Well thread suggest you can be open relay over ipv6, sadly I believe mxtoolbox does not test ipv6 for open relay, you will need to test i by your self something like this using telnet

+telnet -6 ipv6_address_of_your_server 25
-Trying ...
-Connected to ...
-Escape character is '^]'.
-220-mail.name ESMTP Postcow
-220 mail.name ESMTP Postcow
+HELO im.test.com
-250 mail.name
+mail from:<test@test.com>
-250 2.1.0 Ok
+rcpt to:<recive@test.com>
-554 5.7.1 <recive@test.com>: Relay access denied
+QUIT
-221 2.0.0 Bye
-Connection closed by foreign host.

do not copy + and - from start of lines, + is supposed to be write by you - is what is supposed to be response from servr

    ETNyx It doesn’t say “Relay access denied”, it just says “250 2.1.5 Ok” at “RCPT TO” when I try connecting to the ipv6 address.

    Also something I noticed (probably unrelated) is that when I try connecting to the ipv6 address it says
    “220 mail.playlook.de ESMTP Postcow”
    but when I try connecting to the ipv4 address of my server it says something about my local ISP:
    “220 some domains relating to the ISP Swisscom AG ESMTP server ready” and even here it accepts the RCPT TO

        chocolateimage is already the latest (v2.27.1) if you are meaning that reply.

        No, I meant the whole thread. Maybe its an issue with IPv6.

        chocolateimage but when I try connecting to the ipv4 address of my server it says something about my local ISP:

        That is strange and I can only imagine that this is due to a transparent NAT rule of your ISP forwarding any packet to your IPv4 Address instead to their own mail service.

              Yes on IPv4 your ISP is most likely hijacking your traffic, pretty common in my region, but nasty,..

              Well most likely you did not disable IPv6 in the proper way. Is there a reason to disable IPv6? Im running Mailcow whit IPv6 just fine,… Any way review your steps a find whats wrong, or I do not know make proper firewall in front that will drop all IPv6 if you cant do it any other way, just be careful UFW and other firewall tools do not play whit Mailcow more whit Docker nicely,… or disable IPv6 on your host interface if you must, better than be open relay,…

                ETNyx For me ipv6 caused emails not sending properly to some providers like gmail (emails bounced) so I disabled it then email sending worked

                [unknown] I tried actually sending an email with telnet over ipv6 and it seems like I got an email in my inbox without any authorization. In the logs it says: connect from unknown[172.22.1.1] so somehow it allowed the ipv6 connection to Postfix even though I disabled it.

                [unknown] I tried actually sending an email with telnet over ipv6 and it seems like I got an email in my inbox without any authorization. In the logs it says: connect from unknown[172.22.1.1] so somehow it allowed the ipv6 connection to Postfix even though I disabled it.

                also sorry for the weird formatting in the message above, seems like the forum bugged out there.

                  Ok, so you can try to solve why did bounced,

                  or double check you did all necessary steps to disable ipv6 in mailcow stack, i found the docs little bit confusing,.. docs.mailcow.email Icon Disable IPv6 - mailcow: dockerized documentation

                  docs.mailcow.email Icon docs.mailcow.email
                  Disable IPv6 - mailcow: dockerized documentation
                  None
                  docs.mailcow.email

                  If this does not work you can try to disable ipv6 on your hosts it self: This come from my memory double check it on internet and against for your disto,…
                  sudo nano /etc/sysctl.conf

                  net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

                  than restart

                    ETNyx I am using ipv6 for other things in my server, seems like enabling ipv6 by reverting the changes fixed the issues!

                      I’m noticing the same behavior. Random sender addresses on my domain sending to random @qq.com addresses from 172.22.1.1. I just disabled IPv6 on my host and will monitor if it stops. This is a pretty huge security issue. Mailcow should assume IPv6 is enabled on the host and authenticate traffic from the network stack or block it all together instead of just allowing open relay.

                      I had the same problem. Disabling IPv6 on ports 25, 587 and 465 at the incoming firewall did the trick. I assume, that the postfix-container needs additional configuration. He maps all ports 587 to tcp:587, the IPv6-Ports also. Afterwards he ist listening at that port on :::587, although extra.cf has defined inet_protocols = ipv4.

                        chris65 I went and also blocked IPv6 on my hosting configuration’s firewall rules.

                          Perhaps you can block it for the three ports only. Then you still can use IPv6 for other purposes on your server . . . I did not find a paramter to make postfix block ipv6-port

                          Yep thats possible. The real issue is why postfix is allowing unauthenticated relaying on IPv6. It should be treated as IPv4 requiring authentication or policy to allow it.

                          If you guy’s suspecting that postfix acting as an Open-Relay on ipv6, i highly recommend file a Bugreport with all the evidence.
                          At least on my end i can’t reproduce.

                           telnet 2...................::1 25
Trying 2...................::1
Connected to 2...................::1
Escape character is '^]'.
220 mydomain.xyz ESMTP Postcow
ehlo vlah.com
250-mydomain.xyz
250-PIPELINING
250-SIZE 104857600
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: nlah.com
250 2.1.0 Ok
rcpt to: something.xyz
554 5.7.1 <something.xyz>: **Relay access denied**

                            piperino recommend file a Bugreport with all the evidence.

                            That was already discussed here:
                            mailcow/mailcow-dockerized5242

                            Seems its not a mailcow problem, but a docker problem with userland proxy and/or unsupported OS running mailcow on.

                                May be a docker problem. Fact is, that some chinese people can relay with our server on rocky linux, when firewall is open and they can’t, when firewall ports 25, 465 an 587 are closed. The postfix-container seems to route it to local 587, which is open as trusted. All steps to work without ipv6 are done as instructed in the manual. Where should we post it? Also, postfix is configured via extra.cf to use ipv4-protocol only.

                                  chris65 Where should we post it?

                                  Open an issue on github referencing the one above.

                                    i am not familiar with readable postings, so could you please do it for me in better words? Thank you!

                                    esackbauer Looks like this is correct. I still have IPv6 disabled on my OS and firewall level and since it is unnecessary for my purposes and will leave it that way. IPv6 continues to be the center of more problems than a solution to them in my experience thus far.

                                      No one is typing