Hello,
I’d like to enable IPv6 on my mailinabox instance. My VPS provider is Vultr. It was initially set up with IPv4 only. After enabling IPv6 in the VPS interface, what do I need to do on the mailinabox side? Has anyone done this on Vultr?
Also, I recall that a few years ago Joshdata was recommending not enabling IPv6 due to Fail2ban limitations; does this still apply, since I believe Fail2ban now supports IPv6?
Thanks!
It should be straight forward. First confirm that your box has acquired an IPv6 address. The command “ip -6 a” should show you a list of addresses including your box’s assigned address with the flag “scope global”. If this doesn’t show the IPv6 address, you could down & up the link but personally I’d just reboot the box,
Then rerun the MIAB install and it should pick up the correct addresses.
curl -s https://mailinabox.email/setup.sh | sudo -E bash
If the install doesn’t pick up the new address, check that the IPV6 lines in /etc/mailinabox.conf make sense.
Also check the MIAB status page if Outbound port 25 IPV6 is open if there is a firewall on Vultr. It is a good idea to send outbound messages via IPV4 only as your IPV6 may be blacklisted. The steps how to do this are discussed in other threads. If IPV6 is disabled on your Ubuntu enable it first read this: networking - How to dynamically enable and disable ipv6 on an interface - Ask Ubuntu
You will need to setup rDNS for IPV6 as well.
Thanks! It seems to work fine except for this message in the System Status Checks:
SSH Login (ssh) is running and available over IPv4 but is not accessible over IPv6 at /redacted/ port 22.
Just igonre it. And good luck.
OK, I was able to fix the SSH issue by changing sshd.conf from
AddressFamily inet
to
AddressFamily any
To check that everything is working properly, I then did a mail delivery test available at email-security-scans.org. IPv6 delivery is fine, but the test reported that my mailinabox is unable to resolve domains on IPv6-only nameservers - that is, nameservers that are only reachable over IPv6. I was able to confirm this on the box - got a SERVFAIL on the MX query:
nslookup -q=mx v6-mail.v6only.measurement.email-security-scans.org
;; Got SERVFAIL reply from 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53** server can’t find v6-mail.v6only.measurement.email-security-scans.org: SERVFAIL
The same MX query from my own PC, which uses unbound as a recursive nameserver capable of reaching IPv6-only nameservers:
nslookup -q=mx v6-mail.v6only.measurement.email-security-scans.org
Server: opnsense.home.lan
Address: (redacted public IPv6 address)Non-authoritative answer:
v6-mail.v6only.measurement.email-security-scans.org MX preference = 10, mail exchanger = mail-v6.measurement.email-security-scans.org
Which works fine. mailinabox uses named / bind9 for DNS resolution and I don’t know enough about how named / bind9 is configured, but it does seem that the box can’t resolve hostnames on IPv6-only nameservers. Any idea how to fix this?
Thanks!
OK, I found the issue. named runs with the -4 flag configured, which limits it to IPv4 only. The solution is to edit /etc/default/named and remove the -4 flag there. Then, edit /etc/bind/named.conf.options and change the IPv6 binding from “any” to localhost only (::1) to prevent it from binding to every IPv6 address on the box (which is unnecessary).
Works fine now to resolve domains on IPv6-only nameservers.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.