Tim Chown wrote: [...] > It's not uncommon for IPv6 servers to be multiaddressed, so mail admins > will probably just need to be a wee bit more careful, and certainly try > to avoid using autoconf globals on servers. Nothing wrong with EUI-64 or autoconf, as long as you actually want them there ;) and otherwise on eg Linux: net.ipv6.conf.default.accept_ra=0 net.ipv6.conf.all.accept_ra=0 other mechanisms hopefully available on your favourite OS. As for the IETF mailservers rejecting it, clearly there was a misconfiguration and they caught that perfectly fine. Misconfigured boxes should not be able to send out mail, there is most often other things also misconfigured then and/or they are not monitored and thus just used for abuse. > In our case our server > acquired an additional global autoconf address on top of its manually > configured address, which it started sending from, and as this had no > reverse DNS entry we encountered the Rejects. I suggest installing NDPMon (http://ndpmon.sourceforge.net/) next to your arpwatch that you should have running for IPv4. Of course protecting your L2 with 802.1x or a similar system next to that is also a good hint. BTW: for postfix, smtp_bind_address6 allows you to fix the outgoing address to a certain IP (smtp_bind_address for IPv4 ;) Greets, Jeroen
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf