Remember that we didn't make up this port logging stuff. It's in RFC 6302.
>That implies that it's expected for legitimate email to be sent from behind a >shared >NAT. I wouldn't expect to see that in the wild I believe that it's already happening in parts of Asia. Also, I expect there are plenty of places where mail leaks out from a web farm or something else behind a NAT that's not primarily a mail server. >Do carrier-grade NATs in general use really log connections in enough detail >that the >source port is adequate to identify the user of the NAT? Combined with the time stamp, it should be. I agree that accurate time stamps are important, but they already are for tracking down stuff on busy systems. >What about ident? It's hard to see how that would work without making NAT an order of magnitude grosser than it is now, doing DPI on the incoming stream on port 113 to figure out which host behind the NAT to route it to. Or did you mean that the NAT would handle port 113 requests itself? R's, John _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
