Should i enable IPv6?
Question asked by Martin Schaible - 1/30/2024 at 3:01 PM

I recently tested some domains at https://en.internet.nl for several reasons. That was a reminder, that my SmarterMail Server does not support IPv6 at all. Then i found this article: Spam and Security Checks for IPv6 Systems

Some Checks do not work and Rspamd is not listed. The article is dated 01/16/2023.

Do you have your mail servers ready for IPv6?
Does it make sense?


6 Replies

Reply to Thread
Douglas Foster Replied
I have been gradually building a reputation system around IPv4 addresses.    If I turn on IPv6, the universe of all possible addresses jumps from 4 billion to billions-of-billions, so IP-based reputation systems get substantially diluted by the glut of new source addresses.

On the other hand, IPv6 was invented because the IPv4 address set was running out of room.   That means that IPv6-only devices have to go through a v6-to-v4 gateway.   One gateway may end up servicing both good and bad actors.   When that becomes a problem, enabling IPv6 might become beneficial or necessary.   But I have not detected that event yet, so I will stick to an IPv4-only server for as long as possible.

Sébastien Riccio Replied
That's a question I've asked myself a few months ago. After a bit of reading, it looks like handling SPAM on v6 stack would be a nightmare at the moment.
So for now it stays in the things-to-do-one-day bag.

Sébastien Riccio System & Network Admin https://swisscenter.com
IP6 is a bitch in many ways.... and it sucks network wise.

I hate it.... and I have no plans of changing to IP6 unless I absolutely have to.
Terry Froy Replied
I have been running IPv6-enabled SmarterMail since I started using it more than two years ago (on Windows Server 2016) and have been operating IPv6-enabled networks and IPv6-enabled servers for over 20 years now.

In the 2+ years that I have been running SmarterMail, I have not encountered any IPv6-related issues with either the SmarterMail software or the Windows Server 2016 stack and I am currently running the latest public build at the time of writing (Build 8790).

A short checklist:

  • Ensure that you have port bindings configured for your IPv6 unicast addresses.
  • Ensure your host firewall is opened sufficiently for any SmarterMail services to be accessible to the outside world but you probably want to ensure that things like RDP are closed off.
  • Ensure you have configured valid rDNS for the IPv6 addresses used to send outgoing mail before you start doing so.
You will find that sending outbound mail via IPv6 through those who are configured to accept via IPv6 will give you plenty of opportunity to 'build up' a positive reputation for the IPv6 addresses used by your SmarterMail system.

You should note that you do not need to accept mail via IPv6 in order to send mail via IPv6.
echoDreamz Replied
@Brian Bjerring-Jensen - Preach! I cannot stand IPv6...
Mania gold Replied
I pondered this question a few months back, and upon delving into some literature, it appears that managing SPAM on the IPv6 stack could currently be a challenging task.

Reply to Thread