ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: problem dealing w/ ietf.org mail servers

2008-07-03 06:58:33
from [Jeroen Massar] [Permanent Link] 
On Wed, Jul 02, 2008 at 10:47:53PM -0700, 'kent' wrote:
[..]

However, this last address, 2001:470:1:76:2c0:9fff:fe3e:4009, is not
explicitly configured on the sending server; instead, it is being implicitly
configured through ip6 autoconf stuff:
Which (autoconfig) you should either not be using on servers, or you should be configuring your software properly to select the correct outbound address. (I prefer to use the autoconfig one for 'management' and using a 'service address' for the service).
SMTP shows that it is perfectly usable for these situations as it nicely rejects the message with a proper message automatically telling you on how to solve it. 


That is to say, it appears the ietf.org mail server is probably now rejecting
mail from *any* box that is getting a default global ipv6 address, since
those addresses will most likely not be in ip6.arpa.  There may be a whole
lot of boxes in this situation.
Those boxes are not set up correctly thus should not be sending email in the first place. For that matter you should actually be firewalling+logging port 25 outbound so you can monitor any host in your network doing illegal SMTP connects. Spam bots don't use IPv6 yet (afaik), but when they are aware how 'open' everything is and especially that RBL's don't exist yadda yadda, they might just switch over to that. Good that the mainstream spamreceivers (gmail/yahoo/etc) don't have IPv6 yet as that would change that scenario.
Configure your mailservers correctly, it helps you send out mail, and it helps avoid others receiving crap from you. 

Greets,
 Jeroen

--

For postfix folks:
http://www.postfix.org/IPV6_README.html
8<--------------------------------------------------------
/etc/postfix/main.cf:
    smtp_bind_address6 = 2001:240:587:0:250:56ff:fe89:1
-------------------------------------------------------->8
Other SMTP servers have similar mechanisms.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: problem dealing w/ ietf.org mail servers, Bill Manning
Next by Date:  Re: problem dealing w/ ietf.org mail servers, John Levine
Previous by Thread:  Re: problem dealing w/ ietf.org mail servers, Bill Manning
Next by Thread:  Re: problem dealing w/ ietf.org mail servers, Keith Moore
Indexes:  [Date] [Thread] [Top] [All Lists]