Re: Postfix "IPv6-only" - experience/recommendation question
Dnia 13.05.2020 o godz. 07:54:34 Tobi pisze: > My 5 cents: never rely on the reputation of a domain if you do not have > control over parent domain. So if others from eu.org zone sending spam > one should not wonder why the own subdomain of eu.org might be > listed/blocked/seen as spam. That's exactly what Public Suffix List is meant for: to make it possible to distinguish between domains whose subdomains belong to the same organization, company, customer connections to the same ISP etc. and therefore should be treated in common; and domains whose subdomains are publicly available to register and therefore are independent from each other and should NOT be treated in common. The former are not on PSL; the latter are. So if anybody (and especially a large provider like Google) wants to play with "domain reputation" thing, PSL is a must to be taken into account. How else would you distinguish between eg. something.ibm.com and something.co.uk ? :) -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
Re: Postfix "IPv6-only" - experience/recommendation question
Zitat von "@lbutlr" : On 11 May 2020, at 04:24, Jaroslaw Rafa wrote: Someone told me… that Google is more likely to classify email from small senders as spam if they are sent via IPv6, and less likely if they are sent via IPv4. Short of Google publishing this information, I doubt that anyone knows this, and suspect this was merely someone’s guess, possibly informed, but probably just a WAG. What is probably true is that Google is more likely to mark mail from servers without a valid rDNS as spam, and perhaps more IPv6 hosts do not do their rDNS correctly? At least some time ago Google had problems with IPv6 PTR temporary failures (on their side) translated into SMTP reject (hard fail). This was only for IPv6, in IPv4 they got it right and you would get a SMTP try later. But never seen this lately and most of our e-mail targeted Google accounts are transfered by IPv6. But as always you are at mercy of their content filter if you use their services for mail. Regards Andi
Re: Postfix "IPv6-only" - experience/recommendation question
Hi Am 12.05.20 um 11:27 schrieb Jaroslaw Rafa: > If > somedomain.com sends spam, you won't automatically classify all other .com > domains as spam. So why do it for eu.org? because .com is a real TLD whereas eu.org is a pseudo TLD. You won't see user@com in mail but u...@eu.org My 5 cents: never rely on the reputation of a domain if you do not have control over parent domain. So if others from eu.org zone sending spam one should not wonder why the own subdomain of eu.org might be listed/blocked/seen as spam. -- Cheers tobi
Re: Postfix "IPv6-only" - experience/recommendation question
> What is a valid rDNS? How is it set? when you open an address in your browser a (forward) dns lookup will be initiated to get the server's ip address. A reverse lookup (rDNS) is the opposite. You query an ip address and get a fully qualified domainname back. Mailservers must have a matching forward and reverse dns, that means the domain in domain -> ip / ip -> domain queries must be the same. rDNS is set in the nameservers of the company that is responsible for your ip address (or ip net). Whereas you use resource records of type A for forward lookups, for rDNS you use PTR (Pointer) records. For more information you should search how DNS is working, for rDNS especially PTR / in-addr.arpa. and ip6.arpa. Best regards Gerald
Re: Postfix "IPv6-only" - experience/recommendation question
On Tue, 12 May 2020 08:14:21 -0600 "@lbutlr" wrote: > On 11 May 2020, at 04:24, Jaroslaw Rafa wrote: > > Someone told me… that Google is more likely to classify email from small > > senders as spam if they are sent via IPv6, and less likely if they are sent > > via IPv4. > > Short of Google publishing this information, I doubt that anyone knows this, > and suspect this was merely someone’s guess, possibly informed, but probably > just a WAG. > > What is probably true is that Google is more likely to mark mail from servers > without a valid rDNS as spam, and perhaps more IPv6 hosts do not do their > rDNS correctly? > What is a valid rDNS? How is it set? Ranjan
Re: Postfix "IPv6-only" - experience/recommendation question
On 11 May 2020, at 04:24, Jaroslaw Rafa wrote: > Someone told me… that Google is more likely to classify email from small > senders as spam if they are sent via IPv6, and less likely if they are sent > via IPv4. Short of Google publishing this information, I doubt that anyone knows this, and suspect this was merely someone’s guess, possibly informed, but probably just a WAG. What is probably true is that Google is more likely to mark mail from servers without a valid rDNS as spam, and perhaps more IPv6 hosts do not do their rDNS correctly? -- "If I were willing to change my morals for convenience or financial gain, we wouldn't be arguing, because I'd already *be* a Republican." -- Wil Shipley
