We’re getting there!
It has been a while since I started digging into IPv6. My home network is running on IPv6 for a while, but now I’m confident enough to implement it in my productive setup.
My mailserver has now been fully migrated to IPv6 and while doing this I properly implemented TLS (with a CACert signed certificate) including perfect forward secrecy (PFS) and so on.
Here is how servers of major freemail providers are reacting to my new setup.
Provider | sending to… | receiving from… | ||
---|---|---|---|---|
IPv6 | TLS | IPv6 | TLS | |
GMail | yes | yes | yes | yes |
GMX | no | yes | no | yes |
web.de | no | yes | no | yes |
T-Online | no | yes (no PFS) | no | yes |
Yahoo | no | broken* | (untested) | (untested) |
live.com/hotmail | no | no | no | no |
Apple me.com/mac.com | no | no | no | no |
* Certificate does not match hostname. They are trying to use a wildcard certificate across two levels of subdomains which is forbidden for HTTPS and not explicitely allowed for SMTP.