.9/src/global/peer_name.c	Fri Apr 18 20:55:35 2003
@@ -69,12 +69,32 @@
 PEER_NAME *peer_name(int sock)
 {
     static PEER_NAME peer;
-    struct sockaddr_in sin;
-    SOCKADDR_SIZE len = sizeof(sin);
+    union sockunion {
+	struct {
+	    u_char si_len;
+	    u_char si_family;
+	    u_short si_port;
+	} su_si;
+	struct sockaddr peer_un;
+	struct sockaddr_in peer_un4;
+#ifdef INET6
+	struct sockaddr_in6 peer_un6;
+#endif
+    } p_un;
+#define sun p_un.peer_un
+#define sin p_un.peer_un4
+#ifdef INET6
+#define sin6 p_un.peer_un6
+    static char hbuf[NI_MAXHOST];
+    static char abuf[NI_MAXHOST];
+#else
     struct hostent *hp;
+#endif
+    SOCKADDR_SIZE len = sizeof(p_un);
 
-    if (getpeername(sock, (struct sockaddr *) & sin, &len) == 0) {
-	switch (sin.sin_family) {
+    if (getpeername(sock, (struct sockaddr *)&p_un, &len) == 0) {
+	switch (p_un.peer_un.sa_family) {
+#ifndef INET6
 	case AF_INET:
 	    peer.type = PEER_TYPE_INET;
 	    hp = gethostbyaddr((char *) &(sin.sin_addr),
@@ -83,6 +103,24 @@
 			 hp->h_name : "unknown");
 	    peer.addr = inet_ntoa(sin.sin_addr);
 	    return (&peer);
+#else
+	case AF_INET:
+	    peer.type = PEER_TYPE_INET;
+	    if (getnameinfo(&sun, len, hbuf, sizeof(hbuf), NULL, 0, NI_NAMEREQD) != 0)
+		peer.name = "unknown";
+	    else
+		peer.name = hbuf;
+	    peer.addr = abuf;
+	    return (&peer);
+	case AF_INET6:
+	    peer.type = PEER_TYPE_INET6;
+	    if (getnameinfo(&sun, len, hbuf, sizeof(hbuf), NULL, 0, NI_NAMEREQD) != 0)
+		peer.name = "unknown";
+	    else
+		peer.name = hbuf;
+	    peer.addr = abuf;
+	    return (&peer);
+#endif
 	case AF_UNSPEC:
 	case AF_UNIX:
 	    peer.type = PEER_TYPE_LOCAL;
diff -Nur postfix-2.0.9.orig/src/global/peer_name.h postfix-2.0.9/src/global/peer_name.h
--- postfix-2.0.9.orig/src/global/peer_name.h	Fri Dec 11 19:55:32 1998
+++ postfix-2.0.9/src/global/peer_name.h	Fri Apr 18 20:55:35 2003
@@ -22,6 +22,9 @@
 #define PEER_TYPE_UNKNOWN	0
 #define PEER_TYPE_INET		1
 #define PEER_TYPE_LOCAL		2
+#ifdef INET6
+#define PEER_TYPE_INET6		3
+#endif
 
 extern PEER_NAME *peer_name(int);
 
diff -Nur postfix-2.0.9.orig/src/global/resolve_local.c postfix-2.0.9/src/global/resolve_local.c
--- postfix-2.0.9.orig/src/global/resolve_local.c	Fri Oct 25 01:21:20 2002
+++ postfix-2.0.9/src/global/resolve_local.c	Fri Apr 18 20:55:35 2003
@@ -43,6 +43,7 @@
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <string.h>
+#include <netdb.h>
 
 #ifndef INADDR_NONE
 #define INADDR_NONE 0xffffffff
@@ -80,7 +81,12 @@
 {
     char   *saved_addr = mystrdup(addr);
     char   *dest;
+#ifdef INET6
+    struct addrinfo hints, *res, *res0;
+    int error;
+#else
     struct in_addr ipaddr;
+#endif
     int     len;
 
 #define RETURN(x) { myfree(saved_addr); return(x); }
@@ -118,9 +124,25 @@
     if (*dest == '[' && dest[len - 1] == ']') {
 	dest++;
 	dest[len -= 2] = 0;
+#ifdef INET6
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_family = PF_UNSPEC;
+	hints.ai_socktype = SOCK_DGRAM;
+	error = getaddrinfo(dest, NULL, &hints, &res0);
+	if (!error) {
+	    for (res = res0; res; res = res->ai_next) {
+		if (own_inet_addr(res->ai_addr)) {
+		    freeaddrinfo(res0);
+		    RETURN(1);
+		}
+	    }
+	    freeaddrinfo(res0);
+	}
+#else
 	if ((ipaddr.s_addr = inet_addr(dest)) != INADDR_NONE
 	    && (own_inet_addr(&ipaddr) || proxy_inet_addr(&ipaddr)))
 	    RETURN(1);
+#endif
     }
 
     /*
diff -Nur postfix-2.0.9.orig/src/global/wildcard_inet_addr.c postfix-2.0.9/src/global/wildcard_inet_addr.c
--- postfix-2.0.9.orig/src/global/wildcard_inet_addr.c	Thu Jan  1 01:00:00 1970
+++ postfix-2.0.9/src/global/wildcard_inet_addr.c	Fri Apr 18 20:55:35 2003
@@ -0,0 +1,82 @@
+/* System library. */
+
+#include <sys_defs.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <string.h>
+#ifdef INET6
+#include <sys/socket.h>
+#endif
+#include <netdb.h>
+
+#ifdef STRCASECMP_IN_STRINGS_H
+#include <strings.h>
+#endif
+
+/* Utility library. */
+
+#include <msg.h>
+#include <mymalloc.h>
+#include <inet_addr_list.h>
+#include <inet_addr_local.h>
+#include <inet_addr_host.h>
+#include <stringops.h>
+
+/* Global library. */
+
+#include <mail_params.h>
+#include <wildcard_inet_addr.h>
+
+/* Application-specific. */
+static INET_ADDR_LIST addr_list;
+
+/* wildcard_inet_addr_init - initialize my own address list */
+
+static void wildcard_inet_addr_init(INET_ADDR_LIST *addr_list)
+{
+#ifdef INET6
+    struct addrinfo hints, *res, *res0;
+    char hbuf[NI_MAXHOST];
+    int error;
+#ifdef NI_WITHSCOPEID
+    const int niflags = NI_NUMERICHOST | NI_WITHSCOPEID;
+#else
+    const int niflags = NI_NUMERICHOST;
+#endif
+
+    inet_addr_list_init(addr_list);
+
+    memset(&hints, 0, sizeof(hints));
+    hints.ai_family = PF_UNSPEC;
+    hints.ai_socktype = SOCK_STREAM;
+    hints.ai_flags = AI_PASSIVE;
+    error = getaddrinfo(NULL, "0", &hints, &res0);
+    if (error)
+	msg_fatal("could not get list of wildcard addresses");
+    for (res = res0; res; res = res->ai_next) {
+	if (res->ai_family != AF_INET && res->ai_family != AF_INET6)
+	    continue;
+	if (getnameinfo(res->ai_addr, res->ai_addrlen, hbuf, sizeof(hbuf),
+	    NULL, 0, niflags) != 0)
+	    continue;
+	if (inet_addr_host(addr_list, hbuf) == 0)
+	    continue; /* msg_fatal("config variable %s: host not found: %s",
+		      VAR_INET_INTERFACES, hbuf); */
+    }
+    freeaddrinfo(res0);
+#else
+    if (inet_addr_host(addr_list, "0.0.0.0") == 0)
+	msg_fatal("config variable %s: host not found: %s",
+		  VAR_INET_INTERFACES, "0.0.0.0");
+#endif
+}
+
+/* wildcard_inet_addr_list - return list of addresses */
+
+INET_ADDR_LIST *wildcard_inet_addr_list(void)
+{
+    if (addr_list.used == 0)
+	wildcard_inet_addr_init(&addr_list);
+
+    return (&addr_list);
+}
diff -Nur postfix-2.0.9.orig/src/global/wildcard_inet_addr.h postfix-2.0.9/src/global/wildcard_inet_addr.h
--- postfix-2.0.9.orig/src/global/wildcard_inet_addr.h	Thu Jan  1 01:00:00 1970
+++ postfix-2.0.9/src/global/wildcard_inet_addr.h	Fri Apr 18 20:55:35 2003
@@ -0,0 +1,36 @@
+#ifndef _WILDCARD_INET_ADDR_H_INCLUDED_
+#define _WILDCARD_INET_ADDR_H_INCLUDED_
+
+/*++
+/* NAME
+/*	wildcard_inet_addr_list 3h
+/* SUMMARY
+/*	grab the list of wildcard IP addresses.
+/* SYNOPSIS
+/*	#include <own_inet_addr.h>
+/* DESCRIPTION
+/* .nf
+/*--*/
+
+ /*
+  * System library.
+  */
+#include <netinet/in.h>
+#ifdef INET6
+#include <sys/socket.h>
+#endif
+
+ /*
+  * External interface.
+  */
+extern struct INET_ADDR_LIST *wildcard_inet_addr_list(void);
+
+/* LICENSE
+/* .ad
+/* .fi
+/*	foo
+/* AUTHOR(S)
+/*	Jun-ichiro itojun Hagino
+/*--*/
+
+#endif
diff -Nur postfix-2.0.9.orig/src/master/master_ent.c postfix-2.0.9/src/master/master_ent.c
--- postfix-2.0.9.orig/src/master/master_ent.c	Mon Jan 13 01:25:39 2003
+++ postfix-2.0.9/src/master/master_ent.c	Fri Apr 18 20:55:35 2003
@@ -285,8 +285,13 @@
 	    inet_addr_list_uniq(MASTER_INET_ADDRLIST(serv));
 	    serv->listen_fd_count = MASTER_INET_ADDRLIST(serv)->used;
 	} else if (strcasecmp(var_inet_interfaces, DEF_INET_INTERFACES) == 0) {
+#ifdef INET6
+		MASTER_INET_ADDRLIST(serv) = wildcard_inet_addr_list();
+		serv->listen_fd_count = MASTER_INET_ADDRLIST(serv)->used;
+#else
 	    MASTER_INET_ADDRLIST(serv) = 0;	/* wild-card */
 	    serv->listen_fd_count = 1;
+#endif
 	} else {
 	    MASTER_INET_ADDRLIST(serv) = own_inet_addr_list();	/* virtual */
 	    inet_addr_list_uniq(MASTER_INET_ADDRLIST(serv));
diff -Nur postfix-2.0.9.orig/src/master/master_listen.c postfix-2.0.9/src/master/master_listen.c
--- postfix-2.0.9.orig/src/master/master_listen.c	Tue May  1 00:47:57 2001
+++ postfix-2.0.9/src/master/master_listen.c	Fri Apr 18 20:55:35 2003
@@ -64,13 +64,22 @@
 
 #include "master.h"
 
+#ifdef INET6
+#include <netdb.h>
+#include <stdio.h>
+#endif 
+
 /* master_listen_init - enable connection requests */
 
 void    master_listen_init(MASTER_SERV *serv)
 {
     char   *myname = "master_listen_init";
     char   *end_point;
-    int     n;
+    int     n,m,tmpfd;
+#ifdef INET6
+    char hbuf[NI_MAXHOST];
+    SOCKADDR_SIZE salen;
+#endif
 
     /*
      * Find out what transport we should use, then create one or more
@@ -111,18 +120,31 @@
 	    serv->listen_fd[0] =
 		inet_listen(MASTER_INET_PORT(serv),
 			    serv->max_proc > var_proc_limit ?
-			    serv->max_proc : var_proc_limit, NON_BLOCKING);
+			    serv->max_proc : var_proc_limit, NON_BLOCKING, 1);
 	    close_on_exec(serv->listen_fd[0], CLOSE_ON_EXEC);
 	} else {				/* virtual or host:port */
-	    for (n = 0; n < serv->listen_fd_count; n++) {
+	    for (m = n = 0; n < serv->listen_fd_count; n++) {
+#ifdef INET6
+		if (getnameinfo((struct sockaddr *)&MASTER_INET_ADDRLIST(serv)->addrs[n],
+			SA_LEN((struct sockaddr *)&MASTER_INET_ADDRLIST(serv)->addrs[n]), 
+			hbuf, sizeof(hbuf), NULL, 0, NI_NUMERICHOST)) {
+		    strncpy(hbuf, "?????", sizeof(hbuf));
+		}
+		end_point = concatenate(hbuf, ":", MASTER_INET_PORT(serv), (char *) 0);
+#else
 		end_point = concatenate(inet_ntoa(MASTER_INET_ADDRLIST(serv)->addrs[n]),
 				   ":", MASTER_INET_PORT(serv), (char *) 0);
-		serv->listen_fd[n]
+#endif
+		tmpfd
 		    = inet_listen(end_point, serv->max_proc > var_proc_limit ?
-			     serv->max_proc : var_proc_limit, NON_BLOCKING);
-		close_on_exec(serv->listen_fd[n], CLOSE_ON_EXEC);
+			     serv->max_proc : var_proc_limit, NON_BLOCKING, 0);
+		if (tmpfd >= 0) {
+		    serv->listen_fd[m] = tmpfd;
+		    close_on_exec(serv->listen_fd[m++], CLOSE_ON_EXEC);
+		}
 		myfree(end_point);
 	    }
+	    serv->listen_fd_count=m;
 	}
 	break;
     default:
diff -Nur postfix-2.0.9.orig/src/smtp/Makefile.in postfix-2.0.9/src/smtp/Makefile.in
--- postfix-2.0.9.orig/src/smtp/Makefile.in	Fri Apr 18 20:55:10 2003
+++ postfix-2.0.9/src/smtp/Makefile.in	Fri Apr 18 20:55:35 2003
@@ -143,6 +143,7 @@
 smtp_connect.o: ../../include/mail_params.h
 smtp_connect.o: ../../include/own_inet_addr.h
 smtp_connect.o: ../../include/dns.h
+smtp_connect.o: ../../include/get_port.h
 smtp_connect.o: smtp.h
 smtp_connect.o: ../../include/argv.h
 smtp_connect.o: ../../include/deliver_request.h
diff -Nur postfix-2.0.9.orig/src/smtp/smtp_addr.c postfix-2.0.9/src/smtp/smtp_addr.c
--- postfix-2.0.9.orig/src/smtp/smtp_addr.c	Fri Oct 25 01:03:11 2002
+++ postfix-2.0.9/src/smtp/smtp_addr.c	Fri Apr 18 20:55:35 2003
@@ -134,18 +134,68 @@
 static void smtp_print_addr(char *what, DNS_RR *addr_list)
 {
     DNS_RR *addr;
-    struct in_addr in_addr;
+#ifdef INET6
+    struct sockaddr_storage ss;
+#else
+    struct sockaddr ss;
+#endif
+    struct sockaddr_in *sin;
+#ifdef INET6
+    struct sockaddr_in6 *sin6;
+    char   hbuf[NI_MAXHOST];
+#else
+    char   hbuf[sizeof("255.255.255.255") + 1];
+#endif
 
     msg_info("begin %s address list", what);
     for (addr = addr_list; addr; addr = addr->next) {
-	if (addr->data_len > sizeof(addr)) {
-	    msg_warn("skipping address length %d", addr->data_len);
-	} else {
-	    memcpy((char *) &in_addr, addr->data, sizeof(in_addr));
-	    msg_info("pref %4d host %s/%s",
-		     addr->pref, addr->name,
-		     inet_ntoa(in_addr));
+	if (addr->class != C_IN) {
+	    msg_warn("skipping unsupported address (class=%u)", addr->class);
+	    continue;
 	}
+	switch (addr->type) {
+	case T_A:
+	    if (addr->data_len != sizeof(sin->sin_addr)) {
+		msg_warn("skipping invalid address (AAAA, len=%u)",
+		    addr->data_len);
+		continue;
+	    }
+	    sin = (struct sockaddr_in *)&ss;
+	    memset(sin, 0, sizeof(*sin));
+	    sin->sin_family = AF_INET;
+#ifdef HAS_SA_LEN
+	    sin->sin_len = sizeof(*sin);
+#endif
+	    memcpy(&sin->sin_addr, addr->data, sizeof(sin->sin_addr));
+	    break;
+#ifdef INET6
+	case T_AAAA:
+	    if (addr->data_len != sizeof(sin6->sin6_addr)) {
+		msg_warn("skipping invalid address (AAAA, len=%u)",
+		    addr->data_len);
+		continue;
+	    }
+	    sin6 = (struct sockaddr_in6 *)&ss;
+	    memset(sin6, 0, sizeof(*sin6));
+	    sin6->sin6_family = AF_INET6;
+#ifdef HAS_SA_LEN
+	    sin6->sin6_len = sizeof(*sin6);
+#endif
+	    memcpy(&sin6->sin6_addr, addr->data, sizeof(sin6->sin6_addr));
+	    break;
+#endif
+	default:
+	    msg_warn("skipping unsupported address (type=%u)", addr->type);
+	    continue;
+	}
+
+#ifdef INET6
+	(void)getnameinfo((struct sockaddr *)&ss, SS_LEN(ss),
+	    hbuf, sizeof(hbuf), NULL, 0, NI_NUMERICHOST);
+#else
+	(void)inet_ntop(AF_INET, &sin->sin_addr, hbuf, sizeof(hbuf));
+#endif
+	msg_info("pref %4d host %s/%s", addr->pref, addr->name, hbuf);
     }
     msg_info("end %s address list", what);
 }
@@ -155,15 +205,23 @@
 static DNS_RR *smtp_addr_one(DNS_RR *addr_list, char *host, unsigned pref, VSTRING *why)
 {
     char   *myname = "smtp_addr_one";
+#ifndef INET6
     struct in_addr inaddr;
-    DNS_FIXED fixed;
     DNS_RR *addr = 0;
     DNS_RR *rr;
     struct hostent *hp;
+#else
+    struct addrinfo hints, *res0, *res;
+    int error = -1;
+    char *addr;
+    size_t addrlen;
+#endif
+    DNS_FIXED fixed;
 
     if (msg_verbose)
 	msg_info("%s: host %s", myname, host);
 
+#ifndef INET6
     /*
      * Interpret a numerical name as an address.
      */
@@ -216,6 +274,48 @@
 	smtp_errno = SMTP_FAIL;
 	break;
     }
+#else
+    memset(&hints, 0, sizeof(hints));
+    hints.ai_family = PF_UNSPEC;
+    hints.ai_socktype = SOCK_STREAM;
+    error = getaddrinfo(host, NULL, &hints, &res0);
+    if (error) {
+	switch (error) {
+	case EAI_AGAIN:
+	    smtp_errno = SMTP_RETRY;
+	    break;
+	default:
+	    vstring_sprintf(why, "[%s]: %s",host,gai_strerror(error));
+	    smtp_errno = SMTP_FAIL;
+	    break;
+	}
+	return (addr_list);
+    }
+    for (res = res0; res; res = res->ai_next) {
+	memset((char *) &fixed, 0, sizeof(fixed));
+	switch(res->ai_family) {
+	case AF_INET6:
+	    /* XXX not scope friendly */
+	    fixed.type = T_AAAA;
+	    addr = (char *)&((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
+	    addrlen = sizeof(struct in6_addr);
+	    break;
+	case AF_INET:
+	    fixed.type = T_A;
+	    addr = (char *)&((struct sockaddr_in *)res->ai_addr)->sin_addr;
+	    addrlen = sizeof(struct in_addr);
+	    break;
+	default:
+	    msg_warn("%s: unknown address family %d for %s",
+	        myname, res->ai_family, host);
+	    continue;
+	}
+	addr_list = dns_rr_append(addr_list,
+	    dns_rr_create(host, &fixed, pref, addr, addrlen));
+    }
+    if (res0)
+	freeaddrinfo(res0);
+#endif
     return (addr_list);
 }
 