Re: Postfix "IPv6-only" - experience/recommendation question
Dnia 11.05.2020 o godz. 15:36:47 Curtis Villamizar pisze: > > I've had no problem with google dropping my email as spam in years. > AOL and MSN (and friends, live, outlook, hotmail) sometimes, but > resolved. Helps to have rDNS on your IPv6 and SPF and DKIM signed and > all other things in place. [...] > google. Not so with aol, msn, comcast, maybe others. OTOH - what > I've read is if even one user refiles an email into spam for some > providers your chance of getting classified as spam goes up for all > recipients. So don't send mail that people might not want and then > refile as spam. It also helps to avoid sending mail to non-existant > or disabled recipients (changed email providers). All this is pretty obvious and none of this was the reason in my case. In fact, the only thing Google was able to tell me about my messages being classified as spam was the fact that they are getting spam from my parent domain. Not my domain (rafa.eu.org), but my parent domain (eu.org), which is ridiculous because eu.org is on the Public Suffix List, ie. it is exactly like .com - anybody can register their domain under eu.org. If somedomain.com sends spam, you won't automatically classify all other .com domains as spam. So why do it for eu.org? Also, what you wrote about users filing messages into spam also works the other way - if your message is mis-classified as spam, and the recipient(s) DON'T pull it out of their Spam folder and it stays there (and they don't, as they don't know that it's there in the first place), it also increases chances for your other messages to be classified as spam. So, once you get into someone's Spam folder - even by mistake - the probability of your next messages getting there increases automatically. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
Re: Postfix "IPv6-only" - experience/recommendation question
In message "michae...@rocketmail.com" writes: > THANKS to a all who answered!!! > > A lot of shared experience, learned a lot, cool. It's always very > interesting how threads are meandering, somehow, adding new aspects to > unasked but also relevant questions. Crowd as it's best :-) Summarized > your valuable hints, I'll stay with my Postfix configured for both > IPv4 and IPv6. No IPv6-only currently. Wait for the future. > > Regards, > Michael Good plan. Meantime I might try creating another IPv6-only email domain and see how well it does. Last I tried (long time ago) it was OK for IETF work, with IPv4 only people replying about bounces to replies that went to me plus to the list, but I got the list copy.
Re: Postfix "IPv6-only" - experience/recommendation question
michae...@rocketmail.com: I've a generic question to all more experienced than me postfix users here: Is it nowadays (reasonable) possible to run postfix with IPv6 only? E.g "mail.example.com" and "smtp.example.com" with only ipv6 records in the DNS, no A / ipv4 anymore? In theory, yes: it is possible. In practice, no: it won't work. The vast majority of mail servers do not (and will never) use IPv6. I'd suggest you to read D. J. Bernstein's opinion on IPv6 ( http://cr.yp.to/djbdns/ipv6mess.html ). He might be an unpleasant person, but twenty years (!) later it seems reasonable to conclude that he was mostly right, that it is regrettable his opinion was not taken into account, and that IPv6 will never happen as it was supposed to happen. Gregory
Re: Postfix "IPv6-only" - experience/recommendation question
THANKS to a all who answered!!! A lot of shared experience, learned a lot, cool. It's always very interesting how threads are meandering, somehow, adding new aspects to unasked but also relevant questions. Crowd as it's best :-) Summarized your valuable hints, I'll stay with my Postfix configured for both IPv4 and IPv6. No IPv6-only currently. Wait for the future. Regards, Michael
Re: Postfix "IPv6-only" - experience/recommendation question
Dnia 8.05.2020 o godz. 23:26:06 Ralph Seichter pisze: > Google has so far not rejected mail sent by the dual stack servers I > maintain, no matter if IPv4 or IPv6 was used. Both DKIM and SPF are > configured on my end, which seems to be a major concern for Google, but > beyond that I have neither noticed them being overly finicky nor > changing criteria often. YMMV. They almost never reject, unless you send a really huge amount of messages to them. They simply put your messages into recipient's Spam folder, so he/she won't actually see it. It technically has been delivered, however the recipient doesn't know it's there (as we shall remember that average users almost never look into their Spam folders, unless explicitly told to - and in that case they do it only once, when you tell them to). You, as the sender, also don't know that it has been placed into Spam folder. That's not only my experience, but many people here and there on the Net (on this list as well) complain about that behaviour. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
Re: Postfix "IPv6-only" - experience/recommendation question
Dnia 8.05.2020 o godz. 14:33:16 Bill Cole pisze: > > Some have IPv6 connectivity and address space but no motivation to > make their mail systems use IPv6. There are reasons to avoid sending > over IPv6 and very few if any significant reasons to want to send or > receive over IPv6. If one has a working IPv4-only mail system, > adding IPv6 is pure work for no discernible benefit. One of good reasons to NOT enable IPv6 may be the thing I heard when I was dealing with my problem of being classified by Google as spam. Someone told me (of course it's not confirmed, as there are virtually no confirmed informations about how Google's anti-spam filter behaves) that Google is more likely to classify email from small senders as spam if they are sent via IPv6, and less likely if they are sent via IPv4. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
Re: Postfix "IPv6-only" - experience/recommendation question
On 08/05/2020 21:58, Wietse Venema wrote: > Bob Proulx: >> How are working and available IPv6 DNSBLs progressing? That's a >> critical component which I would love to hear is no longer a missing >> component. > > zen.spamhaus.org blocks some 15% of IPv6 spam for me. The other 85% > comes from large providers (outlook.com, gmail.com, etc) that aren't > blocked with DNSBLs. > > Wietse > That matches my experience... Allen C
Re: Postfix "IPv6-only" - experience/recommendation question
* Bill Cole: >> That's quite a sweeping statement, and I don't believe it to be true. > > Calling someone a liar is a very effective way to end a conversation. Don't know if Trump supporter or trolling... I am a scientist, and thus do not consider your claim to be true until you prove it. I have even taken the time to tell you why. Young people out there: The concept is called "facts", look it up. -Ralph
Re: Postfix "IPv6-only" - experience/recommendation question
On 8 May 2020, at 17:26, Ralph Seichter wrote: > * Bill Cole: > >> The boutique hosting/connectivity/services provider I work with [...] >> can provide native IPv6 to customers. None ever has ever asked for it. > > That's quite a sweeping statement, and I don't believe it to be true. Calling someone a liar is a very effective way to end a conversation. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
Re: Postfix "IPv6-only" - experience/recommendation question
In message <2eb09baa-5327-b615-47a9-0c1402385...@rocketmail.com> "michae...@rocketmail.com" writes: > > Hi all, > > I've a generic question to all more experienced than me postfix users > here: Is it nowadays (reasonable) possible to run postfix with IPv6 > only? E.g "mail.example.com" and "smtp.example.com" with only ipv6 > records in the DNS, no A / ipv4 anymore? > > Michael Tried that but not for a few years. Last I tried this in addition to IPv6, you still need a routable (non-RFC1918) IPv4 address and valid PTR for your MTA/MSA to reach some sites (like this mailing list last I checked - but I rechecked and fixed now). Alternately you need to relay thru someone that has IPv4 and IPv6 but relay might be hard to come by (never considered that). IPv6 only is fine if you only send mail to the majors providers, gmail, m$soft (live, msn, outlook, hotmail, etc), comcast, ... etc. Less so if you send mail to enterprises (or individuals) that run their own email and have IPv4 only. What I have is a mostly IPv6 only network. Dual mode are public facing: DNS, web, MTA/MSA (most are VM). I run multiple MDA (cyrus imapd), one per domain, that are IPv6 only. MTA does per domain relay to MDA. MDA does smarthost relay to MSA to handle bounce messages. MTA does the prescreen and low overhead spam checks, MDA and a common spamd host does more higher overhead checks with one honey pot domain with its own web site to train filters (all mail to that domain is spam). Client hosts (cellphone, laptop) send to MSA (port 587). Client to MSA and MTA to MDA uses DANE plus cyrus SASL and very strong encryption, etc. SASL is SCRAM256 only for MDA, SCRAM256 plus DIGEST-MD5 for MSA due to limitations of some client MUA software but this is within a TLS connection so DIGEST-MD5 is not so bad. I do have two sites with 5 usable addresses each (/29 minus net, bcast, router). I have colo so you might have a bit more trouble getting more IPv4 with VPS. Easier a few years ago. Why not point your MX at example.com if you can only get one IPv4 address. Hope this helps. Curtis > - EOM for impatient readers :-) --- > > Hi patient readers :-) > > reason for my question: > > I'm running my own small postfix/dovecot etc. environment on a > VPS. Running fine for years now, after some initial work to get my > sent emails not delivered as junk. spf record exists for my few > domains, dkim is active and passes everytime, dmarc entry is active. > https://www.mail-tester.com gives me 10/10 :-) > > All relevant for me email providers are accepting my emails without > any issue, for long, except Microsoft hotmail/outlook. Registered for > SNDS, and JMRP feed is activated. IPv4 adress is "clean" and fine for > outlook.com. > > BUT nevertheless all emails from me to any outlook.* or hotmail.* > recipients is delivered to their junk folder. > > I strongly believe that this is because of the (hopefully) only > "issue" left I know about: My PTR. > > As I have a small VPS with only one IPV4 included in price, I've set > the PTR to "example.com" and not to "mail.example.com", which is the > fqdn for my outgoing postfix sent mail. Of course I know that this is > a "should not", but as there's a lot of stuff running e.g. on Apache > on this machine, a nextcloud instance, a TYPO3 instance, > roundcubemail, jitsi meet, ..., all on separate subdomains like > "cloud.example.com", "webmail.example.com", "meet.example.com" etc., I > simply don't like to have an "unclean" PTR, pointing not the main/base > domain. "Only" because of antispam. > > As said I have only one IPv4 for my VPS, but a /64 IPv6 subnet. So > more than enough IPv6 addreses to give each of my few domains amd not > that many subdomains a unique IPv6, with a corresponding PTR. > > I'm only not sure if there might be "IPv4-only" email providers out > there, whose emails might not be routed to my "IPv6-only" postfix. > > Sorry for this long email :-) > > Regards, > Michael
Re: Postfix "IPv6-only" - experience/recommendation question
* Bill Cole: > The boutique hosting/connectivity/services provider I work with [...] > can provide native IPv6 to customers. None ever has ever asked for it. That's quite a sweeping statement, and I don't believe it to be true. For years I have asked every provider I have worked with if they offer native IPv6, and if so in what net blocks etc. Unless you can provide proof, in writing, I simply cannot believe that no customer has ever asked the provider you mentioned for IPv6. > There is at least one large mail system operator (Google) which > explicitly has stricter criteria for accepting mail from IPv6 sources > so maybe you don't even want to ever send on IPv6 anyway to avoid > having to suit them today and a dozen others with different criteria > next week. Google has so far not rejected mail sent by the dual stack servers I maintain, no matter if IPv4 or IPv6 was used. Both DKIM and SPF are configured on my end, which seems to be a major concern for Google, but beyond that I have neither noticed them being overly finicky nor changing criteria often. YMMV. > Does anyone worth worrying about only send or receive on IPv6? Not > that I'm aware of. The operative word being "only". That was indeed what the OP asked about, and I forgot to mention that I too would not run an IPv6-only mail server, same as you. However, your question made me wonder: Is anyone worth worrying about, as you put it, unable to send or receive via IPv6? While the answer is possibly a yes in many cases (it is for me), I don't know how the OP would be affected. > Are there tools for spam control of IPv6 incoming mail that match the > IPv4 tools? Are there specific tools you have in mind which don't have IPv6 support yet? Are the authors aware of that? Also, I look at it this way: Based on my logs the amount of spam attempts, let alone deliveries, via IPv6 appears to be noticeably lower than via IPv4. I mean the ratio of spam to connections, not only the absolute number. I wonder if that indicates that spammers find it difficult to rent/purchase/employ IPv6-capable infrastructure and spam tools? -Ralph
Re: Postfix "IPv6-only" - experience/recommendation question
Bob Proulx: > How are working and available IPv6 DNSBLs progressing? That's a > critical component which I would love to hear is no longer a missing > component. zen.spamhaus.org blocks some 15% of IPv6 spam for me. The other 85% comes from large providers (outlook.com, gmail.com, etc) that aren't blocked with DNSBLs. Wietse
Re: Postfix "IPv6-only" - experience/recommendation question
