After migrating ISPConfig setup to new set of hosts, some e-mails to recipients started to bounce. With command Code: grep "status=bounced" /var/log/mail.log entries like the following slightly edited appear: Code: 2024-03-14T13:11:26.011411+02:00 posti postfix/smtp[548380]: 053193EC46: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[2607:f8b0:4003:c24::1a]:25, delay=2, delays=0.38/0.03/0.98/0.66, dsn=5.7.25, status=bounced (host gmail-smtp-in.l.google.com[2607:f8b0:4003:c24::1a] said: 550-5.7.25 [theipv6address1] The IP address sending this message does not 550-5.7.25 have a PTR record setup, or the corresponding forward DNS entry does 550-5.7.25 not point to the sending IP. As a policy, Gmail does not accept 550-5.7.25 messages from IPs with missing PTR records. For more information, go 550-5.7.25 to 550-5.7.25 https://support.google.com/mail/answer/81126#ip-practices 550-5.7.25 To learn more about Gmail's sender policy, go to 550 5.7.25 https://support.google.com/mail/answer/81126. s1-20020a9d58c1000000b006e667879011si349994oth.183 - gsmtp (in reply to end of DATA command)) I could see some e-mails were sent to GMail, Outlook etc OK, but some bounced. Some thinking showed the OK mails were sent to IPv4 address, the failing ones got that bounce message and were sent to IPv6 address. This appeared because the new host had active IPv6, and postfix used it. If the recipient e-mail server has both IPv4 and IPv6 address, it is a coin toss to which the e-mail is sent. Google advertises both IPv4 and IPv6 address for e-mail servers: $ host gmail-smtp-in.l.google.com. gmail-smtp-in.l.google.com has address 64.233.164.26 gmail-smtp-in.l.google.com has IPv6 address 2a00:1450:4010:c07::1a When setting up this new system I did not realise postfix would now use IPv6, so I had not done proper configuration. The message bounces were fixed when I added AAAA record for the e-mail server FQDN to name service, and added the PTR record also for IPv6 address. I had done these for IPv4, of course, and now I learned I need to do them for IPv6 also. I verified this really fixed the bounce issue by sending several messages to GMail address where I can read the messages. Reading full headers or activating the "Delivery status notification" showed if message was sent with IPv4 or IPv6 (it was about half and have for each), and both were sent OK now. I could not figure out how to force sending only to IPv6 without messing up the production server e-mail setup.
The problem is that your IPv6 address seems to lack a PTR record. You must have a PTR record for your IPv4 address and also have a second one for your IPv6 address.
The problem was missing both AAAA record and PTR (reverse DNS) for the IPv6 address. I had forgotten to deal with IPv6 completely when setting up this new server. Kudos to ISPConfig, it set up IPv6 correctly even though I did not even know it needed setting up. Now I have server with IPv6, no longer in the dark ages of IPv4 only.
