I’ve never paid too much attention to IPv6, except for turning it off completely in case of strange issues. And admit it, most of you do the same.
Security is getting more and more important, and as a messaging consultant you want your Exchange environment top notch. In the Dutch community NGN I was pointed to internet.nl where you can check your presence on the Internet. Lots of red crosses when it comes to messaging and IPv6, reason for me to start looking into that.
In this blogpost I will focus on the Exchange 2016 Edge Transport server (I have two for inbound and outbound email) and the Exchange 2016 Mailbox server, which is load balanced behind a Kemp LoadMaster LM3600.
Exchange 2016 Edge Transport server
Although a lot of Exchange admins disable IPv6 on their Exchange servers (through a registry key) in case of strange issues, it is not a recommended solution.
I have two Exchange 2016 Mailbox servers, one Exchange 2013 multi-role server and two Edge Transport servers (one Exchange 2013 and the other Exchange 2016) for inbound and outbound SMTP traffic. There are two MX records which point to these Edge Transport servers. Both have an external IPv4 address.
The first step of course is to add an IPv6 address to the network adapter of the Edge Transport servers, your provider should be able to supply you with a sufficient IP range.
This should not result in too much issues. If you want to ping your server on IPv6 make sure that the File and Printer Sharing (Echo request – ICMPv6-In) inbound rule is enabled in Windows Firewall.
The next step is to enable the Edge Transport server for IPv6 usage. The Mailbox server has everything setup by default, but the Edge Transport server is only configured for IPv4.
Open Exchange Management Shell and enter the following command:
Get-ReceiveConnector "*default*" | Select Bindings,RemoteIPRanges
And you’ll see that the Default Receive Connector is only bound to IPv4 and only accepts remote IPv4 connections:
You can bind IPv6 to the Default Receive Connector ([::]:25) and have it listen to all available remote IPv6 addresses (“,”::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) by using the following command in the Exchange Management Shell:
Get-ReceiveConnector "*default*" | Set-ReceiveConnector -Bindings "0.0.0.0:25","[::]:25" -RemoteIPRanges "0.0.0.0-255.255.255.255","::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"
You can use the Get-ReceiveConnector “*default*” command again to check if the changes were carried out correctly.
When I send an email from my Gmail account to a mailbox on my Exchange 2016 environment and check the header information I can see that it’s actually using my IPv6 address:
When using a site like https://internet.nl I can see that my servers are configured correctly.
In contrast to the Exchange 2016 Mailbox server, which is fully configured for use with IPv6, the Exchange 2016 Edge Transport server is only configured for IPv4.
This is not a big problem though, after adding an external IPv6 address to your Exchange 2016 Edge Transport server you can bind the local IPv6 address (or range) to the Default Receive Connector. You can also add all remote IPv6 ranges to the Default Receive Connector. After adding the FQDN to public DNS using an AAAA record you’ll see email coming in on IPv6.