Per the instructions under “Finding a cloud service provider”:
If you have a choice, choose a location for your machine that is near you — it’ll be faster! And if disabling IPv6 is an option, disable it.
Has anyone successfully disabled IPV6 on Ubuntu 22.04 on Linode? I’m asking because my IPV6 address assigned by Linode is blocked in spamhaus.org, and when I requested it be unblocked, I received the following:
Is this IP yours?
If it is not, please read the FAQ link provided below.
XBL lists IPv6 with /64 granularity. A /64 is the industry standard for the smallest IPv6 allocation to individual customers, even for home-uses like cable, DSL or wireless. The /64 choice has RFC4291 as its origin and it is further discussed in RFC6177.
A spammer can cycle through IPv6 addresses every 5 seconds (or even faster, with custom kernels). Since an IPv6 /64 is twice the size of the entire IPv4 mask, lots of spam can be produced with very minimal effort. Thus, listing the whole /64 is warranted.
For more detailed information, please this FAQ regarding IPv6 and XBL:
https://www.spamhaus.org/faq/section/Spamhaus%20XBL#546
To resolve this issue, contact the ISP providing your IPv6 address and request assignment of a /64 range appropriate for email service, along with appropriate forward and rDNS.
Update: I provisioned a new Ubuntu 22.04 install on Linode and immediately edited “/etc/default/grub” to include “ipv6.disable=1” as specified here: How To Disable IPv6 On Ubuntu 22.04 Permanently.
FAILED: apt-get -y -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confnew install dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-sqlite sqlite3 dovecot-sieve dovecot-managesieved
-----------------------------------------
Reading package lists...
Building dependency tree...
Reading state information...
The following additional packages will be installed:
libexttextcat-2.0-0 libexttextcat-data liblua5.3-0
Suggested packages:
dovecot-gssapi dovecot-ldap dovecot-lucene dovecot-mysql dovecot-pgsql
dovecot-solr dovecot-submissiond sqlite3-doc
The following NEW packages will be installed:
dovecot-core dovecot-imapd dovecot-lmtpd dovecot-managesieved dovecot-pop3d
dovecot-sieve dovecot-sqlite libexttextcat-2.0-0 libexttextcat-data
liblua5.3-0 sqlite3
0 upgraded, 11 newly installed, 0 to remove and 3 not upgraded.
Need to get 5,139 kB of archives.
After this operation, 16.2 MB of additional disk space will be used.
Get:1 http://mirrors.linode.com/ubuntu jammy/main amd64 libexttextcat-data all 3.4.5-1build2 [179 kB]
Get:2 http://mirrors.linode.com/ubuntu jammy/main amd64 libexttextcat-2.0-0 amd64 3.4.5-1build2 [13.7 kB]
Get:3 http://mirrors.linode.com/ubuntu jammy/main amd64 liblua5.3-0 amd64 5.3.6-1build1 [140 kB]
Get:4 http://mirrors.linode.com/ubuntu jammy-updates/main amd64 dovecot-core amd64 1:2.3.16+dfsg1-3ubuntu2.2 [3,319 kB]
Get:5 http://mirrors.linode.com/ubuntu jammy-updates/main amd64 dovecot-imapd amd64 1:2.3.16+dfsg1-3ubuntu2.2 [193 kB]
Get:6 http://mirrors.linode.com/ubuntu jammy-updates/universe amd64 dovecot-lmtpd amd64 1:2.3.16+dfsg1-3ubuntu2.2 [29.4 kB]
Get:7 http://mirrors.linode.com/ubuntu jammy-updates/universe amd64 dovecot-sieve amd64 1:2.3.16+dfsg1-3ubuntu2.2 [394 kB]
Get:8 http://mirrors.linode.com/ubuntu jammy-updates/universe amd64 dovecot-managesieved amd64 1:2.3.16+dfsg1-3ubuntu2.2 [52.6 kB]
Get:9 http://mirrors.linode.com/ubuntu jammy-updates/main amd64 dovecot-pop3d amd64 1:2.3.16+dfsg1-3ubuntu2.2 [37.7 kB]
Get:10 http://mirrors.linode.com/ubuntu jammy-updates/universe amd64 dovecot-sqlite amd64 1:2.3.16+dfsg1-3ubuntu2.2 [11.7 kB]
Get:11 http://mirrors.linode.com/ubuntu jammy-updates/main amd64 sqlite3 amd64 3.37.2-2ubuntu0.3 [768 kB]
Fetched 5,139 kB in 0s (15.2 MB/s)
Selecting previously unselected package libexttextcat-data.
(Reading database ... 119034 files and directories currently installed.)
Preparing to unpack .../00-libexttextcat-data_3.4.5-1build2_all.deb ...
Unpacking libexttextcat-data (3.4.5-1build2) ...
Selecting previously unselected package libexttextcat-2.0-0:amd64.
Preparing to unpack .../01-libexttextcat-2.0-0_3.4.5-1build2_amd64.deb ...
Unpacking libexttextcat-2.0-0:amd64 (3.4.5-1build2) ...
Selecting previously unselected package liblua5.3-0:amd64.
Preparing to unpack .../02-liblua5.3-0_5.3.6-1build1_amd64.deb ...
Unpacking liblua5.3-0:amd64 (5.3.6-1build1) ...
Selecting previously unselected package dovecot-core.
Preparing to unpack .../03-dovecot-core_1%3a2.3.16+dfsg1-3ubuntu2.2_amd64.deb ...
Unpacking dovecot-core (1:2.3.16+dfsg1-3ubuntu2.2) ...
Selecting previously unselected package dovecot-imapd.
Preparing to unpack .../04-dovecot-imapd_1%3a2.3.16+dfsg1-3ubuntu2.2_amd64.deb ...
Unpacking dovecot-imapd (1:2.3.16+dfsg1-3ubuntu2.2) ...
Selecting previously unselected package dovecot-lmtpd.
Preparing to unpack .../05-dovecot-lmtpd_1%3a2.3.16+dfsg1-3ubuntu2.2_amd64.deb ...
Unpacking dovecot-lmtpd (1:2.3.16+dfsg1-3ubuntu2.2) ...
Selecting previously unselected package dovecot-sieve.
Preparing to unpack .../06-dovecot-sieve_1%3a2.3.16+dfsg1-3ubuntu2.2_amd64.deb ...
Unpacking dovecot-sieve (1:2.3.16+dfsg1-3ubuntu2.2) ...
Selecting previously unselected package dovecot-managesieved.
Preparing to unpack .../07-dovecot-managesieved_1%3a2.3.16+dfsg1-3ubuntu2.2_amd64.deb ...
Unpacking dovecot-managesieved (1:2.3.16+dfsg1-3ubuntu2.2) ...
Selecting previously unselected package dovecot-pop3d.
Preparing to unpack .../08-dovecot-pop3d_1%3a2.3.16+dfsg1-3ubuntu2.2_amd64.deb ...
Unpacking dovecot-pop3d (1:2.3.16+dfsg1-3ubuntu2.2) ...
Selecting previously unselected package dovecot-sqlite.
Preparing to unpack .../09-dovecot-sqlite_1%3a2.3.16+dfsg1-3ubuntu2.2_amd64.deb ...
Unpacking dovecot-sqlite (1:2.3.16+dfsg1-3ubuntu2.2) ...
Selecting previously unselected package sqlite3.
Preparing to unpack .../10-sqlite3_3.37.2-2ubuntu0.3_amd64.deb ...
Unpacking sqlite3 (3.37.2-2ubuntu0.3) ...
Setting up libexttextcat-data (3.4.5-1build2) ...
Setting up liblua5.3-0:amd64 (5.3.6-1build1) ...
Setting up sqlite3 (3.37.2-2ubuntu0.3) ...
Setting up libexttextcat-2.0-0:amd64 (3.4.5-1build2) ...
Setting up dovecot-core (1:2.3.16+dfsg1-3ubuntu2.2) ...
Creating config file /etc/dovecot/dovecot.conf with new version
Creating config file /etc/dovecot/dovecot-dict-auth.conf.ext with new version
Creating config file /etc/dovecot/dovecot-dict-sql.conf.ext with new version
Creating config file /etc/dovecot/dovecot-sql.conf.ext with new version
Creating config file /etc/dovecot/conf.d/10-auth.conf with new version
Creating config file /etc/dovecot/conf.d/10-director.conf with new version
Creating config file /etc/dovecot/conf.d/10-logging.conf with new version
Creating config file /etc/dovecot/conf.d/10-mail.conf with new version
Creating config file /etc/dovecot/conf.d/10-master.conf with new version
Creating config file /etc/dovecot/conf.d/10-ssl.conf with new version
Creating config file /etc/dovecot/conf.d/10-tcpwrapper.conf with new version
Creating config file /etc/dovecot/conf.d/15-lda.conf with new version
Creating config file /etc/dovecot/conf.d/15-mailboxes.conf with new version
Creating config file /etc/dovecot/conf.d/90-acl.conf with new version
Creating config file /etc/dovecot/conf.d/90-plugin.conf with new version
Creating config file /etc/dovecot/conf.d/90-quota.conf with new version
Creating config file /etc/dovecot/conf.d/auth-checkpassword.conf.ext with new version
Creating config file /etc/dovecot/conf.d/auth-deny.conf.ext with new version
Creating config file /etc/dovecot/conf.d/auth-dict.conf.ext with new version
Creating config file /etc/dovecot/conf.d/auth-master.conf.ext with new version
Creating config file /etc/dovecot/conf.d/auth-passwdfile.conf.ext with new version
Creating config file /etc/dovecot/conf.d/auth-sql.conf.ext with new version
Creating config file /etc/dovecot/conf.d/auth-static.conf.ext with new version
Creating config file /etc/dovecot/conf.d/auth-system.conf.ext with new version
Created symlink /etc/systemd/system/multi-user.target.wants/dovecot.service → /lib/systemd/system/dovecot.service.
