On Mon, 2 Sep 2013, Marco Sommani wrote:
On 02/set/2013, at 10:04, Mohacsi Janos <[email protected]> wrote:
Dear All,
In my opinion requiring PTR for unauthenticated SMTP session is reasonable:
- For authenticated sessions (users sending mails to SMTP server for delivery)
this is not necessary - since user is identified by the authentication
- For non-authenticated sessions (mail delivery between MTAs and between relay
servers) is reasonable to ask your partner who you are talking to. If there is
no better method than PTR, than rely on PTR. So you have a defined server for
MTA purpose, why you don't put PTR record on it? The your partner can build
some credibility information on this server...
Yes, but we must not forget temporary addresses. If the MTA has
temporary addresses, then it will prefer them for its smtp sessions. So,
one should either disable temporaries on all MTAs or use DNS dynamic
updates. I think that it would be much wiser to deprecate PTR checks for
IPv6.
Why would you use temporary address on a defined SMTP server?
Regards,
Janos
Marco
For other hosts (not acting as a defined server) I don't think it is reasonable
to require PTRs.
Best Regards,
Janos Mohacsi
Head of HBONE+ project
Network Engineer, Director Network and Multimedia
NIIF/HUNGARNET, HUNGARY
Co-chair of Hungarian IPv6 Forum
Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882
On Mon, 2 Sep 2013, Brian E Carpenter wrote:
So, is there any real operational value in this, or is it just
a case of "we did it for v4 so it must be right for v6"?
Brian
-------- Original Message --------
Subject: [nznog] Orcon IPv6 rDNS delegation
Date: Mon, 2 Sep 2013 02:08:47 +1200
From: Jonathan Spence <[email protected]>
Reply-To: [email protected]
To: <[email protected]>
Hi everyone, Google have just started enforcing PTR records for IPv6
addresses delivering to Gmail. Our IPv6 works great with Orcon but having
serious issues getting delegation back to our nameservers setup.
<irrelevant operational details omitted>