@@ -251,6 +351,9 @@
     INET_ADDR_LIST *self;
     DNS_RR *addr;
     int     i;
+#ifdef INET6
+    struct sockaddr *sa;
+#endif
 
     /*
      * Find the first address that lists any address that this mail system is
@@ -260,12 +363,36 @@
 
     self = own_inet_addr_list();
     for (addr = addr_list; addr; addr = addr->next) {
-	for (i = 0; i < self->used; i++)
+	for (i = 0; i < self->used; i++) {
+#ifdef INET6
+	    sa = (struct sockaddr *)&self->addrs[i];
+	    switch(addr->type) {
+	    case T_AAAA:
+		/* XXX scope */
+		if (sa->sa_family != AF_INET6)
+		    break;
+		if (memcmp(&((struct sockaddr_in6 *)sa)->sin6_addr,
+			addr->data, sizeof(struct in6_addr)) == 0) {
+		    return(addr);
+		}
+		break;
+	    case T_A:
+		if (sa->sa_family != AF_INET)
+		    break;
+		if (memcmp(&((struct sockaddr_in *)sa)->sin_addr,
+			addr->data, sizeof(struct in_addr)) == 0) {
+		    return(addr);
+		}
+		break;
+	    }
+#else
 	    if (INADDRP(addr->data)->s_addr == self->addrs[i].s_addr) {
 		if (msg_verbose)
 		    msg_info("%s: found at pref %d", myname, addr->pref);
 		return (addr);
 	    }
+#endif
+	}
     }
 
     /*
@@ -273,12 +400,36 @@
      */
     self = proxy_inet_addr_list();
     for (addr = addr_list; addr; addr = addr->next) {
-	for (i = 0; i < self->used; i++)
+	for (i = 0; i < self->used; i++) {
+#ifdef INET6
+	    sa = (struct sockaddr *)&self->addrs[i];
+	    switch(addr->type) {
+	    case T_AAAA:
+		/* XXX scope */
+		if (sa->sa_family != AF_INET6)
+		    break;
+		if (memcmp(&((struct sockaddr_in6 *)sa)->sin6_addr,
+			addr->data, sizeof(struct in6_addr)) == 0) {
+		    return(addr);
+		}
+		break;
+	    case T_A:
+		if (sa->sa_family != AF_INET)
+		    break;
+		if (memcmp(&((struct sockaddr_in *)sa)->sin_addr,
+			addr->data, sizeof(struct in_addr)) == 0) {
+		    return(addr);
+		}
+		break;
+	    }
+#else
 	    if (INADDRP(addr->data)->s_addr == self->addrs[i].s_addr) {
 		if (msg_verbose)
 		    msg_info("%s: found at pref %d", myname, addr->pref);
 		return (addr);
 	    }
+#endif
+	}
     }
 
     /*
diff -Nur postfix-2.0.9.orig/src/smtp/smtp_connect.c postfix-2.0.9/src/smtp/smtp_connect.c
--- postfix-2.0.9.orig/src/smtp/smtp_connect.c	Fri Apr 18 20:55:10 2003
+++ postfix-2.0.9/src/smtp/smtp_connect.c	Fri Apr 18 20:55:35 2003
@@ -81,6 +81,7 @@
 /* System library. */
 
 #include <sys_defs.h>
+#include <stdlib.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
@@ -110,6 +111,7 @@
 #include <inet_addr_list.h>
 #include <iostuff.h>
 #include <timed_connect.h>
+#include <get_port.h>
 #include <stringops.h>
 #include <host_port.h>
 
@@ -134,19 +136,45 @@
 				               VSTRING *why)
 {
     char   *myname = "smtp_connect_addr";
-    struct sockaddr_in sin;
-    int     sock;
+#ifdef INET6
+    struct sockaddr_storage ss;
+#else
+    struct sockaddr ss;
+#endif
+    struct sockaddr *sa;
+    struct sockaddr_in *sin;
+#ifdef INET6
+    struct sockaddr_in6 *sin6;
+#endif
+    SOCKADDR_SIZE salen;
+#ifdef INET6
+    char hbuf[NI_MAXHOST];
+#else
+    char hbuf[sizeof("255.255.255.255") + 1];
+#endif
+    int     sock = -1;
     INET_ADDR_LIST *addr_list;
     int     conn_stat;
     int     saved_errno;
     VSTREAM *stream;
     int     ch;
-    unsigned long inaddr;
+
+    sa = (struct sockaddr *)&ss;
+    sin = (struct sockaddr_in *)&ss;
+#ifdef INET6
+    sin6 = (struct sockaddr_in6 *)&ss;
+#endif
 
     /*
      * Sanity checks.
      */
-    if (addr->data_len > sizeof(sin.sin_addr)) {
+#ifdef INET6
+    if (((addr->type==T_A) && (addr->data_len > sizeof(sin->sin_addr))) ||
+	((addr->type==T_AAAA) && (addr->data_len > sizeof(sin6->sin6_addr))))
+#else
+    if (addr->data_len > sizeof(sin->sin_addr))
+#endif
+    {
 	msg_warn("%s: skip address with length %d", myname, addr->data_len);
 	smtp_errno = SMTP_RETRY;
 	return (0);
@@ -155,17 +183,39 @@
     /*
      * Initialize.
      */
-    memset((char *) &sin, 0, sizeof(sin));
-    sin.sin_family = AF_INET;
-
-    if ((sock = socket(sin.sin_family, SOCK_STREAM, 0)) < 0)
-	msg_fatal("%s: socket: %m", myname);
-
+    switch (addr->type) {
+#ifdef INET6
+    case T_AAAA:
+	memset(sin6, 0, sizeof(*sin6));
+	sin6->sin6_family = AF_INET6;
+	salen = sizeof(*sin6);
+	break;
+#endif
+    default: /* T_A: */
+	memset(sin, 0, sizeof(*sin));
+	sin->sin_family = AF_INET;
+	salen = sizeof(*sin);
+	break;
+    }
+#ifdef HAS_SA_LEN
+    sa->sa_len = salen;
+#endif
+    if ((sock = socket(sa->sa_family, SOCK_STREAM, 0)) < 0)
+	msg_warn("%s: socket: %m", myname);
+		    
     /*
      * Allow the sysadmin to specify the source address, for example, as "-o
      * smtp_bind_address=x.x.x.x" in the master.cf file.
      */
     if (*var_smtp_bind_addr) {
+#ifndef INET6
+	struct sockaddr_in sin;
+
+	memset(&sin, 0, sizeof(sin));
+	sin.sin_family = AF_INET;
+#ifdef HAS_SA_LEN
+	sin.sin_len = sizeof(sin);
+#endif
 	sin.sin_addr.s_addr = inet_addr(var_smtp_bind_addr);
 	if (sin.sin_addr.s_addr == INADDR_NONE)
 	    msg_fatal("%s: bad %s parameter: %s",
@@ -174,6 +224,25 @@
 	    msg_warn("%s: bind %s: %m", myname, inet_ntoa(sin.sin_addr));
 	if (msg_verbose)
 	    msg_info("%s: bind %s", myname, inet_ntoa(sin.sin_addr));
+#else
+	char hbufl[NI_MAXHOST];
+	struct addrinfo hints, *res;
+
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_family = sa->sa_family;
+	hints.ai_socktype = SOCK_STREAM;
+	hints.ai_flags = AI_PASSIVE|AI_NUMERICHOST;
+	snprintf(hbufl, sizeof(hbufl)-1, "%s", var_smtp_bind_addr);
+	if (getaddrinfo(hbufl, NULL, &hints, &res) == 0) {
+	    (void)getnameinfo(res->ai_addr, res->ai_addrlen, hbufl,
+	        sizeof(hbufl), NULL, 0, NI_NUMERICHOST);
+	    if (bind(sock, res->ai_addr, res->ai_addrlen) < 0)
+		msg_warn("%s: bind %s: %m", myname, hbufl);
+	    freeaddrinfo(res);
+	    if (msg_verbose)
+		msg_info("%s: bind %s", myname, hbufl);
+	}
+#endif
     }
 
     /*
@@ -181,8 +250,17 @@
      * the mail appears to come from the "right" machine address.
      */
     else if ((addr_list = own_inet_addr_list())->used == 1) {
+#ifndef INET6
+	struct sockaddr_in sin;
+	unsigned long inaddr;	/*XXX BAD!*/
+
+	memset(&sin, 0, sizeof(sin));
+	sin.sin_family = AF_INET;
+#ifdef HAS_SA_LEN
+	sin.sin_len = sizeof(sin);
+#endif
 	memcpy((char *) &sin.sin_addr, addr_list->addrs, sizeof(sin.sin_addr));
-	inaddr = ntohl(sin.sin_addr.s_addr);
+	inaddr = (unsigned long)ntohl(sin.sin_addr.s_addr);
 	if (!IN_CLASSA(inaddr)
 	    || !(((inaddr & IN_CLASSA_NET) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET)) {
 	    if (bind(sock, (struct sockaddr *) & sin, sizeof(sin)) < 0)
@@ -190,30 +268,85 @@
 	    if (msg_verbose)
 		msg_info("%s: bind %s", myname, inet_ntoa(sin.sin_addr));
 	}
+#else
+	char hbufl[NI_MAXHOST];
+	struct addrinfo hints, *res = NULL, *loopback = NULL;
+
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_family = sa->sa_family;
+	hints.ai_socktype = SOCK_STREAM;
+	if (getaddrinfo(NULL, "0", &hints, &loopback) != 0)
+	    loopback = NULL;
+
+	/*
+	 * getnameinfo -> getaddrinfo loop is here so that we can
+	 * get rid of port.
+	 */
+	(void)getnameinfo((struct sockaddr *)addr_list->addrs, SA_LEN((struct sockaddr *)addr_list->addrs),
+	    hbufl, sizeof(hbufl), NULL, 0, NI_NUMERICHOST);
+	hbufl[sizeof(hbufl)-1] = 0;
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_family = sa->sa_family;
+	hints.ai_socktype = SOCK_STREAM;
+	hints.ai_flags = AI_PASSIVE|AI_NUMERICHOST;
+	if (getaddrinfo(hbufl, NULL, &hints, &res) == 0 &&
+	    !(res->ai_addrlen == loopback->ai_addrlen &&
+	      memcmp(res->ai_addr, loopback->ai_addr, res->ai_addrlen) == 0)) {
+	    if (bind(sock, res->ai_addr, res->ai_addrlen) < 0)
+		msg_warn("%s: bind %s: %m", myname, hbufl);
+	    if (msg_verbose)
+		msg_info("%s: bind %s", myname, hbufl);
+	}
+	if (res)
+	    freeaddrinfo(res);
+	if (loopback)
+	    freeaddrinfo(loopback);
+#endif
     }
 
     /*
      * Connect to the SMTP server.
      */
-    sin.sin_port = port;
-    memcpy((char *) &sin.sin_addr, addr->data, sizeof(sin.sin_addr));
+    switch (addr->type) {
+#ifdef INET6
+    case T_AAAA:
+	/* XXX scope unfriendly */
+	memset(sin6, 0, sizeof(*sin6));
+	sin6->sin6_port = port;
+	sin6->sin6_family = AF_INET6;
+	salen = sizeof(*sin6);
+	memcpy(&sin6->sin6_addr, addr->data, sizeof(sin6->sin6_addr));
+	inet_ntop(AF_INET6, &sin6->sin6_addr, hbuf, sizeof(hbuf));
+	break;
+#endif
+    default: /* T_A */
+	memset(sin, 0, sizeof(*sin));
+	sin->sin_port = port;
+	sin->sin_family = AF_INET;
+	salen = sizeof(*sin);
+	memcpy(&sin->sin_addr, addr->data, sizeof(sin->sin_addr));
+	inet_ntop(AF_INET, &sin->sin_addr, hbuf, sizeof(hbuf));
+	break;
+    }
+#ifdef HAS_SA_LEN
+    sa->sa_len = salen;
+#endif
 
