Poll on SMTP over IPv6 Usage

Gert Doering gert at space.net
Thu Feb 20 15:34:58 CET 2014


On Thu, Feb 20, 2014 at 08:44:59AM +1000, Noel Butler wrote:
> On Wed, 2014-02-19 at 10:54 +0100, Gert Doering wrote:
> > On Wed, Feb 19, 2014 at 02:45:33PM +1000, Noel Butler wrote:
> > > We block only by IP from whatever spam source is used (4, or 6), and
> > > rbldnsd handles ipv6 nicely (albeit in /64's - fair enough too, since
> > > most end users get that, typically), so your MTA's query would get a
> > > response from your DNSBL if it has an entry. 
> > 
> > Blocking by /64 by default is likely to get collateral damage.  Enough
> > people do shared subnets with multiple customers in the same /64 - while
> > I won't recommend it, it is *done*, and blocking the whole /64 because
> > you have seen SPAM from a single IP out of it is hurting the wrong
> > people.
> But, since pretty much every end user gets a /64 (I accept some web
> hosts and vps services do not work that way - including one of my vps
> providers), blocking a /64 would be identical to blocking a single IPv4
> address with NAT, so should be overall, no worse than what we've been
> doing for decades.

It *is* worse, because the assumption "every end user gets a /64" is 
just plain *wrong*.  

A single counterexample voids the word "every" in maths, and two 
counterexamples have been given.

> I would prefer it if rbldnsd allowed smaller, or even singular, but it
> does not, and the reasoning that was given was fair enough, it only
> allows a single IPv6 address if it is an exclusion, you may know this
> already, but for others, as an eg to take out fdid:c01d:1ce:ab/64   but
> allow real mail server  fdid:c01d:1ce:ab::10you use

In that case, rbldnsd can not be used for mail filtering on IPv6, as it 
is not fit for that purpose.

Gert Doering
        -- NetMaster
have you enabled IPv6 on something today...?

SpaceNet AG                        Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444           USt-IdNr.: DE813185279
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 811 bytes
Desc: not available
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20140220/888f6cfd/attachment.bin 

More information about the ipv6-ops mailing list