dovecot.socket is a disabled or a static unit, not starting it.
Setting up dovecot-imapd (1:2.3.16+dfsg1-3ubuntu2.2) ...
Creating config file /etc/dovecot/conf.d/20-imap.conf with new version
Setting up dovecot-sieve (1:2.3.16+dfsg1-3ubuntu2.2) ...
Creating config file /etc/dovecot/conf.d/90-sieve.conf with new version
Creating config file /etc/dovecot/conf.d/90-sieve-extprograms.conf with new version
Setting up dovecot-pop3d (1:2.3.16+dfsg1-3ubuntu2.2) ...
Creating config file /etc/dovecot/conf.d/20-pop3.conf with new version
Setting up dovecot-lmtpd (1:2.3.16+dfsg1-3ubuntu2.2) ...
Creating config file /etc/dovecot/conf.d/20-lmtp.conf with new version
Setting up dovecot-managesieved (1:2.3.16+dfsg1-3ubuntu2.2) ...
Creating config file /etc/dovecot/conf.d/20-managesieve.conf with new version
Setting up dovecot-sqlite (1:2.3.16+dfsg1-3ubuntu2.2) ...
Processing triggers for ufw (0.36.1-4ubuntu0.1) ...
Processing triggers for man-db (2.10.2-1) ...
Processing triggers for libc-bin (2.35-0ubuntu3.6) ...
Processing triggers for dovecot-core (1:2.3.16+dfsg1-3ubuntu2.2) ...
Job for dovecot.service failed because the control process exited with error code.
See "systemctl status dovecot.service" and "journalctl -xeu dovecot.service" for details.
invoke-rc.d: initscript dovecot, action "restart" failed.
× dovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2024-04-15 14:08:56 EDT; 6ms ago
Docs: man:dovecot(1)
https://doc.dovecot.org/
Process: 12195 ExecStart=/usr/sbin/dovecot -F (code=exited, status=89)
Main PID: 12195 (code=exited, status=89)
CPU: 22ms
Apr 15 14:08:56 box.example.org dovecot[12195]: master: Error: service(imap-login): listen(::, 143) failed: Address family not supported by protocol
Apr 15 14:08:56 box.example.org dovecot[12195]: Error: socket() failed: Address family not supported by protocol
Apr 15 14:08:56 box.example.org dovecot[12195]: Error: service(imap-login): listen(::, 993) failed: Address family not supported by protocol
Apr 15 14:08:56 box.example.org dovecot[12195]: Fatal: Failed to start listeners
Apr 15 14:08:56 box.example.org dovecot[12195]: master: Error: socket() failed: Address family not supported by protocol
Apr 15 14:08:56 box.example.org dovecot[12195]: master: Error: service(imap-login): listen(::, 993) failed: Address family not supported by protocol
Apr 15 14:08:56 box.example.org dovecot[12195]: master: Fatal: Failed to start listeners
Apr 15 14:08:56 box.example.org systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a
Apr 15 14:08:56 box.example.org systemd[1]: dovecot.service: Failed with result 'exit-code'.
Apr 15 14:08:56 box.example.org systemd[1]: Failed to start Dovecot IMAP/POP3 email server.
dpkg: error processing package dovecot-core (--configure):
installed dovecot-core package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
dovecot-core
needrestart is being skipped since dpkg has failed
E: Sub-process /usr/bin/dpkg returned an error code (1)
-----------------------------------------
root@localhost:~#
People have previously reported that some components of MIAB (eg NSD) require IPv6, so completely disabling IPv6 will break things.
If you do disable IPV6 and find that breaks things, perhaps you could leave IPv6 enabled but remove the external addresses (scope global) from that interface…?
That’s the way to go. Just remove the public IPv6 address in the admin panel of your cloud provider from your VPS and IPv6 won’t be routable from the public internet anymore. Problem solved.
And, generally speaking, one should use a standard ubuntu server installation or a standard ubuntu cloud-init image for mail-in-a-box, and change as little as possible, preferably nothing at all, unless one has to change things back that the cloud provider has changed, which should not really be necessary with Linode.
I have to admit that I don’t use Linode myself, but I just assumed it must be possible because it’s possible with all the other providers I’ve used so far. But since there’s only a “delete” button for the IPv4 address on your screenshot, I’m not so sure anymore…
I too use Akamai’s Linode to host my email server.
I do not have to disable IPv6 but I can request Akamai customer support for my own /64. This guarantees my email server does not sit on the shared /64 that is not suited for email.
According to Spamhaus, a /64 is considered the smallest IP address for email systems since it is easier to blacklist an entire /64 than to blacklist one /128 within a /64 every time a spam email is detected.
Also, as Akamai allocates each of its customers who rent a cloud computer one entire /64, this should not be a problem.
vele, does that completely disable IPv6? Or email can be received over IPv6 but when sending, postfix uses IPv4. I would love to hear your opinion and experience.
vele, what VPS provider do you use? If it is Akamai’s Linode, then, if the default IPv6 address is “dirty” and in a Spamhaus blacklist (such as XBL), I asked Akamai’s customer support and a staff named Clara Williams assigned me a brand new /64 at no charge. This /64 is dedicated to me only, so there is no issue with Spamhaus anymore.
No it does not. Good for you to notice. To completely disable IPV6, you must have an
inet_protocols = ipv4
entry.
But i prefer
to force postfix to send IPV4 only and receive any or all INET Protocol.
Edit postfix main.cf
Input these entries:
smtp_address_preference = ipv4
smtp_balance_inet_protocols = no
inet_protocols = all
It does send IPV4 only.
It is not good idea to send IPV6 FIRST (IPV6 should be used as a failover) to IPV 6 capable servers. Google started to complain in February (all was good until then) once my IPV6 got listed a month ago with Spamhaus and Google still keeps me in their internal lists (now they downgraded the server message saying YOUR messages contain dangerous links WTF). I was to blame for the listing because I was playing via telnet IPV6 and issued a wrong command and SPAMHAUS thought I was an app inside Ubuntu trying to send out). If you are testing IPV6 sending test with YANDEX mail. They dont care as they are Russians.
I just bought a micro AMD (30GB 1GB RAM) on Netcup for 12 EUR per year. And I do recommend it although Nextcloud seems slow (Recommended VPS host? - #16 by vele) and I have another one on OCI cloud. Netcup.de gave me a /64 IPV6 and OCI a /128.
Both instances are dual stack.
As for changing your IP you can always ask but OCI has a tedious manual PTR record procedure via Support ticket.
No Linode, never used one. Linode looks to me like Digital Ocean.
Hope this helps.
Cheers
I finally found a solution to disable IPv6 on my Linode host. The key was to use Netplan to manually configure my IPv4 address and to specify “link-local: ” to prevent configuration of IPv6. Netplan was unfamiliar to me, and although it’s been around for several Ubuntu LTS releases, I had never used it.
At a high level, this is what worked for me:
Disable Linode Network Helper in the Linode panel under “Configurations”.
Remove the Linode Network Helper-generated file located in “/etc/systemd/network/”.
Edit Netplan configuration file in “/etc/netplan/01-netcfg.yaml”.
Run “netplan apply” and “netplan status” to see results.
Here is the contents of my “/etc/netplan/01-netcfg.yaml”. I redacted my actual IPv4 address and replaced it with 10.10.10.x:
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
eth0:
dhcp4: false
dhcp6: false
link-local: [] # Disables IPv6 for eth0
addresses:
- 10.10.10.206/24
routes:
- to: default
via: 10.10.10.1
on-link: true
nameservers:
addresses:
- 74.207.231.5
- 173.230.128.5
- 173.230.129.5
As an FYI and not having read the entire thread admittedly, be mindful if you have European clients / email addresses. I worked for a European entity and couldn’t email them from my US-based server because I didn’t have IPV6 properly enabled due to their local email server policy. Not sure if that’s the entire EU, or just their server. The fact is though, that I had to enable IPV6 to correspond. Email worked fine once I enabled it. Probably nothing to be concerned about if you’re based entirely in one country or the USA.