Reverse IPv6 DNS checks on ietf MXs?
Tim Chown <tjc@ecs.soton.ac.uk> Thu, 05 March 2009 13:00 UTC
Return-Path: <tjc@ecs.soton.ac.uk>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 034A128C163 for <ietf@core3.amsl.com>; Thu, 5 Mar 2009 05:00:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.499
X-Spam-Level:
X-Spam-Status: No, score=-2.499 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5skzLFoBRCug for <ietf@core3.amsl.com>; Thu, 5 Mar 2009 05:00:45 -0800 (PST)
Received: from falcon.ecs.soton.ac.uk (falcon.ecs.soton.ac.uk [IPv6:2001:630:d0:f102:21e:c9ff:fe2e:e915]) by core3.amsl.com (Postfix) with ESMTP id 65E4B28C0DE for <ietf@ietf.org>; Thu, 5 Mar 2009 05:00:40 -0800 (PST)
Received: from falcon.ecs.soton.ac.uk (localhost [127.0.0.1]) by falcon.ecs.soton.ac.uk (8.13.8/8.13.8) with ESMTP id n25D13ep016832 for <ietf@ietf.org>; Thu, 5 Mar 2009 13:01:03 GMT
Received: from gander.ecs.soton.ac.uk (gander.ecs.soton.ac.uk [2001:630:d0:f102::25d]) by falcon.ecs.soton.ac.uk (falcon.ecs.soton.ac.uk [2001:630:d0:f102::25e]) envelope-from <tjc@ecs.soton.ac.uk> with ESMTP id l24D130407601523Gg ret-id none; Thu, 05 Mar 2009 13:01:03 +0000
Received: from login.ecs.soton.ac.uk (login.ecs.soton.ac.uk [IPv6:2001:630:d0:f102:230:48ff:fe59:5f12]) by gander.ecs.soton.ac.uk (8.13.8/8.13.8) with ESMTP id n25D0t5r004863 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf@ietf.org>; Thu, 5 Mar 2009 13:00:55 GMT
Received: from login.ecs.soton.ac.uk (localhost.localdomain [127.0.0.1]) by login.ecs.soton.ac.uk (8.13.8/8.11.6) with ESMTP id n25D0tST025783 for <ietf@ietf.org>; Thu, 5 Mar 2009 13:00:55 GMT
Received: (from tjc@localhost) by login.ecs.soton.ac.uk (8.13.8/8.13.8/Submit) id n25D0tle025782 for ietf@ietf.org; Thu, 5 Mar 2009 13:00:55 GMT
Date: Thu, 05 Mar 2009 13:00:55 +0000
From: Tim Chown <tjc@ecs.soton.ac.uk>
To: ietf@ietf.org
Subject: Reverse IPv6 DNS checks on ietf MXs?
Message-ID: <20090305130055.GH13648@login.ecs.soton.ac.uk>
Mail-Followup-To: ietf@ietf.org
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.4.2.2i
X-ECS-MailScanner: Found to be clean, Found to be clean
X-smtpf-Report: client=relay,white,ipv6; mail=; rcpt=
X-ECS-MailScanner-Information: Please contact the ISP for more information
X-ECS-MailScanner-ID: n25D13ep016832
X-ECS-MailScanner-From: tjc@ecs.soton.ac.uk
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2009 13:00:46 -0000
Hi, Just an observation, I don't know whether its been changed or applied recently, but we had some mails to various IETF lists soft rejected overnight due to failure of the receiving MX to perform a successful reverse DNS lookup on the IPv6 sender address. ----- Transcript of session follows ----- ... while talking to mail.ietf.org.: >>> DATA <<< 450 4.7.1 Client host rejected: cannot find your reverse hostname, [2001:630:d0:f102:21e:c9ff:fe2e:e915] <ietf@ietf.org>... Deferred: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [2001:630:d0:f102:21e:c9ff:fe2e:e915] <<< 554 5.5.1 Error: no valid recipients Warning: message still undelivered after 5 hours Will keep trying until message is 1 week old This was our fault, and we now have a reverse entry for the 'offending' system, but we think this problem was in effect for longer than just last night, when we first noticed the delayed mail warnings, hence we're wondering whether this is a new policy or not on the IETF lists. It's not uncommon for IPv6 servers to be multiaddressed, so mail admins will probably just need to be a wee bit more careful, and certainly try to avoid using autoconf globals on servers. In our case our server acquired an additional global autoconf address on top of its manually configured address, which it started sending from, and as this had no reverse DNS entry we encountered the Rejects. Whether such 'authentication' is still valid for IPv6 systems is of course another question... -- Tim
- Re: Reverse IPv6 DNS checks on ietf MXs? Andrew Sullivan
- Reverse IPv6 DNS checks on ietf MXs? Tim Chown
- Re: Reverse IPv6 DNS checks on ietf MXs? Jeroen Massar
- Re: Reverse IPv6 DNS checks on ietf MXs? Dave Cridland
- Re: Reverse IPv6 DNS checks on ietf MXs? Andrew Sullivan
- Re: Reverse IPv6 DNS checks on ietf MXs? Doug Otis
- Re: Reverse IPv6 DNS checks on ietf MXs? Joel Jaeggli
- Re: Reverse IPv6 DNS checks on ietf MXs? Doug Otis
- Re: Reverse IPv6 DNS checks on ietf MXs? Andrew Sullivan