Postfix disable ipv6

Tired of remembering every time how to disable ipv6 in a particular application. While ipv6 is almost never used in our country, I think that it is better to disable it so as not to catch unnecessary errors or security problems. I will keep this cheat sheet for myself and others, if someone finds it useful.

How to disable ipv6

It is safer to disable ipv6 for a specific application. Below is a growing list of applications for which I will disable ipv6.

To check which interface an application is listening on, you can use the netstat command. If you do not have the corresponding application, it is put like this:

# yum install net-tools

for Centos, or like this for Debian and Ubuntu

# apt install net-tools

Checking which ports and protocols our applications use:

# netstat -tulnp

We see that our ntp, ssh and zabbix-client applications listen to the ipv6 protocol. The next step is to disable it. After you disable ipv6 for all applications, you should get the following picture:

Further instructions on how to disable ipv6 in ntp in Ubuntu 16. In the /etc/default/ntp file, add the -4 flag to the parameters:

# systemctl restart ntp

Check ipv6 disable for ntp:

Disable ipv6 in chrony in Centos 7. Edit config /etc/sysconfig/chronyd.

# systemctl restart chronyd

Checking if chrony has disabled ipv6:

I tell you how to disable ipv6 from ssh. Specify the parameter in the /etc/ssh/sshd_config configuration file:

# systemctl restart sshd

Check if ipv6 is disabled for ssh:

Disable ipv6 on the zabbix agent. Specify the parameter in the /etc/zabbix/zabbix_agentd.conf configuration file:

# systemctl restart zabbix-agent

Disable ipv6 in zabbix server. Specify the parameter in the /etc/zabbix/zabbix_server.conf configuration file:

# systemctl restart zabbix-server

I tell you how to disable ipv6 on the apache web server. Specify the parameter in the main config:

# apachectl restart

Let’s see if apache has disabled ipv6 or not. If you have Centos, then the service is called httpd.

If Debian/Ubuntu, then apache.

Disable ipv6 in postfix. Change in the config /etc/postfix/main.cf

inet_protocols = ipv4

# systemctl restart postfix

Check ipv6 disable:

Disable ipv6 in rsync on CentOS 7. Specify the parameter in the /etc/sysconfig/rsyncd configuration file:

# systemctl restart rsyncd

Check if ipv6 is disabled in rsync:

This is ONLY recommended if you do not have an IPv6 enabled network on your host!

If you really need to, you can disable the usage of IPv6 in the compose file.
Additionally, you can also disable the startup of container «ipv6nat-mailcow», as it’s not needed if you won’t use IPv6.

Instead of editing docker-compose.yml directly, it is preferable to create an override file for it
and implement your changes to the service there. Unfortunately, this right now only seems to work for services, not for network settings.

To disable IPv6 on the mailcow network, open docker-compose.yml with your favorite text editor and search for the network section (it’s near the bottom of the file).

1. Modify docker-compose.yml

Change enable_ipv6: true to enable_ipv6: false:

2. Disable ipv6nat-mailcow

To disable the ipv6nat-mailcow container as well, go to your mailcow directory and create a new file called «docker-compose.override.yml»:

NOTE: If you already have an override file, of course don’t recreate it, but merge the lines below into your existing one accordingly!

# cd /opt/mailcow-dockerized
# touch docker-compose.override.yml

For these changes to be effective, you need to fully stop and then restart the stack, so containers and networks are recreated:

docker-compose (Plugin)docker-compose (Standalone)

docker compose down
docker compose up -d

docker-compose down
docker-compose up -d

3. Disable IPv6 in unbound-mailcow

Edit data/conf/unbound/unbound.conf and set do-ip6 to «no»:

docker compose restart unbound-mailcow

docker-compose restart unbound-mailcow

4. Disable IPv6 in postfix-mailcow

Create data/conf/postfix/extra.cf and set smtp_address_preference to ipv4:

smtp_address_preference = ipv4
inet_protocols = ipv4

docker compose restart postfix-mailcow

docker-compose restart postfix-mailcow

5. If your docker daemon completly disabled IPv6:

By default mailcow considers all networks as untrusted excluding its own IPV4_NETWORK and IPV6_NETWORK scopes. Though it is reasonable in most cases, there may be circumstances that you need to loosen this restriction.

By default mailcow uses mynetworks_style = subnet to determine internal subnets and leaves mynetworks unconfigured.

If you decide to set mynetworks, Postfix ignores the mynetworks_style setting. This means you have to add the IPV4_NETWORK and IPV6_NETWORK scopes as well as loopback subnets manually!

Unauthenticated relaying¶

Incorrect setup of mynetworks will allow your server to be used as an open relay. If abused, this will affect your ability to send emails and can take some time to be resolved.

IPv4 hosts/subnets¶

I’m confident to say that this is the best and most comprehensive tutorial series about building an email server from scratch on the Internet. Not only will you have a working email server, but also you will have a much better understanding of how email works. This tutorial series is divided into 15 parts.

Hint: If you don’t want to build an email server from scratch, which is a long and tedious process, you can use Scalahosting managed VPS to set up a full-featured mail server quickly and easily.

This article is part 1 of this tutorial series. In this article, I will show you how to set up a very basic Postfix SMTP server, also known as an MTA (message transport agent). Once you finish this article, you should be able to send and receive emails with your own email domain on your own email server. This tutorial is tested on Ubuntu 22.04, Ubuntu 20.04, and Ubuntu 18.04 server.

About Postfix

Postfix is a state-of-the-art message transport agent (MTA), aka SMTP server, which serves two purposes.

Postfix was built by Wietse Venema who is a Unix and security expert. It’s easy to use, designed with security and modularity in mind, with each module running at the lowest possible privilege level required to get the job done. Postfix integrates tightly with Unix/Linux and does not provide functionalities that Unix/Linux already provides. It’s reliable in both simple and stressful conditions.

Postfix was originally designed as a replacement for Sendmail – the traditional SMTP server on Unix. In comparison, Postfix is more secure and easier to configure. It is compatible with Sendmail, so if you uninstall Sendmail and replace it with Postfix, your existing scripts and programs will continue to work seamlessly.

In this tutorial, you will learn how to configure Postfix for a single domain.

Choosing the Right Hosting Provider

Kamatera VPS is a very good option to run a mail server because

You also need a domain name. I registered my domain name from NameCheap because the price is low and they give you whois privacy protection free for life.

Things To Do Before Installing Postfix

To make Postfix perform better and get the most out of Postfix, you need to properly set up your Ubuntu server.

Set A Correct Hostname for Ubuntu Server

By default, Postfix uses your server’s hostname to identify itself when communicating with other MTAs. Hostname can have two forms: a single word and FQDN.

The single word form is used mostly on personal computers. Your Linux home computer might be named linux, debian, ubuntu etc. F QDN (Fully Qualified Domain Name) is commonly used on Internet-facing servers and we should use FQDN on our mail servers. It consists of two parts: a node name and a domain name. For example:

is an FQDN. mail is the nodename, linuxbabe.com is the domain name. F QDN will appear in the smtpd banner. Some MTAs reject messages if your Postfix does not provide FQDN in smtpd banner. Some MTAs even query DNS to see if FQDN in the smtpd banner resolves to the IP of your mail server.

If your Ubuntu server doesn’t have an FQDN yet, you can use hostnamectl to set one.

sudo hostnamectl set-hostname

A common FQDN for mail server is mail.yourdomain.com. You need to log out and log back in to see this change at the command prompt.

Set Up DNS Records for Your Mail Server

You need to go to your DNS hosting service (usually your domain registrar like NameCheap) to set up DNS records

MX record

An MX record tells other MTAs that your mail server mail.yourdomain.com is responsible for email delivery for your domain name.

A common name for the MX host is mail.yourdomain.com. You can specify more than one MX record and set priority for your mail servers. A lower number means higher priority. Here we only use one MX record and set 0 as the priority value. (0 – 65535)

A record

An A record maps an FQDN to an IP address.

AAAA record

If your server uses IPv6 address, it’s also a good idea to add AAAA record for mail.yourdomain.com.

PTR record

A pointer record, or PTR record, maps an IP address to an FQDN. It’s the counterpart to the A record and is used for reverse DNS (rDNS) lookup.

PTR record isn’t managed by your domain registrar. It’s managed by the organization that gives you an IP address. You get IP address from your hosting provider, not from your domain registrar, so you must set PTR record for your IP address in your hosting provider’s control panel. Its value should be your mail server’s hostname: mail.your-domain.com. If your server uses IPv6 address, then add a PTR record for your IPv6 address as well.

Note: Gmail will actually check the A record of the hostname specified in the PTR record. If the hostname resolves to the same IP address, Gmail will accept your email. Otherwise, it will reject your email.

After all of the above is done, let’s play with Postfix.

sudo apt-get update

sudo apt-get install postfix -y

You will be asked to select a type for mail configuration. Normally, you will want to select the second type: Internet Site.

Once installed, Postfix will be automatically started and a /etc/postfix/main.cf file will be generated. Now we can check Postfix version with this command:

On Ubuntu 22.04, the Postfix version is 3.6.4, and Ubuntu 20.04 ships with version 3.4.10.

mail_version = 3.6.4

The ss (Socket Statistics) utility tells us that the Postfix master process is listening on TCP port 25.

Open TCP Port 25 (inbound) in Firewall

sudo ufw allow 25/tcp

Then we can scan open ports on the mail server with an online port scanner. Enter your mail server’s public IP address and select scan all common ports.

You can see from the above screenshot that TCP port 25 is open on my mail server.

Checking If TCP Port 25 (outbound) is blocked

sudo apt install telnet

telnet gmail-smtp-in.l.google.com 25

Sending Test Email

When installing Postfix, a sendmail binary is placed at /usr/sbin/sendmail, which is compatible with the traditional Sendmail SMTP server. You can use Postfix’s sendmail binary to send a test email to your Gmail account like this:

Note: The From: domain name is determined by the myorigin parameter in Postfix, not by the myhostname parameter.

The Postfix mail log is stored at /var/log/mail.log.

Still Can’t Send Email?

sudo nano /var/log/mail.log

This means your mail server is using IPv6 to send the email, but you didn’t set up IPv6 records. You should go to your DNS manager, set AAAA record for mail.your-domain.com, then you should also set PTR record for your IPv6 address. ( PTR record is managed by the organization that gives you an IP address.)

To save a file in Nano text editor, press Ctrl+O, then press Enter to confirm. To exit, press Ctrl+X.

Using the mail program to Send and Read Email

sudo apt-get install mailutils

To send email, type

Enter the subject line and the body text. To tell mail that you have finished writing, press Ctrl+D and mail will send this email message for you.

To read incoming emails, just type mail.

Here’s how to use the mail program to manage your mailbox.

How To Increase Attachment Size Limit

By default, the attachment cannot be larger than 10MB, which is indicated by the message_size_limit parameter.

message_size_limit = 10240000

This parameter defines the size limit for emails originating from your own mail server and for emails coming to your mail server.

sudo postconf -e message_size_limit=52428800

When postconf command is invoked with the -e (edit) option, it will try to find the parameter (message_size_limit) in the Postfix main configuration file (/etc/postfix/main.cf) and change the value. If the parameter can’t be found, then it adds the parameter at the end of the file.

Note that the message_size_limit should not be larger than the mailbox_size_limit, otherwise Postfix might not be able to receive emails. The default value of mailbox_size_limit is 51200000 bytes (about 48MB) in the upstream Postfix package. On Ubuntu, the default value is set to 0, as can be seen with

mailbox_size_limit = 0

This means that the mailbox has no size limit, which is great.

Restart Postfix for the changes to take effect.

sudo systemctl restart postfix

When sending an email with large attachments from your mail server, you should also beware of the receiving server’s attachment size limit. For example, You can not send an attachment larger than 25MB to a Gmail address.

Setting the Postfix Hostname

By default, Postfix SMTP server uses the OS’s hostname. However, the OS hostname might change, so it’s a good practice to set the hostname directly in Postfix configuration file. Open the Postfix main configuration file with a command-line text editor, such as Nano.

sudo nano /etc/postfix/main.cf

Find the myhostname parameter and set mail.yourdomain.com as the value. It’s not recommended to use the apex domain yourdomain.com as myhostname. Technically you can use the apex domain, but it will create problems in later parts of this tutorial series.

myhostname = mail.yourdomain.com

Save and close the file. ( To save a file in Nano text editor, press Ctrl+O, then press Enter to confirm. To exit, press Ctrl+X.) Restart Postfix for the change to take effect.

Creating Email Alias

There are certain required aliases that you should configure when operating your mail server in a production environment. You can add email alias in the /etc/aliases file, which is a special Postfix lookup table file using a Sendmail-compatible format.

sudo nano /etc/aliases

By default, there are only two lines in this file.

# See man 5 aliases for format
postmaster: root

Using IPv4 Only

By default, Postfix uses both IPv4 and IPv6 protocols, as can been seen with:

inet_protocols = all

sudo postconf -e «inet_protocols = ipv4»

Then restart Postfix.

Upgrading Postfix

If you run sudo apt update, then sudo apt upgrade, and the system is going to upgrade Postfix, you might be prompted to choose a configuration type for Postfix again. This time you should choose No configuration to leave your current configuration file untouched.

Next Step

Congrats! Now you have a basic Postfix email server up and running. You can send plain text emails and read incoming emails using the command line. In the next part of this tutorial series, we will learn how to install Dovecot IMAP server and enable TLS encryption, which will allow us to use a desktop mail client like Mozilla Thunderbird to send and receive emails.

As always, if you found this post useful, subscribe to our newsletter to get more tips and tricks. Take care 🙂

Rate this tutorial

I’m confident to say that this is the best and most comprehensive tutorial series about building an email server from scratch on the Internet. Not only will you have a working email server, but also you will have a much better understanding of how email works. This tutorial series is divided into 13 parts:

This article is part 1 of this tutorial series. In this article, I will show you how to set up a basic Postfix SMTP server, also known as an MTA (message transport agent). Once you finish this article, you should be able to send and receive emails with your own email domain on your own email server.

Configure Your Hostname and DNS Records

To make Postfix perform better and get the most out of Postfix, you need to properly set up your Rocky Linux 9/Alma Linux 9 Server.

Set A Correct Hostname for Rocky Linux 9/Alma Linux 9 Server

is an FQDN. mail is the nodename, linuxbabe.com is the domain name. F QDN will appear in the smtpd banner. Some MTAs will reject your emails if your Postfix does not provide FQDN in smtpd banner. Some MTAs even query DNS to see if FQDN in the smtpd banner resolves to the IP of your mail server.

If your Rocky Linux 9/Alma Linux 9 server doesn’t have an FQDN yet, you can use hostnamectl to set one.

Create DNS Records for Your Mail Server

You need to go to your DNS hosting service (usually your domain registrar like NameCheap) to create DNS records.

A common name for the MX host is mail.yourdomain.com. You can specify more than one MX record and set priority for your mail servers. A lower number means higher priority. Here we only use one MX record and set 0 as the priority value. (0 – 65355)

If your server has a public IPv6 address, it’s also a good idea to add AAAA record for mail.yourdomain.com.

PTR record isn’t managed by your domain registrar. It’s managed by the person who gives you an IP address. Because you get IP address from your hosting provider, not from your domain registrar, so you must set PTR record for your IP address in your hosting provider’s control panel. Its value should be your mail server’s hostname: mail.your-domain.com. If your server uses IPv6 address, then add a PTR record for your IPv6 address as well.

Enable SELinux

By default, SELinux is disabled on AlmaLinux 9. I highly recommended enabling SELinux. It works perfectly fine for a mail server. Some folks just turn off SELinux when things are not working, because they are lazy.

To check SELinux status, run

SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33

If SELinux is disabled on your system, edit the /etc/selinux/config file.

sudo dnf install nano

sudo nano /etc/selinux/config

Change it to:

Save and close the file. Then reboot your server.

sudo shutdown -r now

SELinux will be enabled and start labeling the file system on the next boot.

sudo dnf update

sudo dnf install postfix -y

Once it’s installed, start Postfix SMTP server.

sudo systemctl start postfix

And enable auto-start at boot time.

sudo systemctl enable postfix

Now you can check its status with:

systemctl status postfix

As you can see, Postfix is now active (running) and auto-start at boot time is enabled. You can check Postfix version with this command:

Rocky Linux 9/Alma Linux 9 ships with Postfix v3.5.9.

mail_version = 3.5.9

The ss utility (socket statistics) tells us that the Postfix master process is listening on TCP port 25 of the localhost. ( If your Rocky Linux 9/Alma Linux 9 server doesn’t have the ss command, you can run sudo dnf install iproute command to install it.)

Configuring Postfix

inet_interfaces = localhost

sudo postconf -e «inet_interfaces = all»

sudo postconf -e «myhostname = »

Note: It’s not recommended to use the apex domain yourdomain.com as myhostname. Technically you can use the apex domain, but it will create problems in later parts of this tutorial series.

Setting $mydomain Parameter

The $mydomain parameter specifies the local internet domain name. The default is to use $myhostname minus the first component. You can display the current value of $mydomain with:

It should be your apex domain name, like

If it’s not displaying your apex domain name, then set the $mydomain parameter with:

sudo postconf -e «mydomain = »

Setting $myorigin Parameter

myorigin = $myhostname

sudo postconf -e «myorigin = »

Setting $mydestination Parameter

The $mydestination parameter specifies the list of domains that your server considers itself the final destination for. You can display the current value of $mydestination with:

mydestination = $myhostname, localhost.$mydomain, localhost

sudo postconf -e «mydestination = , $myhostname, localhost.$mydomain, localhost»

Restarting Postfix

Finally, we need to restart Postfix for the changes to take effect.

sudo firewall-cmd —permanent —add-port=25/tcp

sudo systemctl reload firewalld

If your Rocky Linux/Alma Linux server doesn’t have the firewall-cmd command, then you need to install FirewallD beforehand.

sudo dnf install firewalld

sudo systemctl start firewalld

sudo systemctl enable firewalld

Checking If Port 25 (outbound) is blocked

sudo dnf install telnet -y

In this simple command, sendmail reads a message from standard input and make “test email” as the message body, then send this message to your Gmail account.

You can see that although we didn’t specify the From: address, Postfix automatically append a domain name for the From: address. That’s because we have set the $myorigin parameter. Also, you can try to reply to this test email to see if Postfix can receive email messages.

The Postfix mail log is stored at /var/log/maillog.

Then open the mail log file.

sudo nano /var/log/maillog

Using the mail program to Send and Read Email On the Command Line

sudo dnf install mailx

Note that the message_size_limit should not be larger than the mailbox_size_limit, otherwise Postfix might not be able to receive emails. The default value of mailbox_size_limit is 51200000 bytes (about 48MB), as can be seen with

mailbox_size_limit = 51200000

Set the value to 0, so mailbox has no size limit.

sudo postconf -e mailbox_size_limit=0

There are some required aliases that you should configure when operating your mail server in a production environment. You can add email alias in the /etc/aliases file, which is a special Postfix lookup table file using a Sendmail-compatible format. Install the Nano command-line text editor and open this file.

sudo dnf install nano

sudo nano /etc/aliases

By default, the Postfix package on Rocky Linux/Alma Linux 8 defines many aliases, such as

sudo postconf -e «smtp_address_preference = ipv4»

Then restart Postfix for the changes to take effect.

Postfix Automatic Restart

Instead of manually typing this command, we can make Postfix automatically restart by editing the postfix.service systemd service unit. To override the default systemd service configuration, we create a separate directory.

sudo mkdir -p /etc/systemd/system/postfix.service.d/

Then create a file under this directory.

sudo nano /etc/systemd/system/postfix.service.d/custom.conf

Save and close the file. Then reload systemd.

sudo systemctl daemon-reload

To check if this would work, kill Postfix with:

sudo pkill master

Then check Postfix status. You will find Postfix automatically restarted.