IETF Logo Mail Archive

Re: problem dealing w/ ietf.org mail servers

Keith Moore <moore@network-heretics.com> Thu, 03 July 2008 12:39 UTC

Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C798F3A68D3; Thu, 3 Jul 2008 05:39:06 -0700 (PDT)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 85AB73A68E6 for <ietf@core3.amsl.com>; Thu, 3 Jul 2008 05:39:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.549
X-Spam-Level:
X-Spam-Status: No, score=-0.549 tagged_above=-999 required=5 tests=[AWL=-2.050, BAYES_00=-2.599, J_CHICKENPOX_54=0.6, J_CHICKENPOX_56=0.6, J_CHICKENPOX_64=0.6, MANGLED_TOOL=2.3, NORMAL_HTTP_TO_IP=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FUZCicz7phxq for <ietf@core3.amsl.com>; Thu, 3 Jul 2008 05:39:04 -0700 (PDT)
Received: from m1.imap-partners.net (m1.imap-partners.net [64.13.152.131]) by core3.amsl.com (Postfix) with ESMTP id 8B29B3A68E1 for <ietf@ietf.org>; Thu, 3 Jul 2008 05:39:04 -0700 (PDT)
Received: from lust.indecency.org (adsl-6-49-233.tys.bellsouth.net [65.6.49.233]) by m1.imap-partners.net (MOS 3.8.4-GA) with ESMTP id AWB88281 (AUTH admin@network-heretics.com) for ietf@ietf.org; Thu, 3 Jul 2008 05:39:12 -0700 (PDT)
Message-ID: <486CC850.8050804@network-heretics.com>
Date: Thu, 03 Jul 2008 08:38:40 -0400
From: Keith Moore <moore@network-heretics.com>
User-Agent: Thunderbird 2.0.0.14 (Macintosh/20080421)
MIME-Version: 1.0
To: Richard Shockey <richard@shockey.us>, ietf@ietf.org
Subject: Re: problem dealing w/ ietf.org mail servers
References: <013301c8dca5$22ca0a80$685e1f80$@us> <20080703054752.GM6185@lark.songbird.com>
In-Reply-To: <20080703054752.GM6185@lark.songbird.com>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

surely we in the IETF should be able to do better than to have our mail 
servers filter incoming mail based on completely irrelevant criteria 
like whether a PTR lookup succeeds!

how can we expect the rest of the network to be sane if we can't even 
use reasonable criteria for our spam filtering on our own servers?

(to those who would respond by saying that this is a "common" technique, 
I'd like to cite a sign that I saw many years ago which is totally apropos:

"mediocrity is excellence at pursuing the mean"

and there's no better way to pursue the mean that to do something just 
because it's "common".)

Keith



'kent' wrote:
> Hi Rich
> 
> I'll cc this to the ietf list, as you suggested.
> 
> I've found the problem.  It may or may not be something that ietf want's to
> do something about -- I would think they would, since it seems to have global
> significance.  But I can fix it from this end. 
> 
> Specifically, the problem Dave encountered earlier was that the ietf mail
> server was rejecting mail without reverse dns, and since the ietf mail server
> and the mipassoc.org/dkim.org/bbiw.net mail servers all had ip6 addresses,
> and ip6 is used preferentially, and I hadn't set up reverse dns, they were
> dropping all mail.  I fixed that, and things started working. 
> 
> The only domains I control that had explicit ipv6 addresses were Dave's
> domains.  For example, graybeards.net:
> 
>     # host graybeards.net
>     graybeards.net has address 72.52.113.69
>     graybeards.net has IPv6 address 2001:470:1:76:0:ffff:4834:7145
>     graybeards.net mail is handled by 10 mail.graybeards.net.
>     # host mail.graybeards.net
>     mail.graybeards.net has address 72.52.113.69
>     mail.graybeards.net has IPv6 address 2001:470:1:76:0:ffff:4834:7145
>     # host 2001:470:1:76:0:ffff:4834:7145
>     5.4.1.7.4.3.8.4.f.f.f.f.0.0.0.0.6.7.0.0.1.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa domain name pointer mail.graybeards.net.
>     #
> 
> Mail now works for this domain.
> 
> But, it turns out, the ietf.org mail servers are rejecting mail from other
> domains as well.  Here's a log entry for one of your messages:
> 
> Jul  2 13:10:23 mail sendmail[31264]: STARTTLS=client, relay=mail.ietf.org., 
>     version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
> Jul  2 13:10:29 mail sendmail[31264]: m62Hvfbm011799: to=<enum@ietf.org>, 
>     ctladdr=<richard@shockey.us> (1023/1023), delay=02:12:32, xdelay=00:00:28, 
>     mailer=esmtp, pri=662167, relay=mail.ietf.org. [IPv6:2001:1890:1112:1::20], dsn=4.7.1, 
>     stat=Deferred: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [2001:470:1:76:2c0:9fff:fe3e:4009]
> 
> Rejecting when you can't find a reverse is, of course, a common anti-spam 
> technique. 
> 
> However, this last address, 2001:470:1:76:2c0:9fff:fe3e:4009, is not
> explicitly configured on the sending server; instead, it is being implicitly
> configured through ip6 autoconf stuff:
> 
>     eth0      Link encap:Ethernet  HWaddr 00:C0:9F:3E:40:09  
>               inet addr:72.52.113.176  Bcast:72.52.113.255  Mask:255.255.255.0
>               inet6 addr: fe80::2c0:9fff:fe3e:4009/64 Scope:Link
>               inet6 addr: 2001:470:1:76:2c0:9fff:fe3e:4009/64 Scope:Global
> 
> The 2 ip6 addresses, the link-local address, and the global address, are
> generated from the mac address (you can see the 0x4009 at the end) and
> configured autmomatically, merely because ipv6 is enabled on this box by
> default, and a global prefix is available.
> 
> That is to say, it appears the ietf.org mail server is probably now rejecting
> mail from *any* box that is getting a default global ipv6 address, since
> those addresses will most likely not be in ip6.arpa.  There may be a whole
> lot of boxes in this situation. 
> 
> Kent
> 
> PS -- I'm not sure this will actually make it to the ietf list :-) ...
> _______________________________________________
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email