IETF Logo Mail Archive

Re: problem dealing w/ ietf.org mail servers

Jeroen Massar <jeroen@unfix.org> Thu, 03 July 2008 13:57 UTC

Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 50E563A6864; Thu, 3 Jul 2008 06:57:51 -0700 (PDT)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D4C173A6864 for <ietf@core3.amsl.com>; Thu, 3 Jul 2008 06:57:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FY2xQ+Dwq-zd for <ietf@core3.amsl.com>; Thu, 3 Jul 2008 06:57:48 -0700 (PDT)
Received: from abaddon.unfix.org (abaddon.unfix.org [IPv6:2001:41e0:ff00:0:216:3eff:fe00:4]) by core3.amsl.com (Postfix) with ESMTP id 631C53A6809 for <ietf@ietf.org>; Thu, 3 Jul 2008 06:57:48 -0700 (PDT)
Received: from [IPv6:2001:620:20:1000:216:d3ff:fe25:14da] (spaghetti.zurich.ibm.com [IPv6:2001:620:20:1000:216:d3ff:fe25:14da]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: jeroen) by abaddon.unfix.org (Postfix) with ESMTPSA id 2F65040200C; Thu, 3 Jul 2008 15:57:54 +0200 (CEST)
Message-ID: <486CDAE1.4040905@spaghetti.zurich.ibm.com>
Date: Thu, 03 Jul 2008 15:57:53 +0200
From: Jeroen Massar <jeroen@unfix.org>
Organization: Unfix
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080421 Lightning/0.8 Thunderbird/2.0.0.14 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: Richard Shockey <richard@shockey.us>
Subject: Re: problem dealing w/ ietf.org mail servers
References: <013301c8dca5$22ca0a80$685e1f80$@us> <20080703054752.GM6185@lark.songbird.com> <20080703134655.GA17472@boreas.isi.edu>
In-Reply-To: <20080703134655.GA17472@boreas.isi.edu>
X-Enigmail-Version: 0.95.6
OpenPGP: id=333E7C23
X-Virus-Scanned: ClamAV version 0.93, clamav-milter version 0.93 on abaddon.unfix.org
X-Virus-Status: Clean
Cc: Dave Crocker <dcrocker@bbiw.net>, ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1393742199=="
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

On Wed, Jul 02, 2008 at 10:47:53PM -0700, 'kent' wrote:
[..]
> However, this last address, 2001:470:1:76:2c0:9fff:fe3e:4009, is not
> explicitly configured on the sending server; instead, it is being implicitly
> configured through ip6 autoconf stuff:

Which (autoconfig) you should either not be using on servers, or you 
should be configuring your software properly to select the correct 
outbound address. (I prefer to use the autoconfig one for 'management' 
and using a 'service address' for the service).

SMTP shows that it is perfectly usable for these situations as it nicely 
rejects the message with a proper message automatically telling you on 
how to solve it.

> That is to say, it appears the ietf.org mail server is probably now rejecting
> mail from *any* box that is getting a default global ipv6 address, since
> those addresses will most likely not be in ip6.arpa.  There may be a whole
> lot of boxes in this situation. 

Those boxes are not set up correctly thus should not be sending email in 
the first place. For that matter you should actually be 
firewalling+logging port 25 outbound so you can monitor any host in your 
network doing illegal SMTP connects. Spam bots don't use IPv6 yet 
(afaik), but when they are aware how 'open' everything is and especially 
that RBL's don't exist yadda yadda, they might just switch over to that.
Good that the mainstream spamreceivers (gmail/yahoo/etc) don't have IPv6 
yet as that would change that scenario.

Configure your mailservers correctly, it helps you send out mail, and it 
helps avoid others receiving crap from you.

Greets,
  Jeroen

--

For postfix folks:
http://www.postfix.org/IPV6_README.html
8<--------------------------------------------------------
/etc/postfix/main.cf:
     smtp_bind_address6 = 2001:240:587:0:250:56ff:fe89:1
-------------------------------------------------------->8
Other SMTP servers have similar mechanisms.


_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email