diff --git a/roles/mail/README.md b/roles/mail/README.md
index 3678d02ed7e73abb4f9eca26006e94e8c3ba3426..f2f88a7bca2ad0b8fbf714754d75ecd23683d8e4 100644
--- a/roles/mail/README.md
+++ b/roles/mail/README.md
@@ -159,3 +159,13 @@ $ postmulti -i postfix-out -x mailq
 
 for a specific instance. Check the *postmulti(1)* man page for further
 details.
+
+## Disabling outbound IPv6 on a host
+
+Sometimes there are problems with reverse IPv6 DNS resolution of one
+of our public MX addresses. In this case outbound email might be
+refused by most email servers that do a reverse DNS check of the EHLO
+name. The solution is to set the special host variable
+*postfix_out_inet_protocols* on the specific server (in the
+inventory file) to the value "ipv4".
+
diff --git a/roles/mail/templates/postfix-out/main.cf b/roles/mail/templates/postfix-out/main.cf
index 13c95c3d5601616520c036c7c4e904442b0cbbbd..94818820f40f2363bf37b659f85d834285706c4e 100644
--- a/roles/mail/templates/postfix-out/main.cf
+++ b/roles/mail/templates/postfix-out/main.cf
@@ -16,7 +16,7 @@ smtpd_client_event_limit_exceptions = $mynetworks
 # "secondary IP personality" configuration.
 smtp_bind_address = 0.0.0.0
 smtp_bind_address6 = ::
-inet_protocols = all
+inet_protocols = {{ postfix_out_inet_protocols | default('all') }}
 
 # All header rewriting happens upstream.
 local_header_rewrite_clients =