     if (msg_verbose)
 	msg_info("%s: trying: %s[%s] port %d...",
-		 myname, addr->name, inet_ntoa(sin.sin_addr), ntohs(port));
+		 myname, addr->name, hbuf, ntohs(port));
     if (var_smtp_conn_tmout > 0) {
 	non_blocking(sock, NON_BLOCKING);
-	conn_stat = timed_connect(sock, (struct sockaddr *) & sin,
-				  sizeof(sin), var_smtp_conn_tmout);
+	conn_stat = timed_connect(sock, sa, salen, var_smtp_conn_tmout);
 	saved_errno = errno;
 	non_blocking(sock, BLOCKING);
 	errno = saved_errno;
     } else {
-	conn_stat = connect(sock, (struct sockaddr *) & sin, sizeof(sin));
+	conn_stat = connect(sock, sa, salen);
     }
     if (conn_stat < 0) {
 	vstring_sprintf(why, "connect to %s[%s]: %m",
-			addr->name, inet_ntoa(sin.sin_addr));
+			addr->name, hbuf);
 	smtp_errno = SMTP_RETRY;
 	close(sock);
 	return (0);
@@ -223,8 +356,8 @@
      * Skip this host if it takes no action within some time limit.
      */
     if (read_wait(sock, var_smtp_helo_tmout) < 0) {
-	vstring_sprintf(why, "connect to %s[%s]: read timeout",
-			addr->name, inet_ntoa(sin.sin_addr));
+	vstring_sprintf(why, "connect to %s [%s]: read timeout",
+			addr->name, hbuf);
 	smtp_errno = SMTP_RETRY;
 	close(sock);
 	return (0);
@@ -236,7 +369,7 @@
     stream = vstream_fdopen(sock, O_RDWR);
     if ((ch = VSTREAM_GETC(stream)) == VSTREAM_EOF) {
 	vstring_sprintf(why, "connect to %s[%s]: server dropped connection without sending the initial greeting",
-			addr->name, inet_ntoa(sin.sin_addr));
+			addr->name, hbuf);
 	smtp_errno = SMTP_RETRY;
 	vstream_fclose(stream);
 	return (0);
@@ -248,7 +381,7 @@
      */
     if (ch == '4' && var_smtp_skip_4xx_greeting) {
 	vstring_sprintf(why, "connect to %s[%s]: server refused mail service",
-			addr->name, inet_ntoa(sin.sin_addr));
+			addr->name, hbuf);
 	smtp_errno = SMTP_RETRY;
 	vstream_fclose(stream);
 	return (0);
@@ -259,12 +392,12 @@
      */
     if (ch == '5' && var_smtp_skip_5xx_greeting) {
 	vstring_sprintf(why, "connect to %s[%s]: server refused mail service",
-			addr->name, inet_ntoa(sin.sin_addr));
+			addr->name, hbuf);
 	smtp_errno = SMTP_RETRY;
 	vstream_fclose(stream);
 	return (0);
     }
-    return (smtp_session_alloc(dest, stream, addr->name, inet_ntoa(sin.sin_addr)));
+    return (smtp_session_alloc(dest, stream, addr->name, hbuf));
 }
 
 /* smtp_connect_host - direct connection to host */
diff -Nur postfix-2.0.9.orig/src/smtp/smtp_unalias.c postfix-2.0.9/src/smtp/smtp_unalias.c
--- postfix-2.0.9.orig/src/smtp/smtp_unalias.c	Thu Sep 28 19:06:09 2000
+++ postfix-2.0.9/src/smtp/smtp_unalias.c	Fri Apr 18 20:55:35 2003
@@ -86,7 +86,11 @@
     if ((result = htable_find(cache, name)) == 0) {
 	fqdn = vstring_alloc(10);
 	if (dns_lookup_types(name, smtp_unalias_flags, (DNS_RR **) 0,
-			     fqdn, (VSTRING *) 0, T_MX, T_A, 0) != DNS_OK)
+			     fqdn, (VSTRING *) 0, T_MX, T_A,
+#ifdef INET6
+			     T_AAAA,
+#endif
+			     0) != DNS_OK)
 	    vstring_strcpy(fqdn, name);
 	htable_enter(cache, name, result = vstring_export(fqdn));
     }
diff -Nur postfix-2.0.9.orig/src/smtpd/smtpd_check.c postfix-2.0.9/src/smtpd/smtpd_check.c
--- postfix-2.0.9.orig/src/smtpd/smtpd_check.c	Fri Apr 18 20:55:10 2003
+++ postfix-2.0.9/src/smtpd/smtpd_check.c	Fri Apr 18 20:55:35 2003
@@ -1362,6 +1362,49 @@
 static int has_my_addr(SMTPD_STATE *state, const char *host,
 		            const char *reply_name, const char *reply_class)
 {
+#ifdef INET6
+    char   *myname = "has_my_addr";
+    struct addrinfo hints, *res, *res0;
+    int error;
+    char hbuf[NI_MAXHOST];
+
+    if (msg_verbose)
+	msg_info("%s: host %s", myname, host);
+
+    /*
+     * If we can't lookup the host, play safe and assume it is OK.
+     */
+#define YUP	1
+#define NOPE	0
+
+    memset(&hints, 0, sizeof(hints));
+    hints.ai_family = PF_UNSPEC;
+    hints.ai_socktype = SOCK_DGRAM;
+    error = getaddrinfo(host, NULL, &hints, &res0);
+    if (error) {
+	if (msg_verbose)
+	    msg_info("%s: host %s: %s", myname, host, gai_strerror(error));
+	return (YUP);
+    }
+    for (res = res0; res; res = res->ai_next) {
+	if (msg_verbose) {
+	    if (getnameinfo(res->ai_addr, res->ai_addrlen, hbuf, sizeof(hbuf),
+		    NULL, 0, NI_NUMERICHOST)) {
+		strncpy(hbuf, "???", sizeof(hbuf));
+	    }
+	    msg_info("%s: addr %s", myname, hbuf);
+	}
+	if (own_inet_addr(res->ai_addr)) {
+	    freeaddrinfo(res0);
+	    return (YUP);
+	}
+    }
+    freeaddrinfo(res0);
+    if (msg_verbose)
+	msg_info("%s: host %s: no match", myname, host);
+
+    return (NOPE);
+#else
     char   *myname = "has_my_addr";
     struct in_addr addr;
     char  **cpp;
@@ -1400,6 +1443,7 @@
 	msg_info("%s: host %s: no match", myname, host);
 
     return (NOPE);
+#endif
 }
 
 /* i_am_mx - is this machine listed as MX relay */
@@ -1984,11 +2028,28 @@
 #define CHK_ADDR_RETURN(x,y) { *found = y; return(x); }
 
     addr = STR(vstring_strcpy(error_text, address));
-
+#ifdef INET6
+    if (strncmp(addr, "::ffff:", 7) == 0 && msg_verbose)
+	msg_info("%s: %s v6 addr in v4 compat-mode, "
+		"converted to v4 for map checking compatibility (%s)", \
+		myname, addr, addr+7);
+#endif
+    
     if ((dict = dict_handle(table)) == 0)
 	msg_panic("%s: dictionary not found: %s", myname, table);
     do {
 	if (flags == 0 || (flags & dict->flags) != 0) {
+#ifdef INET6
+	    if (strncmp(addr, "::ffff:", 7) == 0) {
+		/* try if ::ffff: formati is present in map, if not, try
+		   traditional IPv4 format striping :ffff: part */
+            	if ((value = dict_get(dict, addr)) != 0 || \
+        	    		(value = dict_get(dict, addr+7)) != 0)
+			CHK_ADDR_RETURN(check_table_result(state, table, value, address,
+						   reply_name, reply_class,
+						   def_acl), FOUND);	
+	    } else
+#endif
 	    if ((value = dict_get(dict, addr)) != 0)
 		CHK_ADDR_RETURN(check_table_result(state, table, value, address,
 						   reply_name, reply_class,
@@ -2431,16 +2492,32 @@
     VSTRING *query;
     int     i;
     SMTPD_RBL_STATE *rbl;
+#ifdef INET6
+    struct in_addr a;
+#else
+    struct in6_addr a;
+#endif
 
     if (msg_verbose)
 	msg_info("%s: %s %s", myname, reply_class, addr);
 
-    /*
-     * IPv4 only for now
-     */
-#ifdef INET6
+#ifndef INET6
+    /* IPv4 only for now */
     if (inet_pton(AF_INET, addr, &a) != 1)
 	return SMTPD_CHECK_DUNNO;
+    octets = argv_split(state->addr, ".");
+#else
+    /* IPv4 and IPv6-mapped IPv4 only for now */
+    if (inet_pton(AF_INET, state->addr, &a) == 1)
+	octets = argv_split(state->addr, ".");
+    else {
+	struct in6_addr a6;
+	if (inet_pton(AF_INET6, state->addr, &a6) != 1)
+	  return SMTPD_CHECK_DUNNO;
+	if (!IN6_IS_ADDR_V4MAPPED(&a6) || (strrchr(state->addr,':') == NULL))
+	  return SMTPD_CHECK_DUNNO;
+	octets = argv_split(strrchr(state->addr,':')+1, ".");
+    }
 #endif
 
     /*
diff -Nur postfix-2.0.9.orig/src/smtpd/smtpd_peer.c postfix-2.0.9/src/smtpd/smtpd_peer.c
--- postfix-2.0.9.orig/src/smtpd/smtpd_peer.c	Thu Aug 22 19:50:51 2002
+++ postfix-2.0.9/src/smtpd/smtpd_peer.c	Fri Apr 18 20:55:35 2003
@@ -63,6 +63,15 @@
 #include <netdb.h>
 #include <string.h>
 
+/* Utility library. */
+
+#include <msg.h>
+#include <mymalloc.h>
+#include <valid_hostname.h>
+#include <stringops.h>
+
+/* Global library. */
+
  /*
   * Older systems don't have h_errno. Even modern systems don't have
   * hstrerror().
@@ -84,16 +93,11 @@
     )
 #endif
 
-/* Utility library. */
-
-#include <msg.h>
-#include <mymalloc.h>
-#include <valid_hostname.h>
-#include <stringops.h>
-
-/* Global library. */
-
-
+#ifdef INET6
+#define GAI_STRERROR(error) \
+	((error = EAI_SYSTEM) ? gai_strerror(error) : strerror(errno))
+#endif
+	
 /* Application-specific. */
 
 #include "smtpd.h"
@@ -102,21 +106,28 @@
 
 void    smtpd_peer_init(SMTPD_STATE *state)
 {
-    struct sockaddr_in sin;
-    SOCKADDR_SIZE len = sizeof(sin);
+#ifdef INET6
+    struct sockaddr_storage ss;
+#else
+    struct sockaddr ss;
+    struct in_addr *in;
     struct hostent *hp;
-    int     i;
+#endif
+    struct sockaddr *sa;
+    SOCKADDR_SIZE len;
+
+    sa = (struct sockaddr *)&ss;
+    len = sizeof(ss);
 
     /*
      * Avoid suprious complaints from Purify on Solaris.
      */
-    memset((char *) &sin, 0, len);
+    memset((char *) sa, 0, len);
 
     /*
      * Look up the peer address information.
      */
-    if (getpeername(vstream_fileno(state->client),
-		    (struct sockaddr *) & sin, &len) >= 0) {
+    if (getpeername(vstream_fileno(state->client), sa, &len) >= 0) {
 	errno = 0;
     }
 
@@ -132,23 +143,56 @@
     /*
      * Look up and "verify" the client hostname.
      */
-    else if (errno == 0 && sin.sin_family == AF_INET) {
-	state->addr = mystrdup(inet_ntoa(sin.sin_addr));
-	hp = gethostbyaddr((char *) &(sin.sin_addr),
-			   sizeof(sin.sin_addr), AF_INET);
-	if (hp == 0) {
+    else if (errno == 0 && (sa->sa_family == AF_INET
+#ifdef INET6
+			    || sa->sa_family == AF_INET6
+#endif
+		    )) {
+#ifdef INET6
+	char hbuf[NI_MAXHOST];
+	char abuf[NI_MAXHOST];
+	struct addrinfo hints, *rnull = NULL;
+#else
+	char abuf[sizeof("255.255.255.255") + 1];
+	char *hbuf;
+#endif
+	int error = -1;
+
+#ifdef INET6
+	(void)getnameinfo(sa, len, abuf, sizeof(hbuf), NULL, 0, NI_NUMERICHOST);
+#else
+	in = &((struct sockaddr_in *)sa)->sin_addr;
+	inet_ntop(AF_INET, in, abuf, sizeof(hbuf));
+#endif
+	state->addr = mystrdup(abuf);
+#ifdef INET6
+	error = getnameinfo(sa, len, hbuf, sizeof(hbuf), NULL, 0, NI_NAMEREQD);
+#else
+	hbuf = NULL;
+	hp = gethostbyaddr((char *)in, sizeof(*in), AF_INET);
+	if (hp) {
+	    error = 0;
+		hbuf = mystrdup(hp->h_name);
+	} else
+	    error = 1;
+#endif
+	if (error) {
 	    state->name = mystrdup("unknown");
+#ifdef INET6
+		state->peer_code = (error == EAI_AGAIN ? 4 : 5);
+#else
 	    state->peer_code = (h_errno == TRY_AGAIN ? 4 : 5);
-	} else if (valid_hostaddr(hp->h_name, DONT_GRIPE)) {
+#endif
+	} else if (valid_hostaddr(hbuf, DONT_GRIPE)) {
 	    msg_warn("numeric result %s in address->name lookup for %s",
-		     hp->h_name, state->addr);
+		     hbuf, state->addr);
 	    state->name = mystrdup("unknown");
 	    state->peer_code = 5;
-	} else if (!valid_hostname(hp->h_name, DONT_GRIPE)) {
+	} else if (!valid_hostname(hbuf, DONT_GRIPE)) {
 	    state->name = mystrdup("unknown");
 	    state->peer_code = 5;
 	} else {
-	    state->name = mystrdup(hp->h_name);	/* hp->name is clobbered!! */
+	    state->name = mystrdup(hbuf);	/* hp->name is clobbered!! */
 	    state->peer_code = 2;
 
