Re: problem dealing w/ ietf.org mail servers

[Jeroen Massar <jeroen at unfix.org>]

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)

On Wed, Jul 02, 2008 at 10:47:53PM -0700, 'kent' wrote:
[..]
> However, this last address, 2001:470:1:76:2c0:9fff:fe3e:4009, is not
> explicitly configured on the sending server; instead, it is being implicitly
> configured through ip6 autoconf stuff:

Which (autoconfig) you should either not be using on servers, or you 
should be configuring your software properly to select the correct 
outbound address. (I prefer to use the autoconfig one for 'management' 
and using a 'service address' for the service).

SMTP shows that it is perfectly usable for these situations as it nicely 
rejects the message with a proper message automatically telling you on 
how to solve it.

> That is to say, it appears the ietf.org mail server is probably nFrom ietf-bounces at ietf.org  Thu Jul  3 06:57:51 2008
Return-Path: <ietf-bounces at ietf.org>
X-Original-To: ietf-web-archive at megatron.ietf.org
Delivered-To: ietfarch-ietf-web-archive at core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 50E563A6864;
	Thu,  3 Jul 2008 06:57:51 -0700 (PDT)
X-Original-To: ietf at core3.amsl.com
Delivered-To: ietf at core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id D4C173A6864
	for <ietf at core3.amsl.com>; Thu,  3 Jul 2008 06:57:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5
	tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id FY2xQ+Dwq-zd for <ietf at core3.amsl.com>;
	Thu,  3 Jul 2008 06:57:48 -0700 (PDT)
Received: from abaddon.unfix.org (abaddon.unfix.org
	[IPv6:2001:41e0:ff00:0:216:3eff:fe00:4])
	by core3.amsl.com (Postfix) with ESMTP id 631C53A6809
	for <ietf at ietf.org>; Thu,  3 Jul 2008 06:57:48 -0700 (PDT)
Received: from [IPv6:2001:620:20:1000:216:d3ff:fe25:14da]
	(spaghetti.zurich.ibm.com [IPv6:2001:620:20:1000:216:d3ff:fe25:14da])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested) (Authenticated sender: jeroen)
	by abaddon.unfix.org (Postfix) with ESMTPSA id 2F65040200C;
	Thu,  3 Jul 2008 15:57:54 +0200 (CEST)
Message-ID: <486CDAE1.4040905 at spaghetti.zurich.ibm.com>
Date: Thu, 03 Jul 2008 15:57:53 +0200
From: Jeroen Massar <jeroen at unfix.org>
Organization: Unfix
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.8.1.14) Gecko/20080421 Lightning/0.8 Thunderbird/2.0.0.14
	Mnenhy/0.7.5.666
MIME-Version: 1.0
To: Richard Shockey <richard at shockey.us>
Subject: Re: problem dealing w/ ietf.org mail servers
References: <013301c8dca5$22ca0a80$685e1f80$ at us>	<20080703054752.GM6185 at lark.songbird.com>
	<20080703134655.GA17472 at boreas.isi.edu>
In-Reply-To: <20080703134655.GA17472 at boreas.isi.edu>
X-Enigmail-Version: 0.95.6
OpenPGP: id33E7C23
X-Virus-Scanned: ClamAV version 0.93,
	clamav-milter version 0.93 on abaddon.unfix.org
X-Virus-Status: Clean
Cc: Dave Crocker <dcrocker at bbiw.net>, ietf at ietf.org
X-BeenThere: ietf at ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>,
	<mailto:ietf-request at ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf at ietf.org>
List-Help: <mailto:ietf-request at ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>,
	<mailto:ietf-request at ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="==============93742199=="
Sender: ietf-bounces at ietf.org
Errors-To: ietf-bounces at ietf.org

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)

On Wed, Jul 02, 2008 at 10:47:53PM -0700, 'kent' wrote:
[..]
> However, this last address, 2001:470:1:76:2c0:9fff:fe3e:4009, is not
> explicitly configured on the sending server; instead, it is being implicitly
> configured through ip6 autoconf stuff:

Which (autoconfig) you should either not be using on servers, or you 
should be configuring your software properly to select the correct 
outbound address. (I prefer to use the autoconfig one for 'management' 
and using a 'service address' for the service).

SMTP shows that it is perfectly usable for these situations as it nicely 
rejects the message with a proper message automatically telling you on 
how to solve it.

> That is to say, it appears the ietf.org mail server is prow rejecting
> mail from *any* box that is getting a default global ipv6 address, since
> those addresses will most likely not be in ip6.arpa.  There may be a whole
> lot of boxes in this situation. 

Those boxes are not set up correctly thus should not be sending email in 
the first place. For that matter you should actually be 
firewalling+logging port 25 outbound so you can monitor any host in your 
network doing illegal SMTP connects. Spam bots don't use IPv6 yet 
(afaik), but when they are aware how 'open' everything is and especially 
that RBL's don't exist yadda yadda, they might just switch over to that.
Good that the mainstream spamreceivers (gmail/yahoo/etc) don't have IPv6 
yet as that would change that scenario.

Configure your mailservers correctly, it helps you send out mail, and it 
helps avoid others receiving crap from you.

Greets,
 Jeroen

--

For postfix folks:
http://www.postfix.org/IPV6_README.html
8<--------------------------------------------------------
/etc/postfix/main.cf:
    smtp_bind_address6 = 2001:240:587:0:250:56ff:fe89:1
-------------------------------------------------------->8
Other SMTP servers have similar mechanisms.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www.ietf.org/mailman/listinfo/ietf