On 8 May 2020, at 15:06, Ralph Seichter wrote: * Bill Cole: Some have IPv6 connectivity and address space but no motivation to make their mail systems use IPv6. A case of what we call Public Servant Mikado (whoever moves first has lost). ;-) Yes. Seriously, I think that if one can support IPv6, one should do it. Good hosting services and ISPs already offer native IPv6, and those that don't should be pressured by customer demand to get their act together. Because I work in multiple unrelated environments, I see many sides of this. The boutique hosting/connectivity/services provider I work with (with 2 ASs, US & EU BGP presence, multiple IPv4 and IPv6 allocations) can provide native IPv6 to customers. None ever has ever asked for it. The main production mail hosting system has a /24 reserved for its use (and mostly in use) and we've never had any technical reason to deploy IPv6 on it or customer demand. It's just not a thing with any pressure behind it. If one has a working IPv4-only mail system, adding IPv6 is pure work for no discernible benefit. Adding a static IPv6 address to a Linux host is a simple one-time effort that takes a couple of minutes. Then, tweak some Postfix settings like inet_interfaces, inet_protocols and maybe smtp_bind_address6. Create a DNS record, update the SPF record. Sure, for a one-IP Postfix system that's pretty easy. However, if one has a clustered mail system that isn't Postfix with scores of domains, each with their own IP on each of multiple nodes, that's non-trivial work. For what? There is at least one large mail system operator (Google) which explicitly has stricter criteria for accepting mail from IPv6 sources, somaybe you don't even want to ever send on IPv6 anyway to avoid having to suit them today and a dozen others with different criteria next week. Does anyone worth worrying about only send or receive on IPv6? Not that I'm aware of. Are there tools for spam control of IPv6 incoming mail that match the IPv4 tools? No. Overall, I estimate that getting a Postfix-based MX IPv6-ready should take about 15 minutes, and I think it is time well spent. I'm not sure that it is for all mail operators, but even if I stipulate the point: it's not what I was talking about. The OP asked if IPv6-ONLY was practical. My reason for saying that it is not (yet) was grounded in the reality that not all mail systems are one-machine, one-IP, and/or Postfix. It's easy for anyone with a one-machine one-IP Postfix system and IPv6 connectivity and an assigned /64 to be IPv6-READY with minimal effort. It isn't realistic to expect that everyone you want to exchange mail with has those prerequisites and/or has put out whatever effort their systems require to use IPv6 for email. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not For Hire (currently)
Re: Postfix "IPv6-only" - experience/recommendation question
Bill Cole wrote: > michaelof wrote: > > I've a generic question to all more experienced than me postfix users > > here: Is it nowadays (reasonable) possible to run postfix with IPv6 > > only? E.g "mail.example.com" and "smtp.example.com" with only ipv6 > > records in the DNS, no A / ipv4 anymore? > > No. Agreed. No. You will not be able to exchange email with many sites. > > I'm only not sure if there might be "IPv4-only" email providers out > > there, whose emails might not be routed to my "IPv6-only" postfix. > > There are many. > > Some do not yet have IPv6 service yet. I have a site using CenturyLink since that is the only option available. And CenturyLink there does not support IPv6! Which I find amazing but still true. I am anxiously waiting for a city fiber project which is every so slowly progressing so that a connection to the new fiber ring might be made. Until that time it has IPv4 only. > Some have IPv6 connectivity and address space but no motivation to make > their mail systems use IPv6. There are reasons to avoid sending over IPv6 > and very few if any significant reasons to want to send or receive over > IPv6. If one has a working IPv4-only mail system, adding IPv6 is pure work > for no discernible benefit. How are working and available IPv6 DNSBLs progressing? That's a critical component which I would love to hear is no longer a missing component. Bob
Re: Postfix "IPv6-only" - experience/recommendation question
On Fri, May 08, 2020 at 06:38:32PM +0200, michae...@rocketmail.com wrote: > I've a generic question to all more experienced than me postfix users > here: Is it nowadays (reasonable) possible to run postfix with IPv6 > only? E.g "mail.example.com" and "smtp.example.com" with only ipv6 > records in the DNS, no A / ipv4 anymore? Yes, absolutely, provided the set of MTAs this server will communicate with is known to be IPv6-capable. Postfix works just fine with IPv6-only in internal deployments. If, however, you want to receive and send email to the Internet at large, sadly you will not be able to send mail to, or receive mail from, many potential destination domains without an IPv4 address. -- Viktor.
