[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [rt.amsl.com #7269] ietf.org mail blocking?

To: glen at amsl.com
Subject: Re: [rt.amsl.com #7269] ietf.org mail blocking?
From: "Eric Rescorla" <ekr at rtfm.com>
Date: Fri, 9 May 2008 13:14:28 -0700
Cc: fluffy at cisco.com, Working Group Chairs <wgchairs at ietf.org>, "Peterson, Jon" <jon.peterson at neustar.biz>
Delivered-to: ietfarch-wgchairs-web-archive at core3.amsl.com
Delivered-to: wgchairs at core3.amsl.com
In-reply-to: <rt-3.6.5-18478-1210362795-1958.7269-6-0@rt.amsl.com>
List-help: <mailto:wgchairs-request@ietf.org?subject=help>
List-id: Working Group Chairs <wgchairs.ietf.org>
List-post: <mailto:wgchairs@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/wgchairs>, <mailto:wgchairs-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/wgchairs>, <mailto:wgchairs-request@ietf.org?subject=unsubscribe>
References: <RT-Ticket-7269@rt.amsl.com> <d3aa5d00805091140p7792a867kc39f5952263f721@mail.gmail.com> <rt-3.6.5-18478-1210362795-1958.7269-6-0@rt.amsl.com>
Sender: wgchairs-bounces at ietf.org

On Fri, May 9, 2008 at 12:53 PM, Glen via RT <ietf-action at ietf.org> wrote:
> On Fri May 09 12:10:14 2008, ekr at rtfm.com wrote:
>> When I submitted my position paper today for the IETF RFC , I was a
>> little
>> surprised not to get the promised acknowledgement. A little digging
>> around revealed that my mail was getting rejected by the IETF
>> mail server, first with a timeout during initial hello:
>> and ultimately with a reverse resolution failure:
>
>> Note that my IP actually does resolve, though I admit not to the name
>> of my machine. You can blame comcast for this one.
>> limbo-randy3:~> nslookup 74.95.2.173
>> Not sure what's going on here, but this seems like a new and rather
>> undesirable configuration setting.
>
> Hi Eric -
>
> I'm sorry you're encountering problems.
>
> We have not changed anything here recently, so I can't speak to the
> past, but let me tell you what I see from this end:

Well, I'm not sure what to tell you, because I haven't changed my configuration
either. Perhaps comcast has.

> Your machine HELO'ed as "romeo.rtfm.com"... except that host doesn't
> seem to exist or resolve:
>
> core3:/home/glen # host romeo.rtfm.com
> Host romeo.rtfm.com.amsl.com not found: 3(NXDOMAIN)
>
> And while your IP address does resolve at this time:
> core3:/home/glen # host 74.95.2.173
> 173.2.95.74.in-addr.arpa domain name pointer
> 74-95-2-173-SFBA.hfc.comcastbusiness.net.
>
> ... it is possible that, earlier, it wasn't resolving.

Well, you're still rejecting my mail. Perhaps the problem is that there
is no forward record for 74-95-2-173-SFBA.hfc.comcastbusiness.net.

> At any rate, I'm happy to do whatever you like, but I disagree that
> rejecting obviously differing data is undesirable, simply because of the
> strong desire of "the community" to be spam-free.

I'd be interested to know if you have any data that indicates that this
kind of check has any impact whatsoever on spam.  If not, this is just
a gratuitous source of false positives.

I'm also not sure I agree with your characterization of the desires of
the community. In particular, the IESG statement on spam control
http://www.ietf.org/IESG/STATEMENTS/spam-control-policy.html
says:

* IETF mailing lists MUST provide a mechanism for legitimate technical
participants to bypass moderation, challenge-response, or other techniques
that would interfere with a prompt technical debate on the mailing list
without requiring such participants to receive list traffic.

But since my mail is being blocked before it ever gets to the MLA, this
check would seem to violate this requirement.

> Would it be possible for you to add your host to your domain so it
> resolves?  Would it be possible for Comcast to reverse-delegate your IP
> block to you, or set up more accurate reverse resolution records for
> you?  Would it be possible for your outgoing mail to relay through your
> ISP's authoritative mail server, to ensure that resolution works?

I regularly send mail from my laptop with dynamic addresses, so, no,
none of these things will work reliably for me.

> Here are things I can do to compensate:
>
> 1. I could whitelist your IP address in our access tables (pointless if
> you're dynamic).
>
> 2. I could whitelist your "rtfm.com" domain (very cool name) in our
> access tables.  Or your email address.
>
> Or, of course, I could gloablly disable the check for invalid hostnames
> systemwide.

This is a category error. They're not invalid hostnames. They're hostnames
that don't appear in the DNS, which is not the same thing at all.

> Also, I've cc'ed the wgchairs list on this response - because you cc'ed
> them on your ticket filing - but I cannot leave the list as a permanent
> ticket cc because of the potential for floding.  So when you file a
> ticket, I'd recommend not cc'ing the whole world - or at least not
> mailing lists - since RT can be a bit, umm, "difficult" about things
> like that.

Actually, you didn't cc wgchairs. I've fixed that and replaced the ietf-action
mail with your direct address to avoid excessive ticket creation.

-Ekr

Follow-Ups:
- Re: [rt.amsl.com #7269] ietf.org mail blocking?
  - From: James M Galvin
- Re: [rt.amsl.com #7269] ietf.org mail blocking?
  - From: Barry Leiba

References:
- ietf.org mail blocking?
  - From: Eric Rescorla

Prev by Date: Ticket Response
Next by Date: Re: [rt.amsl.com #7269] ietf.org mail blocking?
Previous by thread: Re: ietf.org mail blocking?
Next by thread: Re: [rt.amsl.com #7269] ietf.org mail blocking?
Index(es):
- Date
- Thread