Enable IPv6 support in main.cf by default

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Enable IPv6 support in main.cf by default

llnu
Greetings everyone,


In 2020 we think it would be a reasonable enable IPv6 it by default.
V4 addresses are getting expensive, and new ISP-s and businesses are
moving to V6 with great momentum. Moreover it would help us and others
to reduce complexity in their infrastructure.

The postfix IPv6 article(1) mentions a couple points against this, but
the followings are not valid anymore in 2020:

"By default, Postfix uses IPv4 only, because most systems aren't
attached to an IPv6 network."
According to Google, third of their users access their service via IPv6.

"Linux kernels don't even load IPv6 protocol support by default. Any
attempt to use it would fail immediately."
It is enabled by default(3).


The change:
  /etc/postfix/main.cf:
from:  inet_protocols = ipv4       (DEFAULT: enable IPv4 only)
to:    inet_protocols = all        (DEFAULT: enable IPv4, and IPv6 if
supported)


Looking forward to hear your thoughts.

Best,
Balazs



1: http://www.postfix.org/IPV6_README.html
2: https://www.google.com/intl/en/ipv6/statistics.html
3: https://www.kernel.org/doc/Documentation/networking
Reply | Threaded
Open this post in threaded view
|

Re: Enable IPv6 support in main.cf by default

Stephan Seitz-3
On Di, Jul 21, 2020 at 15:20:36 +0200, [hidden email] wrote:
>The change:
> /etc/postfix/main.cf:
>from:  inet_protocols = ipv4       (DEFAULT: enable IPv4 only)
>to:    inet_protocols = all        (DEFAULT: enable IPv4, and IPv6 if supported)

I don’t think this is a good idea. You’re right that most (or probably
all) distributions have an activated IPv6 stack. That means you’re
getting at least one fe80 address, even if you could reach nothing
outside your network.

But this means that postfix will try to reach its next hop with IPv6 if
the next hop has IPv4/IPv6 addresses, but this will fail. Of course
Postfix will try again with IPv4, and this will work, but it is an
needlessfailure.

Many greetings,

        Stephan

--
|    If your life was a horse, you'd have to shoot it.    |
Reply | Threaded
Open this post in threaded view
|

Re: Enable IPv6 support in main.cf by default

Bill Cole-3
In reply to this post by llnu
On 21 Jul 2020, at 9:20, [hidden email] wrote:

> "By default, Postfix uses IPv4 only, because most systems aren't
> attached to an IPv6 network."
> According to Google, third of their users access their service via
> IPv6.

So, Google agrees with the Postfix docs, correct?

Based on occasional issues raised here, it appears that some
distributions package Postfix with IPv6 enabled, resulting in issues for
people in the common circumstance of having IPv6 enabled in their OS and
doing some sort of autoconfig without connectivity to the global IPv6
Internet. I don't believe that we've ever had someone come here with an
actual problem rooted in Postfix not enabling IPv6 by default. Do you
have such a problem or is your concern purely on principle?

--
Bill Cole
[hidden email] or [hidden email]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not For Hire (currently)
Reply | Threaded
Open this post in threaded view
|

Re: Enable IPv6 support in main.cf by default

Dima Veselov
On 21.07.2020 19:37, Bill Cole wrote:

>> "By default, Postfix uses IPv4 only, because most systems aren't
>> attached to an IPv6 network."
>> According to Google, third of their users access their service via IPv6.
>
> So, Google agrees with the Postfix docs, correct?
>
> Based on occasional issues raised here, it appears that some
> distributions package Postfix with IPv6 enabled, resulting in issues for
> people in the common circumstance of having IPv6 enabled in their OS and
> doing some sort of autoconfig without connectivity to the global IPv6
> Internet. I don't believe that we've ever had someone come here with an
> actual problem rooted in Postfix not enabling IPv6 by default. Do you
> have such a problem or is your concern purely on principle?

My personal opinion is that Postfix should be IPv6-enabled by default
when one will enable IPv6 in real dualstack systems more often than to
disable IPv6 in IPv4-only ones. My personal statistics is about 20:1
ratio of no-IPv6 servers/VMs vs. two mail hubs with real IPv6 connection.

That means I would have to turn IPv6 off 20 times more often (if Postfix
would have IPv6 by default enabled) than turning it on for mailhub (if
situation persists). My conclusion: its too early.

--
Sincerely yours,
Dima Veselov
Physics R&D Establishment of Saint-Petersburg University
Reply | Threaded
Open this post in threaded view
|

Re: Enable IPv6 support in main.cf by default

Benny Pedersen-2
In reply to this post by llnu
[hidden email] skrev den 2020-07-21 15:20:

> The change:
>  /etc/postfix/main.cf:
> from:  inet_protocols = ipv4       (DEFAULT: enable IPv4 only)
> to:    inet_protocols = all        (DEFAULT: enable IPv4, and IPv6 if
> supported)

error is that default main.cf have this line, defaults is already all

back to roots, any settings in main.cf is forced non default, and thus
keep old config for very long time, so if this is commented in main.cf
all is well

its dokumented to not make it more complicated

postconf inet_protocols
postconf -d inet_protocols
postconf -n inet_protocols

see the error from this :=)


Reply | Threaded
Open this post in threaded view
|

Re: Enable IPv6 support in main.cf by default

Wietse Venema
In reply to this post by llnu
[hidden email]:

> Greetings everyone,
>
>
> In 2020 we think it would be a reasonable enable IPv6 it by default.
> V4 addresses are getting expensive, and new ISP-s and businesses are
> moving to V6 with great momentum. Moreover it would help us and others
> to reduce complexity in their infrastructure.
>
> The postfix IPv6 article(1) mentions a couple points against this, but
> the followings are not valid anymore in 2020:
>
> "By default, Postfix uses IPv4 only, because most systems aren't
> attached to an IPv6 network."
> According to Google, third of their users access their service via IPv6.

If 2/3 of all SMTP clients are IPv4-only, then that would be a reason
not to make this the default for SMTP.

        Wietse

> "Linux kernels don't even load IPv6 protocol support by default. Any
> attempt to use it would fail immediately."
> It is enabled by default(3).
>
>
> The change:
>   /etc/postfix/main.cf:
> from:  inet_protocols = ipv4       (DEFAULT: enable IPv4 only)
> to:    inet_protocols = all        (DEFAULT: enable IPv4, and IPv6 if
> supported)
>
>
> Looking forward to hear your thoughts.
>
> Best,
> Balazs
>
>
>
> 1: http://www.postfix.org/IPV6_README.html
> 2: https://www.google.com/intl/en/ipv6/statistics.html
> 3: https://www.kernel.org/doc/Documentation/networking
>
Reply | Threaded
Open this post in threaded view
|

Re: Enable IPv6 support in main.cf by default

Viktor Dukhovni
On Tue, Jul 21, 2020 at 02:09:04PM -0400, Wietse Venema wrote:

> > "By default, Postfix uses IPv4 only, because most systems aren't
> > attached to an IPv6 network." According to Google, third of their
> > users access their service via IPv6.
>
> If 2/3 of all SMTP clients are IPv4-only, then that would be a reason
> not to make this the default for SMTP.

My server accepts email overs IPv6.  Outbound, I don't presently enable
IPv6 by default, largely because operators like Google decided it would
be a good idea to erect higher barriers when receiving email over IPv6.
The result has largely been to slow IPv6 adoption in SMTP, rather than
senders rushing out to jump through all the new hoops.

--
    VIktor.
Reply | Threaded
Open this post in threaded view
|

Re: Enable IPv6 support in main.cf by default

Matt Corallo
I believe this is somewhat out of date. Google did, in my understanding, originally require DKIM and not assign IP
reputation to v6 addresses, but that appears to no longer by the case. I turned on v6-outbound on my postfix server and
it has had no problems with Gmail (or any other) reachability. Still, many large sites (eg Outlook) only accept mail on
v4, presumably for similar reasons, so there isn't much reason to default to prefering IPv6 for outbound mail any time
in the next many years.

I suppose the cost of forcing users onto more expensive (by $1/mo...) hosting plans to get IPv4 addresses is not an
unreasonable anti-spam measure, but encouraging postfix users to, by default, accept mail over IPv6 would be nice to
avoid perpetuating this requirement further.

Matt

On 7/21/20 2:13 PM, Viktor Dukhovni wrote:

> On Tue, Jul 21, 2020 at 02:09:04PM -0400, Wietse Venema wrote:
>
>>> "By default, Postfix uses IPv4 only, because most systems aren't
>>> attached to an IPv6 network." According to Google, third of their
>>> users access their service via IPv6.
>>
>> If 2/3 of all SMTP clients are IPv4-only, then that would be a reason
>> not to make this the default for SMTP.
>
> My server accepts email overs IPv6.  Outbound, I don't presently enable
> IPv6 by default, largely because operators like Google decided it would
> be a good idea to erect higher barriers when receiving email over IPv6.
> The result has largely been to slow IPv6 adoption in SMTP, rather than
> senders rushing out to jump through all the new hoops.
>
Reply | Threaded
Open this post in threaded view
|

Re: Enable IPv6 support in main.cf by default

Viktor Dukhovni
On Tue, Jul 21, 2020 at 07:54:55PM -0400, Matt Corallo wrote:

> Still, many large sites (eg Outlook) only
> accept mail on v4, presumably for similar reasons, so there isn't much
> reason to default to prefering IPv6 for outbound mail any time in the
> next many years.

FWIW, when you enable IPv6 support in Postfix, IPv6 is not preferred,
Postfix chooses between IPv6 and IPv4 at random, and tries to make sure
that the set of candidate nexthop IP addresses contains at least some of
each.

So the primary reasons to not enable IPv6 outbound are:

    * Stricter policies applied to IPv6 mail by some receiving sites.

    * Some SMTP servers publishing non-working IPv6 addresses,
      where the name resolves to both IPv4 and IPv6, but only IPv4
      actually works.  This will latency to deliveries that happen
      to try IPv6 first.

Otherwise, if you have working IPv6 on your end, and the above issues
are not a problem, then you can enable IPv6 outbound and it should
work about as well as can be expected, modulo the above.

--
    Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Enable IPv6 support in main.cf by default

Matt Corallo
Yep, I set it to prefer v6 to test and was only noting that, at least GMail, doesn't appear to apply stricter policies
around delivery any more (likely modulo your IP's existing reputation).

On 7/21/20 8:06 PM, Viktor Dukhovni wrote:

> On Tue, Jul 21, 2020 at 07:54:55PM -0400, Matt Corallo wrote:
>
>> Still, many large sites (eg Outlook) only
>> accept mail on v4, presumably for similar reasons, so there isn't much
>> reason to default to prefering IPv6 for outbound mail any time in the
>> next many years.
>
> FWIW, when you enable IPv6 support in Postfix, IPv6 is not preferred,
> Postfix chooses between IPv6 and IPv4 at random, and tries to make sure
> that the set of candidate nexthop IP addresses contains at least some of
> each.
>
> So the primary reasons to not enable IPv6 outbound are:
>
>     * Stricter policies applied to IPv6 mail by some receiving sites.
>
>     * Some SMTP servers publishing non-working IPv6 addresses,
>       where the name resolves to both IPv4 and IPv6, but only IPv4
>       actually works.  This will latency to deliveries that happen
>       to try IPv6 first.
>
> Otherwise, if you have working IPv6 on your end, and the above issues
> are not a problem, then you can enable IPv6 outbound and it should
> work about as well as can be expected, modulo the above.
>