1

Topic: IPv6 Cert Response Time

- iRedMail version 1.6.2
- Deployed with downloadable installer
- Linux Debian 11
- MySQL
- Web server Nginx
- Opensource

Setup is done with IPv4 and IPv6 using self signed certificates. Our mail seems to be working fine from the browser(Sogo). The issue comes when trying to use a mail client like Thunderbird. When Thunderbird is trying to grab the cert over IPv6 it times out.
I've run the following command which defaults to use IPv6.

time openssl s_client -showcerts -servername <server> -connect <server>:465 <<< "Q" | openssl x509

with response in
real    2m10.987s

Then I tried the same thing but pointed to the IPv4 address

time openssl s_client -showcerts -servername <server-ipv4> -connect <server-ipv4>:465 <<< "Q" | openssl x509

with response in
real    0m0.064s

I've tried adding the following below into /opt/iredapd/settings.py and /etc/postfix/main.cf
mynetworks = <added in my networks>

main also showing
inet_protocols = all        (enable IPv4, and IPv6 if supported)

Any help here or suggestions would be greatly appreciated

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: IPv6 Cert Response Time

Is port 465 open in firewall for IPv6?

3

Re: IPv6 Cert Response Time

Rather than tcp/465, you should be using tcp/587 with STARTTLS. Is your postfix listening on both IPv4 and IPv6?

as root, check using
# lsof -ni -P |grep 587

Also you should get a real cert. They are available for free from LetsEncrypt.

4

Re: IPv6 Cert Response Time

Issue resolved
Was issue with IPV6 allow rules in the cloud provider