A simple test for email via IPv6

Ted Mittelstaedt tedm at ipinc.net
Tue Apr 30 13:47:55 CEST 2013 

On 4/30/2013 3:33 AM, Philipp Kern wrote:
> On Tue, Apr 30, 2013 at 03:20:58AM -0700, Ted Mittelstaedt wrote:
>> We aren't talking some opt-in mailing list that could possibly
>> argue that they had a reason to allow a reply to a 3rd party.
>>
>> There is no reason that a proper autoresponder setup for the purpose
>> of testing (that the OP stated) should allow what I did.
>
> Most out-of-office autoresponders do so. Obviously they could also be
> limited to own users, but my feeling is that most aren't. But they
> are commonly throttled which is what I was hinting at.
>
>> Even if it did implement throttling that is not an excuse to allow a
>> 3rd party relay unless it's needed.  And in this case it's not needed.
>
> How is it a 3rd party relay if you don't control the mail that's sent?
> The cost you have is similar to what you would have by connecting
> directly, so it's not even amplification. Obviously the reputation of
> that particular host might suffer.
>
>> I didn't say it was.  I said that it could be abused to stuff up
>> someone's e-mail box.  That implied a lack of throttling of course.
>> I assumed that if the OP was ignoring the sender's IP that they would
>> not have implemented throttling either.
>
> How does the sender's IP matter in your actions? Everybody can fake
> everywhere, you are not required to use the outbound MTA of Gmail,
> for instance.
>

for normal mail.  This is a test autoresponder.  Your conveniently 
ignoring my statement "autoresponder setup for the purpose
of testing (that the OP stated)"

>>>>    I know we're all excited about IPv6 but the problem is that way too
>>>> many people are implementing it without any firewalling, or filtering
>>>> or anything.  Please don't think that the spammers are stupid.
>>> I'm not sure how this relates to the problem at hand, except for
>>> pushing the filtering agenda.
>> Oh good Lord.  So, reasonable mail filtering is now an 'agenda'?
>> Since when did mail filtering become undesirable?
>
> You did not say mail filtering, didn't you? You said implementing IPv6,
> which is different. What's happening here does not depend on IPv6 at
> all.

Once more another attempt to evade the question and just answer it with
another question.  Your prior post labeled filtering an "agenda" your 
going to ignore that now since you realized that labeling filtering an 
"agenda" made you look foolish.
>
>> Please publicly post the IP address of a mailserver YOU administer
>> that is NOT filtered and allows unthrottled autoresponses.  And for
>> extra credit, why don't you open it for open relaying, too?
>
> I said that sane autoreponders implement throttling. You did not
> post that you tried to mail twice and it replied to both attempts.
> (Which is well possible, but you did not say that.)
>

In short, your going to ignore the question and not post any open IPs 
because you do in fact use filtering on your server or servers and your 
not going to admit that you use the very thing your arging against here.

In short, your a hypocrite.  You also have a shocking lack of compassion
for admins all over the world who spend hours cleaning out spam attacks
from unsecured systems that have been hijacked by spammers.  Maybe the
next time you start thinking that the filtering proponents have an
"agenda" the Universe will exercise Karma and you will be called to
deal with a server of yours with a user who let their password go to the 
wild and a spammer used it to hijack one of your servers.


I will repeat my original post.  The OP needs to turn off his 
autoresponder until he hardens it just the way he would harden it
if it was an IPv4 autoresponder.  Throttling it (since I assume it's
not throttled) and limiting it to at least the network that sends
to it (since it is a test autoresponder) is what is called for.

Many guides exist that can be fetched via Google to see how to
properly build an autoresponder.

The discussion was never about the validity of autoresponding.
The issue is that people seem to think that they have a pass to ignore 
basic security when deploying IPv6.

When implementing IPv6 services do not lie to yourself and think
things like "oh nobody uses IPv6 especially the crackers" so it's OK
to just throw together quick hacks.  That is an insecure mentality.
If you want to use quick hacks then setup a test network that is
firewalled off.

After all it is your own machines that will be broken into, and
used to attack other machines.

This will be my last post on this thread, so Philipp if you have some
driving juvenile need to get the last word in, rest assured I won't
respond, no matter how ridiculous and outrageous you make it, you
will get the last word.

Ted

>> Do I really have to explain why it's not polite to walk out into the
>> middle of a crowd in the city and take off all your clothes?  (well,
>> for most people to do that, that is - I can think of a few exceptions)
>
> I'm not sure how this polemic response is related. For odd reasons
> there are laws against this, whereas misbehaving mail servers are
> regulated (i.e., voted down through blacklists) by the internet
> community at large.
>
> Kind regards
> Philipp Kern
>

More information about the ipv6-ops mailing list