Is an IPv6-only MTA possible yet?

Question

Has anyone had tried to run an IPv6-only SMTP engine? Pretty much everybody with any sense has IPv6 configured for major front-end servers. I was curious if anyone had tried to run an IPv6-only MTA and received any connection errors.

Is IPv6-only a viable solution yet? Can I expect a few lingering connection issues? Or did a magic fairy come down on the internet and made IPv6-to-IPv4 on port 25 work like magic on a direct connection?

"Is IPv6 only a viable solution yet?" What's your definition of "viable"? Regarding your last sentence - v4 and v6 are fundamentally incompatible. A v4 system cannot communicate with a v6 system without some intermediary router/NAT/proxy/etc. — EEAA, Apr 17 '16 at 14:14
I would imagine a 5% message transaction loss to be pretty horrid and about what I saw when I tried this 4 or 5 years ago. — joe, Apr 17 '16 at 14:16
@joe My guess is that the largest IPv4-only mail provider today still counts for more than 5% of the users. — kasperd, Apr 17 '16 at 15:58
"The IPv6 designers made a fundamental conceptual mistake: they designed the IPv6 address space as an *alternative* to the IPv4 address space, rather than an *extension* to the IPv4 address space. " https://cr.yp.to/djbdns/ipv6mess.html — kubanczyk, Apr 18 '16 at 07:26
@kubanczyk i don't see how you could of extended IPv4 address space without making a model that would be inherently incompatible with it? was there a better alternative? I feel the solutions given on that web-page only move the problem around, not fix it. it would still be down to everyone else to support it... — James T, Apr 18 '16 at 08:31
@kubanczyk That idea could have worked, if the majority of IPv4 systems had implemented it - before NAT became widely deployed. However it would still only be a transitioning mechanism, and technically it would have had shortcomings much worse than other transitioning mechanisms. From a purely technical perspective 6to4 was a much more solid transitioning mechanism than what you described. But even 6to4 got so screwed up by bad deployments that IETF gave up trying to fix it and decided to deprecate communication between 6to4 and native IPv6 instead. — kasperd, Apr 18 '16 at 12:23
@JamesTrotter You are absolutely right. It's all just excuses and blame shifting. The real problem is that nobody has simultaneously had both the power and balls required to provide a strong incentive to deploy IPv6. In retrospect I would say rationing of IPv4 addresses should have started in 2005, and the remaining pool of IPv4 addresses should be reserved for dual stack deployments. That would have given a much larger incentive to deploy dual stack than the 1024 IPv4 addresses you can get from the remaining pool today. — kasperd, Apr 18 '16 at 12:30
@JamesTrotter And probably RFC1918 was the worst thing that has happened to the internet. Without RFC1918 addresses the only way you could get enough addresses for a large LAN on a residential connection would be through 6to4. Enthusiasts would have experimented with this, and NAT64 would likely have been invented much sooner, and the combination of 6to4+NAT64 would have been as popular as NAT44 actually ended up becoming. Major benefit: with 6to4+NAT64 there would be no need for hole punching. We would still have been left with a few problems, but not as bad as the mess we have now. — kasperd, Apr 18 '16 at 12:35
@kasperd you are overlooking 1 very important principle, a switch can only do a single calculation (without the device being worth less than $0.15) at layer 2. Switches are a hashtable. You don't have much more room at layer 3. extending IPv4 to IPv6 would add a layer which would first require 1 calculation to figure out which one it is. Hang it up, you're done, go home. o.0 — joe, Apr 20 '16 at 23:28
@kubanczyk to be clear there was no "fundamental mistake" since noone working on the project ever intended v4 for anything other than experimental use. Unlike v4 v6 is actually intended and designed for public use. — Jim B, Apr 24 '16 at 23:36

score 27 · Accepted Answer · edited Mar 10 '18 at 23:10

27

Short answer: it will work, technically, but you will have lots of undeliverable mail.

Long answer: Take your SMTP logs. Sed out all the domain names you send mail to. Check if they have IPv6 DNS and MX. Once you get 100% (you won't, not anytime this decade), then you can try if the IPv6 IPs actually work.

I don't have any interesting production logs at hand (those I do have don't have enough domains to be of interest), but I took a list of domains offering free e-mail services from https://gist.github.com/tbrianjones/5992856

Out of the 536 first, 173 did not seem to have any MX resolving to an IP, 7 had MXs resolving to IPv4 and IPv6 MX addresses, and the remaining 356 had only IPv4 MXs. Out of domains having MXs, that is less than two percent OK, even before actually trying the IPv6 address to see if it works. Even admitting that the domains in the list are not in any sense the majority of Internet e-mail domains, I do not think that is enough for running a mail server that you actually expect to use.

EDIT: since the 536 alphabetically first of a random list of over 3600 free e-mail providers is not very representative, I've checked a few big-name domains, and here are those that did not have IPv6 MXs (remember IPv6-accessible DNS would also be needed):

microsoft.com / hotmail.com / outlook.com
mail.com
gmx.net
icloud.com / mac.com
comcast.com
inbox.com
zoho.com
aol.com
orange.fr
twitter.com

Do you want to register a domain?

godaddy.com
networksolutions.com
registrar.com

Or . . . do you want mail from this site?

stackexchange.com

(Of course) gmail.com and google.com have IPv6, and so does Facebook.com.

For those who are interested, I used an ancestor to this line of bash script:

for i in $(cat domains.txt) ; do
  echo $(
    echo $i
    echo \;
    for j in $(dig +short mx $i) ; do
      dig +short a $j
      dig +short aaaa $i         
    done \
    | sed -r -e 's/[^;:\.]//g' \
             -e 's/^:+$/v6/'  \
             -e 's/^\.+$/v4/' \
    | sort -u
  )
done \
| sed 's/ v4 v6/ v4+v6/' \
| sed -r 's/^([^;]+); *([^;]*)$/\2;\1/' \
| sed 's/^;/none;/' \
| sort '-t;' -k 1,1 \
| tr ';' '\t'

It's certainly improvable, but most of the bizarre things are to make the output prettier.

edited Mar 10 '18 at 23:10

answered Apr 17 '16 at 16:49

Law29

3,507
1
15
28

1

I think very few administrators are going to wait for 100% of their potential communication partners to support IPv6 before turning IPv4 off on their own side. As of today IPv4 is not supported by 100% of all deployed systems, and there are still lots of administrators choosing to make IPv4-only deployments. By whatever reasoning these administrators are using to choose IPv4-only today, they could choose IPv6-only once there are few enough IPv4-only systems left. IPv4 is not going to be dead by the end of the decade, but it may very well have been overtaken by IPv6. – kasperd Apr 17 '16 at 17:00
+1 from me for some data. – MadHatter Apr 18 '16 at 06:54
@kasperd IPv4 is easier. I myself never use IPv6 internally, since its nigh impossible to remember the IPs. Also, you don't need to support two IP versions, which can be something quite time consuming especially when you need to support legacy code (logging and IP-based blocking for example _will_ be screwed). Last but not least, it requires time and I have yet to see a sysadmin with complains about too much time. – Sebb Apr 18 '16 at 13:25
@Sebb The only IP address I see any need to remember is `::1`. And no, IPv4 is not easier. IPv4 is slightly more complicated than IPv6. But what really makes things complicated is NAT, tunnels, and all the other workarounds caused by the futile attempt at keeping IPv4 alive forever. One very useful feature of IPv6 is that link-local addresses will work as soon as you have brought the interface up even if your routing and/or addressing is totally messed up. – kasperd Apr 18 '16 at 13:40
@kasperd Try to get to your routers page when your DNS server is down. Well, fck. Try the same with several servers. I know, most times there's DNS and localhost, but I find myself typing IPs quite regularly. And it may be more complicated, but it is _what I know_. Is `2001:db8::ff00:42:8329` a local address? I have no idea. How does my iptables setup handle IPv6 forward? Have a several hour read. Don't get me wrong, I'm totally pro IPv6, but there are a lot of reasons why I still want to have IPv4 at least in my local net (and yes, I _do_ want a local net). – Sebb Apr 18 '16 at 13:55
1

@Sebb No problem. I start with `ping6 -nc2 ff02::1%eth0`, then I can see what the link-local address of the router is. Plus this works even if the router has not configured its network stack yet, which may happen if it is waiting "forever" for the ISP to send the configuration data. – kasperd Apr 18 '16 at 14:03
@kasperd This is pretty awesome to be honest, but I wouldn't be able to find out with my DNS and/or uplink down. I must actually admit that I like this idea and it makes me interested to switch to IPv6, but my above points unfortunately prevail for many sysadmins and that's why there are so many IPv4-only deployments still. Also, I do have the free time to learn it, which many full-time sysadmins do not (and most can't do it at work, I know several). – Sebb Apr 18 '16 at 14:10
@sebb reread kasperd's comment again, DNS is not required. – Jim B Apr 25 '16 at 15:27
@JimB my favorite search engine does – Sebb Apr 25 '16 at 15:34
@sebb, you should not need a search engine to use Ping if you're a professional admin. – Jim B Apr 26 '16 at 12:21
@JimB That's not a normal ping. Also, probs are as a sysadmin you don't know about this because you never even had the idea this would be possible. Also, _should_ ... – Sebb Apr 27 '16 at 12:26
@sebb ok, I think "this is not a normal Ping" says it all. – Jim B Apr 27 '16 at 15:21
This was half a decade ago, what percentage of mail servers would not receive email from an an IPv6-only server in March 2021? – user1271772 Mar 26 '21 at 21:58
Well, that is the reason I provided the code: people can check it easily :D – Law29 Mar 27 '21 at 13:40
Out of the list of major providers that I checked five years ago, only registrar.com has since added iPv6 addresses for their MX. – Law29 Mar 27 '21 at 13:50

kasperd · Answer 2 · 2016-04-17T16:05:07.987

22

The answer depends on your success criteria. But most likely will be no.

If you are running a business where any undelivered mail means a measurable cost. Then the answer is no, IPv6-only is not viable yet.

There are many providers including some large providers who are still running IPv4-only. The largest provider I know of with dual stack support is Gmail, but I frequently see delivery attempts over IPv6 being rejected by Gmail and then succeeding when retried over IPv4. So even for delivering mail to providers with dual stack, you are not going to experience reliable delivery.

If your primary goal isn't to be operating a reliable mail service for your users, but rather to make IPv4-only look less viable. And if you only need a high enough success rate to not have everybody laugh at you when you blame delivery failures on those running IPv4-only, then the answer is that IPv6-only could be almost viable today.

Hopefully in another two years most administrators will agree that IPv4-only is no longer viable, and dual stack will be a requirement.

edited Apr 17 '16 at 16:05

answered Apr 17 '16 at 15:57

kasperd

29,894
16
72
122

3

I've also seen the behaviour where mail sent to Gmail first tries IPv6, but fails. In that case it was not having a reverse PTR set BUT when it was fixed the address kept changing due to RA/ND and Gmail kept greylisting (retry later) the delivery attempts each time the address changed – damolp Apr 18 '16 at 05:00
1

+1 from me for the observation that v6 and v4 do not produce equivalent delivery results even for fully-dual-stack providers. – MadHatter Apr 18 '16 at 06:55
I'd like to read some updated informations if available, becasue 2 years have passed since this reply, and it seems to me the situation is not much different than it was 2 years ago, but I may be wrong. I miself run several IPv4 only servers with no issue at all to date. – Lucio Crusca Nov 07 '19 at 18:21
Now 5 years have passed, has this answer aged well? – user1271772 Mar 26 '21 at 22:00

Is an IPv6-only MTA possible yet?

2 Answers2

Linked