ietf
[Top] [All Lists]

Reverse IPv6 DNS checks on ietf MXs?

2009-03-05 08:05:27
Hi,

Just an observation, I don't know whether its been changed or applied
recently, but we had some mails to various IETF lists soft rejected
overnight due to failure of the receiving MX to perform a successful 
reverse DNS lookup on the IPv6 sender address.

   ----- Transcript of session follows -----
 ... while talking to mail.ietf.org.:
DATA
 <<< 450 4.7.1 Client host rejected: cannot find your reverse hostname,
 [2001:630:d0:f102:21e:c9ff:fe2e:e915]
 <ietf(_at_)ietf(_dot_)org>... Deferred: 450 4.7.1 Client host rejected: cannot 
find your   reverse hostname, [2001:630:d0:f102:21e:c9ff:fe2e:e915]
 <<< 554 5.5.1 Error: no valid recipients
 Warning: message still undelivered after 5 hours
 Will keep trying until message is 1 week old

This was our fault, and we now have a reverse entry for the 'offending' 
system, but we think this problem was in effect for longer than just 
last night, when we first noticed the delayed mail warnings,  hence 
we're wondering whether this is a new policy or not on the IETF lists.

It's not uncommon for IPv6 servers to be multiaddressed, so mail admins
will probably just need to be a wee bit more careful, and certainly try
to avoid using autoconf globals on servers.    In our case our server
acquired an additional global autoconf address on top of its manually
configured address, which it started sending from, and as this had no 
reverse DNS entry we encountered the Rejects.

Whether such 'authentication' is still valid for IPv6 systems is of
course another question...

-- 
Tim
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf