Poll on SMTP over IPv6 Usage
gert at space.net
Thu Feb 20 15:34:58 CET 2014
On Thu, Feb 20, 2014 at 08:44:59AM +1000, Noel Butler wrote:
> On Wed, 2014-02-19 at 10:54 +0100, Gert Doering wrote:
> > On Wed, Feb 19, 2014 at 02:45:33PM +1000, Noel Butler wrote:
> > > We block only by IP from whatever spam source is used (4, or 6), and
> > > rbldnsd handles ipv6 nicely (albeit in /64's - fair enough too, since
> > > most end users get that, typically), so your MTA's query would get a
> > > response from your DNSBL if it has an entry.
> > Blocking by /64 by default is likely to get collateral damage. Enough
> > people do shared subnets with multiple customers in the same /64 - while
> > I won't recommend it, it is *done*, and blocking the whole /64 because
> > you have seen SPAM from a single IP out of it is hurting the wrong
> > people.
> But, since pretty much every end user gets a /64 (I accept some web
> hosts and vps services do not work that way - including one of my vps
> providers), blocking a /64 would be identical to blocking a single IPv4
> address with NAT, so should be overall, no worse than what we've been
> doing for decades.
It *is* worse, because the assumption "every end user gets a /64" is
just plain *wrong*.
A single counterexample voids the word "every" in maths, and two
counterexamples have been given.
> I would prefer it if rbldnsd allowed smaller, or even singular, but it
> does not, and the reasoning that was given was fair enough, it only
> allows a single IPv6 address if it is an exclusion, you may know this
> already, but for others, as an eg to take out fdid:c01d:1ce:ab/64 but
> allow real mail server fdid:c01d:1ce:ab::10you use
In that case, rbldnsd can not be used for mail filtering on IPv6, as it
is not fit for that purpose.
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 811 bytes
Desc: not available
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20140220/888f6cfd/attachment.bin
More information about the ipv6-ops