On Wed, Jul 02, 2008 at 10:47:53PM -0700, 'kent' wrote:
[..]
However, this last address, 2001:470:1:76:2c0:9fff:fe3e:4009, is not
explicitly configured on the sending server; instead, it is being impli=
citly
configured through ip6 autoconf stuff:
Which (autoconfig) you should either not be using on servers, or you=20
should be configuring your software properly to select the correct=20
outbound address. (I prefer to use the autoconfig one for 'management'=20
and using a 'service address' for the service).
And what is someone who doesn't have a permanent box with
a static address to do that wants to use TLS to verify
that one is actually talking to the remote party you are
expecting to?
A mobile machine can register its current addresses in the
DNS regardless much more easily than it can register its
reverse PTR records.
Use the ISP's servers? I don't trust the ISP's servers to do
the right job. I don't trust that there is not a copy of the
correspondence being made and being sent somewhere else. I
have NO idea if they are setup to use TLS or not outbound
Lack of PTR should NEVER be the SOLE reason for rejecting
email. I have not problem with is being a weighting into
the decision of whether a piece of email is spam or not.
Just don't make it map to 100%.
SMTP shows that it is perfectly usable for these situations as it nicely =
rejects the message with a proper message automatically telling you on=20
how to solve it.
That is to say, it appears the ietf.org mail server is probably now rej=
ecting
mail from *any* box that is getting a default global ipv6 address, sinc=
e
those addresses will most likely not be in ip6.arpa. There may be a wh=
ole
lot of boxes in this situation.=20
Those boxes are not set up correctly thus should not be sending email in =
the first place.
A PTR is not a requirement for sending email. The IETF
should live by it's own dog food and accept email from sites
without PTR records.
For that matter you should actually be=20
firewalling+logging port 25 outbound so you can monitor any host in your =
network doing illegal SMTP connects. Spam bots don't use IPv6 yet=20
(afaik), but when they are aware how 'open' everything is and especially =
that RBL's don't exist yadda yadda, they might just switch over to that.
Good that the mainstream spamreceivers (gmail/yahoo/etc) don't have IPv6 =
yet as that would change that scenario.
Configure your mailservers correctly, it helps you send out mail, and it =
helps avoid others receiving crap from you.
If you want to demand PTR records then you need to make it
a requirement of address allocations that control of the
reverse DNS entry passes down to the actual user of the
addresses.
Mark
Greets,
Jeroen
--
For postfix folks:
http://www.postfix.org/IPV6_README.html
8<--------------------------------------------------------
/etc/postfix/main.cf:
smtp_bind_address6 =3D 2001:240:587:0:250:56ff:fe89:1
-------------------------------------------------------->8
Other SMTP servers have similar mechanisms.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews(_at_)isc(_dot_)org
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf