We’re getting there!
It has been a while since I started digging into IPv6. My home network is running on IPv6 for a while, but now I’m confident enough to implement it in my productive setup.
My mailserver has now been fully migrated to IPv6 and while doing this I properly implemented TLS (with a CACert signed certificate) including perfect forward secrecy (PFS) and so on.
Here is how servers of major freemail providers are reacting to my new setup.
|Provider||sending to…||receiving from…|
|T-Online||no||yes (no PFS)||no||yes|
* Certificate does not match hostname. They are trying to use a wildcard certificate across two levels of subdomains which is forbidden for HTTPS and not explicitely allowed for SMTP.