-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is something I raised a while back... and maybe #4.75 is the time to finally sort it out ?
Within days the last /8 IPv4 address blocks will be passed to the RIRs (there's a little cascade at the end, there's presently 7 blocks remaining, there will soon be 0), and so the RIRs will consequently run out of blocks to allocate around September/October or so. This is widely expected to mean a rise in the usage of various types of "carrier grade NAT" (as is already widely used for cellphone access to the Internet). This in turn means that if you are logging IPv4 addresses for security purposes it is necessary to record not just the IPv4 address and a reliable timestamp BUT ALSO the source port number for the connection. Without the source port it will not be possible for the ISP of the sender to trace which account (possibly out of a thousand or so) was using the IPv4 address at the relevant time. This is of course important for exim because on many occasions we use the IPv4 addresses in connection logs and in Received header fields to pass to other parties to request that they deal with abuse (or indeed just to help them debug problems). So source port numbers need to be added to exim's logging... this may of course break some tools and log processing systems, so obviously there needs to be option(s) to turn this on and off, but I would argue that there was a strong case for immediately enabling this new functionality by default -- because to do otherwise will be to start to significantly degrade the community's ability to trace email :( Looking at the code base, there is already some code for including port numbers in host_build_sender_fullhost() but they will only make it into the logging in limited circumstances. For more reading, some chatty articles expanding on the above: <http://www.lightbluetouchpaper.org/2010/01/12/extending-the- requirements-for-traceability/> and an Internet-Draft which is a bit more formal about what exim should be considering doing: <http://tools.ietf.org/html/draft-ietf-intarea-server-logging- recommendations-02> - -- Dr Richard Clayton <[email protected]> tel: 01223 763570, mobile: 07887 794090 Computer Laboratory, University of Cambridge, CB3 0FD -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBTUFL0OINNVchEYfiEQKMEACg7rgjLoaLkYFSJy5v9bket+SvkwUAnRtq 3FSqfjqKtXAMLtkESif9PwXn =LgxU -----END PGP SIGNATURE----- -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
