A simple test for email via IPv6

Ted Mittelstaedt tedm at ipinc.net
Tue Apr 30 11:32:59 CEST 2013 

Hi Valeriy,

   Please, please shut this script down immediately until you put
it together properly!

   Here is a transcript of me spamming myself with your script.  Notice
that your script does NO error checking.   I transmitted the mail 
message from the Internet Partners public mailserver with my Gmail
address forged as the senders address and your script happily delivered
it to my Gmail address.

   I hope this adequately demonstrates the potential for abuse.  If
not, imagine if I was a malevolent attacker who wanted to fill up 
someone's Gmailbox with thousands of "Congratula​tions from v6net.ru"
mail messages.

   I know we're all excited about IPv6 but the problem is that way too
many people are implementing it without any firewalling, or filtering
or anything.  Please don't think that the spammers are stupid.

Ted

mail# nslookup
 > set type=MX
 > mail.v6net.ru
Server:         50.198.160.177
Address:        50.198.160.177#53

Non-authoritative answer:
mail.v6net.ru   mail exchanger = 10 ip6.mail.v6net.ru.

Authoritative answers can be found from:
 > set type=aaaa
 > ip6.mail.v6net.ru
Server:         50.198.160.177
Address:        50.198.160.177#53

Non-authoritative answer:
ip6.mail.v6net.ru       has AAAA address 2a02:5800:0:a::144:10

Authoritative answers can be found from:
 > exit
mail# telnet 2a02:5800:0:a::144:10 25
Trying 2a02:5800:0:a::144:10...
Connected to gamma.bestcom.ru.
Escape character is '^]'.
220 gamma.bestcom.ru ESMTP Postfix
HELO mail.ipinc.net
250 gamma.bestcom.ru
MAIL FROM:<tmittelstaedt at gmail.com>
250 2.1.0 Ok
RCPT TO:<test at mail.v6net.ru>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
From: tmittelstaedt at gmail.com
To: test at mail.v6net.ru
Subject:  Eat Me

eat me
.
250 2.0.0 Ok: queued as DC4AB814175
quit
221 2.0.0 Bye
Connection closed by foreign host.
mail#


On 4/30/2013 12:28 AM, Валерий Солдатов wrote:
> Hello,
> I wrote a little script-autoresponder, it helps to check delivery of email via IPv6.
> Simply send an email to test at mail.v6net.ru.
>
> If we get it via IPv6, you will receive a confirmation letter with congratulations.
> If we get it via IPv4, you will receive an error message about non-existing domain.
> (MX record for mail.v6net.ru references only to AAAA-record).
>
> Tested via gmail - OK
> Hope this helps someone.
>
>
> Valeriy Soldatov, Best Telecom ISP, Russia
>

More information about the ipv6-ops mailing list