Re: problem dealing w/ ietf.org mail servers
Bill Manning <bmanning@ISI.EDU> Thu, 03 July 2008 13:47 UTC
Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3F3653A6957; Thu, 3 Jul 2008 06:47:37 -0700 (PDT)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2B7563A6923 for <ietf@core3.amsl.com>; Thu, 3 Jul 2008 06:47:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.549
X-Spam-Level:
X-Spam-Status: No, score=-0.549 tagged_above=-999 required=5 tests=[AWL=-2.050, BAYES_00=-2.599, J_CHICKENPOX_54=0.6, J_CHICKENPOX_56=0.6, J_CHICKENPOX_64=0.6, MANGLED_TOOL=2.3, NORMAL_HTTP_TO_IP=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vXS6kHDTP7gl for <ietf@core3.amsl.com>; Thu, 3 Jul 2008 06:47:34 -0700 (PDT)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by core3.amsl.com (Postfix) with ESMTP id 88AE03A6957 for <ietf@ietf.org>; Thu, 3 Jul 2008 06:47:34 -0700 (PDT)
Received: from boreas.isi.edu (localhost [127.0.0.1]) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id m63Dktqi019422 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 3 Jul 2008 06:46:55 -0700 (PDT)
Received: (from bmanning@localhost) by boreas.isi.edu (8.13.8/8.13.8/Submit) id m63Dkt4O019421; Thu, 3 Jul 2008 06:46:55 -0700 (PDT)
Date: Thu, 03 Jul 2008 06:46:55 -0700
From: Bill Manning <bmanning@ISI.EDU>
To: Richard Shockey <richard@shockey.us>, Dave Crocker <dcrocker@bbiw.net>, ietf@ietf.org
Subject: Re: problem dealing w/ ietf.org mail servers
Message-ID: <20080703134655.GA17472@boreas.isi.edu>
References: <013301c8dca5$22ca0a80$685e1f80$@us> <20080703054752.GM6185@lark.songbird.com>
Mime-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20080703054752.GM6185@lark.songbird.com>
User-Agent: Mutt/1.4.2.2i
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: bmanning@boreas.isi.edu
Cc: Bill Manning <bmanning@ISI.EDU>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
you are not the first to report this problem. On Wed, Jul 02, 2008 at 10:47:53PM -0700, 'kent' wrote: > Hi Rich > > I'll cc this to the ietf list, as you suggested. > > I've found the problem. It may or may not be something that ietf want's to > do something about -- I would think they would, since it seems to have global > significance. But I can fix it from this end. > > Specifically, the problem Dave encountered earlier was that the ietf mail > server was rejecting mail without reverse dns, and since the ietf mail server > and the mipassoc.org/dkim.org/bbiw.net mail servers all had ip6 addresses, > and ip6 is used preferentially, and I hadn't set up reverse dns, they were > dropping all mail. I fixed that, and things started working. > > The only domains I control that had explicit ipv6 addresses were Dave's > domains. For example, graybeards.net: > > # host graybeards.net > graybeards.net has address 72.52.113.69 > graybeards.net has IPv6 address 2001:470:1:76:0:ffff:4834:7145 > graybeards.net mail is handled by 10 mail.graybeards.net. > # host mail.graybeards.net > mail.graybeards.net has address 72.52.113.69 > mail.graybeards.net has IPv6 address 2001:470:1:76:0:ffff:4834:7145 > # host 2001:470:1:76:0:ffff:4834:7145 > 5.4.1.7.4.3.8.4.f.f.f.f.0.0.0.0.6.7.0.0.1.