IPv6 SMTP

[Bernhard Schmidt]

On Thu, May 22, 2008 at 09:05:23AM +0200, Mohsen Souissi wrote:

> It would be a great idea if you had time to share your experience with
> the community afterwards. I presume, many people are currently trying
> to get SMTPv6 working and would appreciate some feedback on a concrete
> case study.

I don't really know what all this fuzz is about, enabling IPv6 on your
SMTP server is not really rocket science. In fact, due to the nature of
SMTP between two MTAs (no user interaction, mostly working fallbacks) I
would say it's one of the easiest applications.

We've been running IPv6-enabled MXes at university (lrz-muenchen.de) for
about a year now. So far we've only seen two problems.

a) pMTU issues still exist and do happen. Furthermore there seem to be
   MTA implementations that don't fallback to IPv4 when the connection
   gets established but hangs. 

   Fortunately it is pretty easy to find the problematic spots, there
   are two logfile messages in our MTA (Postfix) that point to pMTU
   problems almost for sure:

   timeout after DATA (0 bytes) from xxxxx[2001:db8::1]
   lost connection after STARTTLS from xxxxx[2001:db8::1]

   I had to write a small script parsing the logfile and
   firewall/nullroute the affected boxes, otherwise we would end up
   loosing mails. This forces these hosts to use IPv4.

   We do have two dual-stacked MXes with the same priority, maybe this 
   problem won't appear if we had an IPv4-only backup MX, but that
   probably depends on the specific implementation again.

b) We currently block hosts without proper and matching rDNS after
   consulting a very large whitelist. We had to disable these checks for
   IPv6, as broken rDNS is pretty common even among large servers and 
   the general volume of IPv6 enabled SMTP is too low to notice it soon
   enough.

Other than that, IPv6 SMTP has worked fine for years now (at various
shops).

Bernhard