Re: [Asrg] DNSBL and IPv6

["Emanuele Balla (aka Skull)" <skull@bofhland.org>]

On 10/25/12 5:19 PM, Rob McEwen wrote:
> On 10/25/2012 10:48 AM, Emanuele Balla (aka Skull) wrote:
>> So you're basically suggesting that MXs should not allow any IPv6 SMTP
>> connection unless it's coming from a trusted entity, and only MSAs
>> should speak IPv6.
> 
> No. I'm talking about AUTHENTICATED e-mail that is, by design, NOT
> considered the "sending IP" for that message. Maybe the "originate
> IP"... but not the "sending IP". I'm not sure what you mean by "only
> MSAs", this wouldn't prevent the use of IPv6 for OTHER uses. My answers
> below should clear this up...
> 
>> In other words, you're basically suggesting something like "do not
>> publish any AAAA record for your MXs and just rely on IPv4, unless you
>> found a solution to the IPv6 spam problem".
> 
> I think you must be greatly misunderstanding me. When millions of end
> user customers for a large set up their outlook programs (or
> thunderbird, or whatever)... their connection to their ISP's mail server
> does NOT use MX records!!!!

I think we're speaking of the same thing here... :-)

MSA == Mail Submission Agent, the SMTP server your MUA (Outlook,
Thunderbird, pine) will connect to in order to send email.

MX in my notation was intended as "the MTA on the receiving end" or, in
other words, a mailserver that expects to be contacted by others MTAs
only, not by MUAs.


So, to rephrase the whole thing as I understood it:

- allow end customers to use IPv6 to *send* email through their ISP's
(not necessarily the connection one) IPv6-enabled authenticated mailserver

- do not allow the receiving mailserver (aka "the one published as MX
record for the domain") to receive email from strangers through IPv6


Did I get it right?

-- 
Paranoia is a disease unto itself. And may I add: the person standing
next to you may not be who they appear to be, so take precaution.
-----------------------------------------------------------------------------
http://bofhskull.wordpress.com/