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa domain name pointer mail.graybeards.net. > # > > Mail now works for this domain. > > But, it turns out, the ietf.org mail servers are rejecting mail from other > domains as well. Here's a log entry for one of your messages: > > Jul 2 13:10:23 mail sendmail[31264]: STARTTLS=client, relay=mail.ietf.org., > version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 > Jul 2 13:10:29 mail sendmail[31264]: m62Hvfbm011799: to=<enum@ietf.org>, > ctladdr=<richard@shockey.us> (1023/1023), delay=02:12:32, xdelay=00:00:28, > mailer=esmtp, pri=662167, relay=mail.ietf.org. [IPv6:2001:1890:1112:1::20], dsn=4.7.1, > stat=Deferred: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [2001:470:1:76:2c0:9fff:fe3e:4009] > > Rejecting when you can't find a reverse is, of course, a common anti-spam > technique. > > However, this last address, 2001:470:1:76:2c0:9fff:fe3e:4009, is not > explicitly configured on the sending server; instead, it is being implicitly > configured through ip6 autoconf stuff: > > eth0 Link encap:Ethernet HWaddr 00:C0:9F:3E:40:09 > inet addr:72.52.113.176 Bcast:72.52.113.255 Mask:255.255.255.0 > inet6 addr: fe80::2c0:9fff:fe3e:4009/64 Scope:Link > inet6 addr: 2001:470:1:76:2c0:9fff:fe3e:4009/64 Scope:Global > > The 2 ip6 addresses, the link-local address, and the global address, are > generated from the mac address (you can see the 0x4009 at the end) and > configured autmomatically, merely because ipv6 is enabled on this box by > default, and a global prefix is available. > > That is to say, it appears the ietf.org mail server is probably now rejecting > mail from *any* box that is getting a default global ipv6 address, since > those addresses will most likely not be in ip6.arpa. There may be a whole > lot of boxes in this situation. > > Kent > > PS -- I'm not sure this will actually make it to the ietf list :-) ... > _______________________________________________ > Ietf mailing list > Ietf@ietf.org > https://www.ietf.org/mailman/listinfo/ietf -- --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). _______________________________________________ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
- problem dealing w/ ietf.org mail servers 'kent'
- Re: problem dealing w/ ietf.org mail servers Mark Andrews
- Re: problem dealing w/ ietf.org mail servers Keith Moore
- Re: problem dealing w/ ietf.org mail servers Bill Manning
- Re: problem dealing w/ ietf.org mail servers Jeroen Massar
- Re: problem dealing w/ ietf.org mail servers John Levine
- Re: problem dealing w/ ietf.org mail servers Dave Crocker
- Re: problem dealing w/ ietf.org mail servers Keith Moore
- Re: problem dealing w/ ietf.org mail servers Keith Moore
- Re: problem dealing w/ ietf.org mail servers John Levine
- RE: problem dealing w/ ietf.org mail servers michael.dillon
- Re: problem dealing w/ ietf.org mail servers Keith Moore
- Re: problem dealing w/ ietf.org mail servers Mark Andrews
- Re: problem dealing w/ ietf.org mail servers Bill Manning
- Re: problem dealing w/ ietf.org mail servers TS Glassey
- Re: problem dealing w/ ietf.org mail servers Mark Andrews
- Re: problem dealing w/ ietf.org mail servers kent
- Draft on how to correctly configure servers and o… Jeroen Massar
- Re: problem dealing w/ ietf.org mail servers Kurt Erik Lindqvist
- Re: problem dealing w/ ietf.org mail servers Kurt Erik Lindqvist
- Re: problem dealing w/ ietf.org mail servers John C Klensin
- Re: problem dealing w/ ietf.org mail servers Jeroen Massar
- Re: problem dealing w/ ietf.org mail servers Keith Moore
- Re: problem dealing w/ ietf.org mail servers kent
- Re: problem dealing w/ ietf.org mail servers Ned Freed
- Re: problem dealing w/ ietf.org mail servers Dave Crocker
- Re: problem dealing w/ ietf.org mail servers Iljitsch van Beijnum
- Re: problem dealing w/ ietf.org mail servers Francis Dupont
- Re: problem dealing w/ ietf.org mail servers Keith Moore
- Re: problem dealing w/ ietf.org mail servers SM
- Re: problem dealing w/ ietf.org mail servers Kurt Erik Lindqvist
- Re: problem dealing w/ ietf.org mail servers Keith Moore
- Re: problem dealing w/ ietf.org mail servers Kurt Erik Lindqvist
- Re: problem dealing w/ ietf.org mail servers Jeroen Massar