1

I would like to set up a typical (Postfix or Exim)/Dovecot/etc stack to handle e-mail from a custom domain name. I have done this in the past for a friend.

For various reasons though, I currently can't get an IPv6 address to my server, which is a shame since I'd like to reduce my dependency on IPv4 but currently this just isn't an option.

That said, I am concerned that I might not be able to send and receive e-mail to/from IPv6-only MTAs.

Do any notable IPv6-only MTAs exist? Should I realistically be concerned about this?

OlivierTheOlive
  • 13
  • 2
  • 1
    Isn't is possible to get one of the free IPv6 tunnels? You should be able to get IPv6 for your server without much trouble. – Ron Maupin Apr 03 '18 at 17:36
  • @RonMaupin some larger providers have blacklisted the tunnel broker subnets, since they are pretty easy to get, I would think they are being abused by spammers. Basically the same way that a lot of VPS/cloud hosts are all blocked – Zoredache Apr 03 '18 at 17:40
  • 1
    @Zoredache, I have never run into such a problem. – Ron Maupin Apr 03 '18 at 17:43

2 Answers2

2

To my knowledge this is no where near a problem today. If anything, you'll have MTA's which support IPv4 and IPv6, but hardly any (if at all) that ONLY support IPv6. The adoption just isn't wide-spread enough for anyone to solely rely on providing any practical service over IPv6 only.

Andrew
  • 2,057
  • 2
  • 16
  • 25
1

For the most part your mails will get delivered even if you run your mail system as IPv4-only. There are still lots of IPv4-only mail servers and very few IPv6-only. There are however some caveats to pay attention to.

One risk by running your mail on IPv4-only is that you may unknowingly have caused your SPF records to be invalid. Take a look at look at this live example of SPF validation with an address on a misconfigured domain (with a domain taken from the reject log on my mail server):

>>> import spf
>>> spf.query('192.0.2.1', 'zjyjxstzenmpvhpm@bankdata.dk', 'bankdata.dk').check()
('fail', 550, 'SPF fail - not authorized')
>>> spf.query('2001:db8::1', 'zjyjxstzenmpvhpm@bankdata.dk', 'bankdata.dk').check()
('permerror', 550, 'SPF Permanent Error: Void lookup limit of 2 exceeded')
>>>

As you can see if a spammer using IPv4 tries to forge an email from that domain the SPF validation will tell the receiver that the source IP is not authorized to send mail from that domain and the mail will likely be rejected or send to the spam folder because of that.

If a spammer using IPv6 tries to forge an email from that domain the SPF validation fails and the receiving server may not understand what that failure means and might proceed as if your domain had no SPF record in the first place.

If you are using SPF records as a way to prevent spammers from forging mails from your domain, this is a misconfiguration to watch out for. You can still avoid this problem by not using any of the SPF features which rely on A or AAAA lookups.

kasperd
  • 29,894
  • 16
  • 72
  • 122
  • I am running an IPv6-only MX for some of my personal domains which I thus far use for two cases. `1.` I know the sender supports IPv6 (for example forwarding emails from Gmail to my own server). `2.` I don't care much about undelivered mails to the address (for example when signing up for a public hotspot requires an email address). – kasperd Jun 10 '18 at 20:56