IPv6 SMTP

Mohsen Souissi mohsen.souissi at nic.fr
Thu May 22 17:01:17 CEST 2008


 On 22 May, Bernhard Schmidt wrote:
 | On Thu, May 22, 2008 at 09:05:23AM +0200, Mohsen Souissi wrote:
 | 
 | > It would be a great idea if you had time to share your experience with
 | > the community afterwards. I presume, many people are currently trying
 | > to get SMTPv6 working and would appreciate some feedback on a concrete
 | > case study.
 | 
 | I don't really know what all this fuzz is about, enabling IPv6 on your
 | SMTP server is not really rocket science. In fact, due to the nature of
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

==> I agree. That's not the point I think. The point is that there's
too little deployment in production of SMTPv6 compared to other
classical TCP/IP services (web, DNS...), doubtless for many different
reasons, including FUD. Sharing experience in this field may help
things move forward. What you've written below is an example of
experience worth sharing (and once again, you're right it's not rocket
science). 

Off the top of my head, I can recall some issues which aren't blocking
when considered individually, but which may become a significant
hindrance if combined in some "demanding" environment :

- lack of anti-spam/virus IPv6-capable tools (compared to IPv4)

- potential issues with pMTU (the scenario you mentioned below)

- lack of documentend experience on e-mail routing (DNS interaction)
  and delivery in a mixed v4-v6 environment

That's all!

Mohsen.

 | SMTP between two MTAs (no user interaction, mostly working fallbacks) I
 | would say it's one of the easiest applications.
 | 
 | We've been running IPv6-enabled MXes at university (lrz-muenchen.de) for
 | about a year now. So far we've only seen two problems.
 | 
 | a) pMTU issues still exist and do happen. Furthermore there seem to be
 |    MTA implementations that don't fallback to IPv4 when the connection
 |    gets established but hangs. 
 | 
 |    Fortunately it is pretty easy to find the problematic spots, there
 |    are two logfile messages in our MTA (Postfix) that point to pMTU
 |    problems almost for sure:
 | 
 |    timeout after DATA (0 bytes) from xxxxx[2001:db8::1]
 |    lost connection after STARTTLS from xxxxx[2001:db8::1]
 | 
 |    I had to write a small script parsing the logfile and
 |    firewall/nullroute the affected boxes, otherwise we would end up
 |    loosing mails. This forces these hosts to use IPv4.
 | 
 |    We do have two dual-stacked MXes with the same priority, maybe this 
 |    problem won't appear if we had an IPv4-only backup MX, but that
 |    probably depends on the specific implementation again.
 | 
 | b) We currently block hosts without proper and matching rDNS after
 |    consulting a very large whitelist. We had to disable these checks for
 |    IPv6, as broken rDNS is pretty common even among large servers and 
 |    the general volume of IPv6 enabled SMTP is too low to notice it soon
 |    enough.
 | 
 | Other than that, IPv6 SMTP has worked fine for years now (at various
 | shops).
 | 
 | Bernhard



More information about the ipv6-ops mailing list