Re: Postfix "IPv6-only" - experience/recommendation question
* Bill Cole: > Some have IPv6 connectivity and address space but no motivation to > make their mail systems use IPv6. A case of what we call Public Servant Mikado (whoever moves first has lost). ;-) Seriously, I think that if one can support IPv6, one should do it. Good hosting services and ISPs already offer native IPv6, and those that don't should be pressured by customer demand to get their act together. > If one has a working IPv4-only mail system, adding IPv6 is pure work > for no discernible benefit. Adding a static IPv6 address to a Linux host is a simple one-time effort that takes a couple of minutes. Then, tweak some Postfix settings like inet_interfaces, inet_protocols and maybe smtp_bind_address6. Create a DNS record, update the SPF record. Overall, I estimate that getting a Postfix-based MX IPv6-ready should take about 15 minutes, and I think it is time well spent. -Ralph
Re: Postfix "IPv6-only" - experience/recommendation question
On 8 May 2020, at 12:38, michae...@rocketmail.com wrote: Hi all, I've a generic question to all more experienced than me postfix users here: Is it nowadays (reasonable) possible to run postfix with IPv6 only? E.g "mail.example.com" and "smtp.example.com" with only ipv6 records in the DNS, no A / ipv4 anymore? No. [...] I'm only not sure if there might be "IPv4-only" email providers out there, whose emails might not be routed to my "IPv6-only" postfix. There are many. Some do not yet have IPv6 service yet. Some have IPv6 connectivity and address space but no motivation to make their mail systems use IPv6. There are reasons to avoid sending over IPv6 and very few if any significant reasons to want to send or receive over IPv6. If one has a working IPv4-only mail system, adding IPv6 is pure work for no discernible benefit. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not For Hire (currently)
Re: Postfix "IPv6-only" - experience/recommendation question
On Fri, May 08, 2020 at 06:38:32PM +0200, michae...@rocketmail.com wrote: > Hi all, > > > I've a generic question to all more experienced than me postfix users here: > Is it nowadays (reasonable) possible to run postfix with IPv6 only? E.g > "mail.example.com" and "smtp.example.com" with only ipv6 records in the > DNS, no A / ipv4 anymore? > > > Michael > > > - EOM for impatient readers :-) --- > > > Hi patient readers :-) > > reason for my question: > > I'm running my own small postfix/dovecot etc. environment on a VPS. Running > fine for years now, after some initial work to get my sent emails not > delivered as junk. > spf record exists for my few domains, dkim is active and passes everytime, > dmarc entry is active. > https://www.mail-tester.com gives me 10/10 :-) > > All relevant for me email providers are accepting my emails without any > issue, for long, except Microsoft hotmail/outlook. Registered for SNDS, and > JMRP feed is activated. > IPv4 adress is "clean" and fine for outlook.com. > > BUT nevertheless all emails from me to any outlook.* or hotmail.* recipients > is delivered to their junk folder. > > I strongly believe that this is because of the (hopefully) only "issue" left > I know about: My PTR. > > As I have a small VPS with only one IPV4 included in price, I've set the PTR > to "example.com" and not to "mail.example.com", which is the fqdn for my > outgoing postfix sent mail. > Of course I know that this is a "should not", but as there's a lot of stuff > running e.g. on Apache on this machine, a nextcloud instance, a TYPO3 > instance, roundcubemail, jitsi meet, ..., all on separate subdomains like > "cloud.example.com", "webmail.example.com", "meet.example.com" etc., I simply > don't like to have an "unclean" PTR, pointing not the main/base domain. > "Only" because of antispam. > > As said I have only one IPv4 for my VPS, but a /64 IPv6 subnet. > So more than enough IPv6 addreses to give each of my few domains amd not that > many subdomains a unique IPv6, with a corresponding PTR. > > I'm only not sure if there might be "IPv4-only" email providers out there, > whose emails might not be routed to my "IPv6-only" postfix. I have a suggestion that works well for my similar email setup (small VPS providing a number of disparate services). Give your VPS a hostname that's unrelated to any of the services. Mine, for example, is "fenrir". Create an A / record for that hostname underneath your domain. Make the PTR record point to that hostname FQDN. Then you can point your MX records to that FQDN, and set up postfix to identify itself as that same name. Here's my DNS records: fenrir.routify.me - A - - PTR - fenrir.routify.me seangreenslade.com - MX - fenrir.routify.me And the greeting my Postfix gives: 220 fenrir.routify.me ESMTP Postfix With this setup, I haven't had any issues with mail deliverability. --Sean
Re: Postfix "IPv6-only" - experience/recommendation question
On 08/05/2020 17:38, michae...@rocketmail.com wrote: > Hi all, > > > I've a generic question to all more experienced than me postfix users here: > Is it nowadays (reasonable) possible to run postfix with IPv6 only? E.g > "mail.example.com" and "smtp.example.com" with only ipv6 records in the > DNS, no A / ipv4 anymore? > I am running a domestic server, and 10 percent of inbound emails, and maybe 30 percent of outbound emails still use IPv4. There was a worry some years ago that IPv6 was not adequately protected by DNS blacklists, and was thus vulnerable to spam attacks. I have not found this myself, but am not representative of the world-at-large. But there seem to be a lot of MX hosts out there which do not accept incoming IPv6. For my server, I have set up a primary MX which is IPv6 only, and a secondary, which is dual protocol. Perhaps you could do something similar with your situation. Hope this helps Allen C
Re: Postfix "IPv6-only" - experience/recommendation question
Hi, > I've a generic question to all more experienced than me postfix users here: > Is it nowadays (reasonable) possible to run postfix with IPv6 only? E.g > "mail.example.com" and "smtp.example.com" with only ipv6 records in the > DNS, no A / ipv4 anymore? I would not yet advise to run a mail system ipv6 only. > As I have a small VPS with only one IPV4 included in price, I've set the PTR > to "example.com" and not to "mail.example.com", which is the fqdn for my > outgoing postfix sent mail. > Of course I know that this is a "should not", but as there's a lot of stuff > running e.g. on Apache on this machine, a nextcloud instance, a TYPO3 > instance, roundcubemail, jitsi meet, ..., all on separate subdomains like > "cloud.example.com", "webmail.example.com", "meet.example.com" etc., I simply > don't like to have an "unclean" PTR, pointing not the main/base domain. > "Only" because of antispam. The forward/reverse dns has to match but some providers also verify the helo name (postfix outgoing fqdn). Why not run postfix with "example.com"? Other companies do not care if they deliver to example.com or mail.example.com. > As said I have only one IPv4 for my VPS, but a /64 IPv6 subnet. > So more than enough IPv6 addreses to give each of my few domains amd not that > many subdomains a unique IPv6, with a corresponding PTR. You can configure postfix to try ipv6 delivery first (which is the default for postfix 2.8+) http://www.postfix.org/postconf.5.html#smtp_address_preference > I'm only not sure if there might be "IPv4-only" email providers out there, > whose emails might not be routed to my "IPv6-only" postfix. That is possible. Best regards Gerald
Postfix "IPv6-only" - experience/recommendation question
Hi all, I've a generic question to all more experienced than me postfix users here: Is it nowadays (reasonable) possible to run postfix with IPv6 only? E.g "mail.example.com" and "smtp.example.com" with only ipv6 records in the DNS, no A / ipv4 anymore? Michael - EOM for impatient readers :-) --- Hi patient readers :-) reason for my question: I'm running my own small postfix/dovecot etc. environment on a VPS. Running fine for years now, after some initial work to get my sent emails not delivered as junk. spf record exists for my few domains, dkim is active and passes everytime, dmarc entry is active. https://www.mail-tester.com gives me 10/10 :-) All relevant for me email providers are accepting my emails without any issue, for long, except Microsoft hotmail/outlook. Registered for SNDS, and JMRP feed is activated. IPv4 adress is "clean" and fine for outlook.com. BUT nevertheless all emails from me to any outlook.* or hotmail.* recipients is delivered to their junk folder. I strongly believe that this is because of the (hopefully) only "issue" left I know about: My PTR. As I have a small VPS with only one IPV4 included in price, I've set the PTR to "example.com" and not to "mail.example.com", which is the fqdn for my outgoing postfix sent mail. Of course I know that this is a "should not", but as there's a lot of stuff running e.g. on Apache on this machine, a nextcloud instance, a TYPO3 instance, roundcubemail, jitsi meet, ..., all on separate subdomains like "cloud.example.com", "webmail.example.com", "meet.example.com" etc., I simply don't like to have an "unclean" PTR, pointing not the main/base domain. "Only" because of antispam. As said I have only one IPv4 for my VPS, but a /64 IPv6 subnet. So more than enough IPv6 addreses to give each of my few domains amd not that many subdomains a unique IPv6, with a corresponding PTR. I'm only not sure if there might be "IPv4-only" email providers out there, whose emails might not be routed to my "IPv6-only" postfix. Sorry for this long email :-) Regards, Michael