 	    /*
@@ -160,16 +204,31 @@
 	state->peer_code = code; \
     }
 
+#ifdef INET6
+	    memset(&hints, 0, sizeof(hints));
+	    hints.ai_family = AF_UNSPEC;
+	    hints.ai_socktype = SOCK_STREAM;
+	    error = getaddrinfo(state->name, NULL, &hints, &rnull);
+	    if (error) {
+		msg_warn("%s: hostname %s verification failed: %s",
+			 state->addr, state->name, GAI_STRERROR(error));
+		REJECT_PEER_NAME(state, (error == EAI_AGAIN ? 4 : 5));
+	    }
+	    /* memcmp() isn't needed if we use getaddrinfo */
+	    if (rnull)
+		freeaddrinfo(rnull);
+#else
 	    hp = gethostbyname(state->name);	/* clobbers hp->name!! */
 	    if (hp == 0) {
 		msg_warn("%s: hostname %s verification failed: %s",
 			 state->addr, state->name, HSTRERROR(h_errno));
 		REJECT_PEER_NAME(state, (h_errno == TRY_AGAIN ? 4 : 5));
-	    } else if (hp->h_length != sizeof(sin.sin_addr)) {
+	    } else if (hp->h_length != sizeof(*in)) {
 		msg_warn("%s: hostname %s verification failed: bad address size %d",
 			 state->addr, state->name, hp->h_length);
 		REJECT_PEER_NAME(state, 5);
 	    } else {
+		int i;
 		for (i = 0; /* void */ ; i++) {
 		    if (hp->h_addr_list[i] == 0) {
 			msg_warn("%s: address not listed for hostname %s",
@@ -177,12 +236,11 @@
 			REJECT_PEER_NAME(state, 5);
 			break;
 		    }
-		    if (memcmp(hp->h_addr_list[i],
-			       (char *) &sin.sin_addr,
-			       sizeof(sin.sin_addr)) == 0)
+		    if (memcmp(hp->h_addr_list[i], (char *)in, sizeof(*in)) == 0)
 			break;			/* keep peer name */
 		}
 	    }
+#endif
 	}
     }
 
diff -Nur postfix-2.0.9.orig/src/smtpstone/smtp-sink.c postfix-2.0.9/src/smtpstone/smtp-sink.c
--- postfix-2.0.9.orig/src/smtpstone/smtp-sink.c	Fri Aug 16 17:05:25 2002
+++ postfix-2.0.9/src/smtpstone/smtp-sink.c	Fri Apr 18 20:55:35 2003
@@ -606,7 +606,7 @@
     } else {
 	if (strncmp(argv[optind], "inet:", 5) == 0)
 	    argv[optind] += 5;
-	sock = inet_listen(argv[optind], backlog, BLOCKING);
+	sock = inet_listen(argv[optind], backlog, BLOCKING, 1);
     }
 
     /*
diff -Nur postfix-2.0.9.orig/src/util/Makefile.in postfix-2.0.9/src/util/Makefile.in
--- postfix-2.0.9.orig/src/util/Makefile.in	Fri Apr 18 20:55:10 2003
+++ postfix-2.0.9/src/util/Makefile.in	Fri Apr 18 20:55:35 2003
@@ -8,7 +8,7 @@
 	dict_tcp.c dict_unix.c dir_forest.c doze.c duplex_pipe.c \
 	environ.c events.c exec_command.c fifo_listen.c fifo_trigger.c \
 	file_limit.c find_inet.c fsspace.c fullname.c get_domainname.c \
-	get_hostname.c hex_quote.c htable.c inet_addr_host.c \
+	get_hostname.c get_port.c hex_quote.c htable.c inet_addr_host.c \
 	inet_addr_list.c inet_addr_local.c inet_connect.c inet_listen.c \
 	inet_trigger.c inet_util.c intv.c line_wrap.c lowercase.c \
 	lstat_as.c mac_expand.c mac_parse.c make_dirs.c match_list.c \
@@ -36,7 +36,7 @@
 	dict_tcp.o dict_unix.o dir_forest.o doze.o duplex_pipe.o \
 	environ.o events.o exec_command.o fifo_listen.o fifo_trigger.o \
 	file_limit.o find_inet.o fsspace.o fullname.o get_domainname.o \
-	get_hostname.o hex_quote.o htable.o inet_addr_host.o \
+	get_hostname.o get_port.o hex_quote.o htable.o inet_addr_host.o \
 	inet_addr_list.o inet_addr_local.o inet_connect.o inet_listen.o \
 	inet_trigger.o inet_util.o intv.o line_wrap.o lowercase.o \
 	lstat_as.o mac_expand.o mac_parse.o make_dirs.o match_list.o \
@@ -60,7 +60,7 @@
 	dict_ht.h dict_ldap.h dict_mysql.h dict_ni.h dict_nis.h \
 	dict_nisplus.h dict_pcre.h dict_pgsql.h dict_regexp.h dict_static.h dict_tcp.h \
 	dict_unix.h dir_forest.h events.h exec_command.h find_inet.h \
-	fsspace.h fullname.h get_domainname.h get_hostname.h hex_quote.h \
+	fsspace.h fullname.h get_domainname.h get_hostname.h get_port.h hex_quote.h \
 	htable.h inet_addr_host.h inet_addr_list.h inet_addr_local.h \
 	inet_util.h intv.h iostuff.h line_wrap.h listen.h lstat_as.h \
 	mac_expand.h mac_parse.h make_dirs.h match_list.h match_ops.h \
@@ -780,6 +780,7 @@
 get_domainname.o: mymalloc.h
 get_domainname.o: get_hostname.h
 get_domainname.o: get_domainname.h
+get_port.o: sys_defs.h
 get_hostname.o: get_hostname.c
 get_hostname.o: sys_defs.h
 get_hostname.o: mymalloc.h
@@ -905,6 +906,7 @@
 match_list.o: stringops.h
 match_list.o: argv.h
 match_list.o: dict.h
+match_list.o: inet_util.h
 match_list.o: match_ops.h
 match_list.o: match_list.h
 match_ops.o: match_ops.c
diff -Nur postfix-2.0.9.orig/src/util/get_port.c postfix-2.0.9/src/util/get_port.c
--- postfix-2.0.9.orig/src/util/get_port.c	Thu Jan  1 01:00:00 1970
+++ postfix-2.0.9/src/util/get_port.c	Fri Apr 18 20:55:35 2003
@@ -0,0 +1,65 @@
+/*++
+/* NAME
+/*	get_port 3
+/* SUMMARY
+/*	trivial host and port extracter
+/* SYNOPSIS
+/*	#include <get_port.h>
+/*
+/*	char	*get_port(data)
+/*	char	*data;
+/*
+/* DESCRIPTION
+/* 	get_port() extract host name or ip address from
+/* 	strings such as [3ffe:902:12::10]:25, [::1]
+/* 	or 192.168.0.1:25, and null-terminates the
+/* 	\fIdata\fR at the first occurrence of port separator.
+/* DIAGNOSTICS
+/* 	If port not found return null pointer.
+/* LICENSE
+/* .ad
+/* .fi
+/*	BSD Style (or BSD like) license.
+/* AUTHOR(S)