I installed Mail In A Box successfully on my IPV6 home server and while the installation went smoothly, and my domain name can receive email from ICANN, MIGADU, and GMAIL, there is a problem I will like to share:
As my IPV6 mail server is a home server, I notice Mail In A Box will not allow me to use “Lets Encrypt” certificates as it detects my IPV4 address (which is actually the IP of my ISP’s CGNAT gateway).
My IPV6 web server is self signed, and while I do not care, I would like to be able to use Let’s Encrypt.
When I use the online “nslookup.io” web-based tool, I notice, my CGNATed IPV4 shows up in the “A” record, and my public IPV6 shows up in the “AAAA” record. If possible, I would love to be able to disable IPV4 completely.
Hi, a couple of thoughts
Re CGNAT: MIAB assumes direct access to the internet. If you can get a “fixed” / “static” address from your ISP, it will make things much easier. Anything between your box and the internet is something you will have to manage yourself It can be done but is not trivial.
Re IPv4: There still are lots of mail servers that do not have IPv6. If you’re IPv6 only, a substantial fraction of the world will be hidden from your server.
I have a public fixed/static IPV6 address, in fact an entire /64 from my ISP
The problem I face with Mail In A Box is the system prefers IPV4 over IPV6 and try sending out email via my CGNAT IPV4 and fail.
Yes, I am aware many mail servers do not have IPV6 but I decided to more to IPV6 as it is sort of spam free and if a person wants to message me, he would have to make sure his system supports IPV6 and I think Mail In A Box can replace instant messaging apps like WhatsApp.
Also, as I a sort of “geek” I choose to be different
Could be fun. I’m sure it’s possible but don’t know if it’s practical. (Because almost anything is “possible” with enough effort.)
You’d need to remove all A records from the DNS, so the rest of the world doesn’t try your IPv4 address.
Then stop local services from using IPv4. It doesn’t seem easy to disable IPv4 on Linux, but you could try removing the v4 address from the interface. But I imagine this might upset some local services and scripts … you’re likely in for some serious debugging and lots of learning
Any chance you are using a pfSense device to manage your IPv6 addressing?