problem dealing w/ ietf.org mail servers

"'kent'" <kent@songbird.com> Thu, 03 July 2008 05:47 UTC

Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 91C673A6C9D; Wed, 2 Jul 2008 22:47:55 -0700 (PDT)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E08F83A6C9D for <ietf@core3.amsl.com>; Wed, 2 Jul 2008 22:47:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.502
X-Spam-Level: *
X-Spam-Status: No, score=1.502 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_54=0.6, J_CHICKENPOX_56=0.6, J_CHICKENPOX_64=0.6, MANGLED_TOOL=2.3, NORMAL_HTTP_TO_IP=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id peDkjhBO6hcX for <ietf@core3.amsl.com>; Wed, 2 Jul 2008 22:47:52 -0700 (PDT)
Received: from sbh2.songbird.com (unknown [IPv6:2001:470:1:76:20e:2eff:fe83:96b3]) by core3.amsl.com (Postfix) with ESMTP id 589CF3A6C95 for <ietf@ietf.org>; Wed, 2 Jul 2008 22:47:51 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by sbh2.songbird.com (8.13.8/8.13.8) with ESMTP id m635lqxG013394; Wed, 2 Jul 2008 22:47:52 -0700
Date: Wed, 02 Jul 2008 22:47:53 -0700
From: 'kent' <kent@songbird.com>
To: Richard Shockey <richard@shockey.us>
Subject: problem dealing w/ ietf.org mail servers
Message-ID: <20080703054752.GM6185@lark.songbird.com>
Mail-Followup-To: Richard Shockey <richard@shockey.us>, Dave Crocker <dcrocker@bbiw.net>, ietf@ietf.org
References: <013301c8dca5$22ca0a80$685e1f80$@us>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <013301c8dca5$22ca0a80$685e1f80$@us>
User-Agent: Mutt/1.5.11
Cc: 'kent' <kent@songbird.com>, Dave Crocker <dcrocker@bbiw.net>, ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

Hi Rich

I'll cc this to the ietf list, as you suggested.

I've found the problem.  It may or may not be something that ietf want's to
do something about -- I would think they would, since it seems to have global
significance.  But I can fix it from this end. 

Specifically, the problem Dave encountered earlier was that the ietf mail
server was rejecting mail without reverse dns, and since the ietf mail server
and the mipassoc.org/dkim.org/bbiw.net mail servers all had ip6 addresses,
and ip6 is used preferentially, and I hadn't set up reverse dns, they were
dropping all mail.  I fixed that, and things started working. 

The only domains I control that had explicit ipv6 addresses were Dave's
domains.  For example, graybeards.net:

    # host graybeards.net
    graybeards.net has address 72.52.113.69
    graybeards.net has IPv6 address 2001:470:1:76:0:ffff:4834:7145
    graybeards.net mail is handled by 10 mail.graybeards.net.
    # host mail.graybeards.net
    mail.graybeards.net has address 72.52.113.69
    mail.graybeards.net has IPv6 address 2001:470:1:76:0:ffff:4834:7145
    # host 2001:470:1:76:0:ffff:4834:7145
    5.4.1.7.4.3.8.4.f.f.f.f.0.0.0.0.6.7.0.0.1.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa domain name pointer mail.graybeards.net.
    #

Mail now works for this domain.

But, it turns out, the ietf.org mail servers are rejecting mail from other
domains as well.  Here's a log entry for one of your messages:

Jul  2 13:10:23 mail sendmail[31264]: STARTTLS=client, relay=mail.ietf.org., 
    version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Jul  2 13:10:29 mail sendmail[31264]: m62Hvfbm011799: to=<enum@ietf.org>, 
    ctladdr=<richard@shockey.us> (1023/1023), delay=02:12:32, xdelay=00:00:28, 
    mailer=esmtp, pri=662167, relay=mail.ietf.org. [IPv6:2001:1890:1112:1::20], dsn=4.7.1, 
    stat=Deferred: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [2001:470:1:76:2c0:9fff:fe3e:4009]

Rejecting when you can't find a reverse is, of course, a common anti-spam 
technique. 

However, this last address, 2001:470:1:76:2c0:9fff:fe3e:4009, is not
explicitly configured on the sending server; instead, it is being implicitly
configured through ip6 autoconf stuff:

    eth0      Link encap:Ethernet  HWaddr 00:C0:9F:3E:40:09  
              inet addr:72.52.113.176  Bcast:72.52.113.255  Mask:255.255.255.0
              inet6 addr: fe80::2c0:9fff:fe3e:4009/64 Scope:Link
              inet6 addr: 2001:470:1:76:2c0:9fff:fe3e:4009/64 Scope:Global

The 2 ip6 addresses, the link-local address, and the global address, are
generated from the mac address (you can see the 0x4009 at the end) and
configured autmomatically, merely because ipv6 is enabled on this box by
default, and a global prefix is available.

That is to say, it appears the ietf.org mail server is probably now rejecting
mail from *any* box that is getting a default global ipv6 address, since
those addresses will most likely not be in ip6.arpa.  There may be a whole
lot of boxes in this situation. 

Kent

PS -- I'm not sure this will actually make it to the ietf list :-) ...
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf