Postfix IPv6/IPv4 Connection Behavior: When Does It Prefer IPv6 Over IPv4?


3 views

Postfix versions 2.9 and above support dual-stack operation (IPv4 and IPv6), but its connection behavior isn't as straightforward as "IPv6 first with IPv4 fallback." The actual behavior depends on multiple configuration factors and system settings.

These main directives control Postfix's IP version preference:

# /etc/postfix/main.cf
inet_protocols = all  # or "ipv6, ipv4" for explicit ordering
smtp_address_preference = any  # or "ipv6" to prefer IPv6

Postfix follows this decision flow:

  1. Checks DNS for AAAA (IPv6) and A (IPv4) records
  2. Applies smtp_address_preference if multiple addresses exist
  3. Falls back to other available protocols after connection failure (configurable via smtp_fallback_relay)

To see which protocol Postfix is using:

# Check mail logs for connection attempts
grep 'connect to' /var/log/mail.log

# Enable verbose logging
postconf -e debug_peer_level=2
postconf -e debug_peer_list=example.com

To make IPv6 the primary choice when available:

# Explicit protocol ordering
postconf -e "inet_protocols = ipv6, ipv4"

# Prefer IPv6 addresses when both exist
postconf -e "smtp_address_preference = ipv6"

# Disable IPv4 entirely (not recommended)
# postconf -e "inet_protocols = ipv6"
  • DNS configuration issues (missing AAAA records or incorrect PTR)
  • Firewall blocking IPv6 connections
  • System kernel not properly configured for IPv6
  • MTU issues with IPv6 tunneling

Verify your configuration with:

postfix check
postconf -n | grep inet_protocols
telnet ::1 25  # Test IPv6 locally

Postfix's behavior regarding IPv6 and IPv4 connections isn't as straightforward as "use IPv6 if available." The mail server makes its decision based on several configuration parameters and network conditions. In version 2.9 (which you're using), Postfix implements a dual-stack approach but doesn't always prioritize IPv6 by default.

These main.cf parameters control Postfix's IP version behavior:

# Enable both IPv4 and IPv6
inet_protocols = all

# Alternative explicit declaration
inet_protocols = ipv4, ipv6

# Connection timeout settings (affects fallback)
smtp_fallback_relay = 
smtp_connect_timeout = 30s

Postfix follows this decision process:

  1. Queries DNS for both A (IPv4) and AAAA (IPv6) records
  2. Attempts connections based on inet_protocols order
  3. If IPv6 fails, falls back to IPv4 after timeout
  4. May cache the successful protocol for subsequent connections

To make Postfix prefer IPv6 when available:

# In main.cf
inet_protocols = ipv6, ipv4
preferred_lft = 0

This configuration tells Postfix to:

  • Try IPv6 first in all cases
  • Disable temporary addresses that might cause connection issues
  • Fall back to IPv4 only when IPv6 fails

Use these commands to verify Postfix's behavior:

# Check active connections
postconf -n | grep inet_protocols
netstat -tulnp | grep master

# Verbose logging
postconf -d | grep smtp

When sending to Gmail (which supports IPv6), you might add this to main.cf:

# Special handling for Gmail
smtp_dns_support_level = dnssec
smtp_tls_security_level = encrypt
smtp_address_preference = ipv6

Remember that IPv6 might be slower in some networks due to:

  • Larger packet headers
  • Potential tunnel overhead
  • Less optimized routing paths

Monitor delivery times with:

grep 'to=<.*gmail.com>' /var/log/mail.log | \
awk '{print $1,$2,$3,$(NF-2)}'