In message <2eb09baa-5327-b615-47a9-0c1402385...@rocketmail.com> "michae...@rocketmail.com" writes: > > Hi all, > > I've a generic question to all more experienced than me postfix users > here: Is it nowadays (reasonable) possible to run postfix with IPv6 > only? E.g "mail.example.com" and "smtp.example.com" with only ipv6 > AAAA records in the DNS, no A / ipv4 anymore? > > Michael
Tried that but not for a few years. Last I tried this in addition to IPv6, you still need a routable (non-RFC1918) IPv4 address and valid PTR for your MTA/MSA to reach some sites (like this mailing list last I checked - but I rechecked and fixed now). Alternately you need to relay thru someone that has IPv4 and IPv6 but relay might be hard to come by (never considered that). IPv6 only is fine if you only send mail to the majors providers, gmail, m$soft (live, msn, outlook, hotmail, etc), comcast, ... etc. Less so if you send mail to enterprises (or individuals) that run their own email and have IPv4 only. What I have is a mostly IPv6 only network. Dual mode are public facing: DNS, web, MTA/MSA (most are VM). I run multiple MDA (cyrus imapd), one per domain, that are IPv6 only. MTA does per domain relay to MDA. MDA does smarthost relay to MSA to handle bounce messages. MTA does the prescreen and low overhead spam checks, MDA and a common spamd host does more higher overhead checks with one honey pot domain with its own web site to train filters (all mail to that domain is spam). Client hosts (cellphone, laptop) send to MSA (port 587). Client to MSA and MTA to MDA uses DANE plus cyrus SASL and very strong encryption, etc. SASL is SCRAM256 only for MDA, SCRAM256 plus DIGEST-MD5 for MSA due to limitations of some client MUA software but this is within a TLS connection so DIGEST-MD5 is not so bad. I do have two sites with 5 usable addresses each (/29 minus net, bcast, router). I have colo so you might have a bit more trouble getting more IPv4 with VPS. Easier a few years ago. Why not point your MX at example.com if you can only get one IPv4 address. Hope this helps. Curtis > ----- EOM for impatient readers :-) ------- > > Hi patient readers :-) > > reason for my question: > > I'm running my own small postfix/dovecot etc. environment on a > VPS. Running fine for years now, after some initial work to get my > sent emails not delivered as junk. spf record exists for my few > domains, dkim is active and passes everytime, dmarc entry is active. > https://www.mail-tester.com gives me 10/10 :-) > > All relevant for me email providers are accepting my emails without > any issue, for long, except Microsoft hotmail/outlook. Registered for > SNDS, and JMRP feed is activated. IPv4 adress is "clean" and fine for > outlook.com. > > BUT nevertheless all emails from me to any outlook.* or hotmail.* > recipients is delivered to their junk folder. > > I strongly believe that this is because of the (hopefully) only > "issue" left I know about: My PTR. > > As I have a small VPS with only one IPV4 included in price, I've set > the PTR to "example.com" and not to "mail.example.com", which is the > fqdn for my outgoing postfix sent mail. Of course I know that this is > a "should not", but as there's a lot of stuff running e.g. on Apache > on this machine, a nextcloud instance, a TYPO3 instance, > roundcubemail, jitsi meet, ..., all on separate subdomains like > "cloud.example.com", "webmail.example.com", "meet.example.com" etc., I > simply don't like to have an "unclean" PTR, pointing not the main/base > domain. "Only" because of antispam. > > As said I have only one IPv4 for my VPS, but a /64 IPv6 subnet. So > more than enough IPv6 addreses to give each of my few domains amd not > that many subdomains a unique IPv6, with a corresponding PTR. > > I'm only not sure if there might be "IPv4-only" email providers out > there, whose emails might not be routed to my "IPv6-only" postfix. > > Sorry for this long email :-) > > Regards, > Michael
