Postfix IPv6 Support

David BeveridgeLinux Systems Admin
CERTIFIED EXPERT
Published:
Updated:
Getting postfix to support IPv6 is a relatively simple matter (when you know how - or - have read this Article).

First of all you must ensure that your server has IPv6 connectivity to the Internet.

By default postfix will listen only on IPv4, to enable IPv6 add the following to main.cf

You only need to add the bind address, if you have multiple IPv6 addresses on your server and you want to limit it to just the one.  This will allow you to get the hostname to match the A & PTR records.
 
inet_protocols = ipv4,ipv6
                      
                      smtp_bind_address6=1:2:3:4:5:6:7:8

Open in new window


If you have client PC's using IPv6 on your local network you might want to allow them to connect to you server using IPv6 and relay outbound mail.  The IPv6 address must be enclosed in square brackets so that it is not confused with a "type:table" pattern.

 
mynetworks = 127.0.0.1
                              [2001:db8:1234::1]/127
                              192.0.2.0/24

Open in new window


Also be sure that if you have a firewall that IPv6 traffic is permitted to pass through it.

 
ip6tables -A INPUT -p TCP --dport smtp -j ACCEPT
                      ip6tables -A OUTPUT -p TCP --dport smtp -j ACCEPT

Open in new window


If you have any access control maps you can list IPv6 addresses in the same way that you list IPv4 addresses.  Do not enclose the IPv6 address in square brackets, like you did in the mynetworks parameter.


Once you have made the changes to your main.cf, restart the service.
On CentOS/RedHat I do that like this.

# service postfix restart

A simple way to test you configuration is to use the telnet command to start a connection to the server on the smtp port


root@box3 # telnet box6.bevhost.com smtp
Trying 2607:f878:1:668::84...
Connected to box6.bevhost.com.
Escape character is '^]'.
220 box6.bevhost.com ESMTP Postfix
helo box3.bevhost.com
250 box6.bevhost.com
mail from: <example@bevhost.com>
250 2.1.0 Ok
rcpt to: <experts@bevhost.com>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Subject: test

hello
.

250 2.0.0 Ok: queued as 39F3734A8031
quit
221 2.0.0 Bye
Connection closed by foreign host.
root@box3 #

If you also run an IMAP server such as dovecot, you'll probably want to enable IPv6 for that too.  edit /etc/dovecot.conf

 
listen = *, [::] 

Open in new window


Once your service is accepting connections with IPv6 it is OK to let the rest of the world know by publishing a AAAA Record for your server in the DNS.  Normally the AAAA record would be the same name as the A record for your host.  Also be sure to have your ISP create a PTR record for your IPv6 Address that matches the AAAA record AND the hostname of your server.

 
0
2,617 Views
David BeveridgeLinux Systems Admin
CERTIFIED EXPERT

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.