> On Wed, Jul 02, 2008 at 10:47:53PM -0700, 'kent' wrote:
> [..]
> > However, this last address, 2001:470:1:76:2c0:9fff:fe3e:4009, is not
> > explicitly configured on the sending server; instead, it is being impli=
> citly
> > configured through ip6 autoconf stuff:
>
> Which (autoconfig) you should either not be using on servers, or you=20
> should be configuring your software properly to select the correct=20
> outbound address. (I prefer to use the autoconfig one for 'management'=20
> and using a 'service address' for the service).
And what is someone who doesn't have a permanent box with
a static address to do that wants to use TLS to verify
that one is actually talking to the remote party you are
expecting to?
A mobile machine can register its current addresses in the
DNS regardless much more easily than it can register its
reverse PTR records.
Use the ISP's servers? I don't trust the ISP's servers to do
the right job. I don't trust that there is not a copy of the
correspondence being made and being sent somewhere else. I
have NO idea if they are setup to use TLS or not outbound
Lack of PTR should NEVER be the SOLE reason for rejecting
email. I have not problem with is being a weighting into
the decision of whether a piece of email is spam or not.
Just don't make it map to 100%.
> SMTP shows that it is perfectly usable for these situations as it nicely =
>
> rejects the message with a proper message automatically telling you on=20
> how to solve it.
>
> > That is to say, it appears the ietf.org mail server is probably now rej=
> ecting
> > mail from *any* box that is getting a default global ipv6 address, sinc=
> e
> > those addresses will most likely not be in ip6.arpa. There may be a wh=
> ole
> > lot of boxes in this situation.=20
>
> Those boxes are not set up correctly thus should not be sending email in =
>
> the first place.
A PTR is not a requirement for sending email. The IETF
should live by it's own dog food and accept email from sites
without PTR records.
> For that matter you should actually be=20
> firewalling+logging port 25 outbound so you can monitor any host in your =
> network doing illegal SMTP connects. Spam bots don't use IPv6 yet=20
> (afaik), but when they are aware how 'open' everything is and especially =
> that RBL's don't exist yadda yadda, they might just switch over to that.
> Good that the mainstream spamreceivers (gmail/yahoo/etc) don't have IPv6 =
>
> yet as that would change that scenario.
>
> Configure your mailservers correctly, it helps you send out mail, and it =
>
> helps avoid others receiving crap from you.
If you want to demand PTR records then you need to make it
a requirement of address allocations that control of the
reverse DNS entry passes down to the actual user of the
addresses.
Mark
> Greets,
> Jeroen
>
> --
>
> For postfix folks:
> http://www.postfix.org/IPV6_README.html
> 8<--------------------------------------------------------
> /etc/postfix/main.cf:
> smtp_bind_address6 =3D 2001:240:587:0:250:56ff:fe89:1
> -------------------------------------------------------->8
> Other SMTP servers have similar mechanisms.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
_______________________________________________
Ietf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf
