Is removing IPv6 remote IP addresses safe to do on Exchange 2013 on a single Receive Connector?

ravl13 asked:

I’ve seen numerous mentions that you can’t turn off IPv6 functionality on Exchange 2013 servers without suffering serious problems.

However, on my Exchange 2013 server, I have the Port 25 default receive connector set to only accept connections from certain IPv4 IP addresses (blocked out in red):

However, you’ll notice in that screenshot that I also have the receive connector set to accept any mail from any IPv6 address, with the “ffff” line. Ideally, I don’t want to accept any IPv6 traffic at all.

Can I just delete that “ffff” line, and have absolutely no IPv6 addresses listed there in the *Remote Network Settings section – or will that result in ill consequences that I mentioned in my first sentence of this post? If I shouldn’t do that, is there some kind of placeholder I can enter to indicate that I don’t want to accept any IPv6 traffic on that connector?

My answer:

You shouldn’t turn off IPv6 functionality generally, but if you’re deciding to accept mail only from a limited set of hosts, then it’s reasonable to list only that set of hosts here. You should remove the line which permits mail to be delivered from all IPv6 addresses, and add the individual IPv6 addresses of the hosts from which you want to receive mail.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.