On 02/set/2013, at 12:08, Mohacsi Janos <[email protected]> wrote: > On Mon, 2 Sep 2013, Marco Sommani wrote: > >> On 02/set/2013, at 10:04, Mohacsi Janos <[email protected]> wrote: >> >>> Dear All, >>> >>> >>> In my opinion requiring PTR for unauthenticated SMTP session is reasonable: >>> - For authenticated sessions (users sending mails to SMTP server for >>> delivery) this is not necessary - since user is identified by the >>> authentication >>> - For non-authenticated sessions (mail delivery between MTAs and between >>> relay servers) is reasonable to ask your partner who you are talking to. If >>> there is no better method than PTR, than rely on PTR. So you have a >>> defined server for MTA purpose, why you don't put PTR record on it? The >>> your partner can build some credibility information on this server... >> >> Yes, but we must not forget temporary addresses. If the MTA has temporary >> addresses, then it will prefer them for its smtp sessions. So, one should >> either disable temporaries on all MTAs or use DNS dynamic updates. I think >> that it would be much wiser to deprecate PTR checks for IPv6. > > Why would you use temporary address on a defined SMTP server?
I do not want to use them. I'm just concerned because most recent operating systems activate temporaries by default and, according to rfc6724 (the new version of rfc3484), when the source address of a new session can be public or temporary, the temporary should be preferred. On the other hand, it is also true that almost all Unix operating systems (with the exception of OSX) do not activate temporaries by default, so in the real world there is not such a big danger. Marco > > Regards, > Janos > > >> >> Marco >> >>> >>> For other hosts (not acting as a defined server) I don't think it is >>> reasonable to require PTRs. >>> >>> Best Regards, >>> >>> >>> Janos Mohacsi >>> Head of HBONE+ project >>> Network Engineer, Director Network and Multimedia >>> NIIF/HUNGARNET, HUNGARY >>> Co-chair of Hungarian IPv6 Forum >>> Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882 >>> >>> On Mon, 2 Sep 2013, Brian E Carpenter wrote: >>> >>>> So, is there any real operational value in this, or is it just >>>> a case of "we did it for v4 so it must be right for v6"? >>>> >>>> Brian >>>> >>>> -------- Original Message -------- >>>> Subject: [nznog] Orcon IPv6 rDNS delegation >>>> Date: Mon, 2 Sep 2013 02:08:47 +1200 >>>> From: Jonathan Spence <[email protected]> >>>> Reply-To: [email protected] >>>> To: <[email protected]> >>>> >>>> Hi everyone, Google have just started enforcing PTR records for IPv6 >>>> addresses delivering to Gmail. Our IPv6 works great with Orcon but having >>>> serious issues getting delegation back to our nameservers setup. >>>> >>>> <irrelevant operational details omitted> >>>> >> >>
