> On Wed, Jul 02, 2008 at 10:47:53PM -0700, 'kent' wrote: > [..] > > However, this last address, 2001:470:1:76:2c0:9fff:fe3e:4009, is not > > explicitly configured on the sending server; instead, it is being impli= > citly > > configured through ip6 autoconf stuff: > > Which (autoconfig) you should either not be using on servers, or you=20 > should be configuring your software properly to select the correct=20 > outbound address. (I prefer to use the autoconfig one for 'management'=20 > and using a 'service address' for the service). And what is someone who doesn't have a permanent box with a static address to do that wants to use TLS to verify that one is actually talking to the remote party you are expecting to? A mobile machine can register its current addresses in the DNS regardless much more easily than it can register its reverse PTR records. Use the ISP's servers? I don't trust the ISP's servers to do the right job. I don't trust that there is not a copy of the correspondence being made and being sent somewhere else. I have NO idea if they are setup to use TLS or not outbound Lack of PTR should NEVER be the SOLE reason for rejecting email. I have not problem with is being a weighting into the decision of whether a piece of email is spam or not. Just don't make it map to 100%. > SMTP shows that it is perfectly usable for these situations as it nicely = > > rejects the message with a proper message automatically telling you on=20 > how to solve it. > > > That is to say, it appears the ietf.org mail server is probably now rej= > ecting > > mail from *any* box that is getting a default global ipv6 address, sinc= > e > > those addresses will most likely not be in ip6.arpa. There may be a wh= > ole > > lot of boxes in this situation.=20 > > Those boxes are not set up correctly thus should not be sending email in = > > the first place. A PTR is not a requirement for sending email. The IETF should live by it's own dog food and accept email from sites without PTR records. > For that matter you should actually be=20 > firewalling+logging port 25 outbound so you can monitor any host in your = > network doing illegal SMTP connects. Spam bots don't use IPv6 yet=20 > (afaik), but when they are aware how 'open' everything is and especially = > that RBL's don't exist yadda yadda, they might just switch over to that. > Good that the mainstream spamreceivers (gmail/yahoo/etc) don't have IPv6 = > > yet as that would change that scenario. > > Configure your mailservers correctly, it helps you send out mail, and it = > > helps avoid others receiving crap from you. If you want to demand PTR records then you need to make it a requirement of address allocations that control of the reverse DNS entry passes down to the actual user of the addresses. Mark > Greets, > Jeroen > > -- > > For postfix folks: > http://www.postfix.org/IPV6_README.html > 8<-------------------------------------------------------- > /etc/postfix/main.cf: > smtp_bind_address6 =3D 2001:240:587:0:250:56ff:fe89:1 > -------------------------------------------------------->8 > Other SMTP servers have similar mechanisms. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@xxxxxxx _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf