[AusNOG] IPv6 reverse DNS and Mail ...

Noel Butler noel.butler at ausics.net
Tue May 21 17:06:51 EST 2013


On Tue, 2013-05-21 at 09:53 +1000, Karl Auer wrote:

> On Tue, 2013-05-21 at 09:04 +1000, Noel Butler wrote:
> >  SHANE wrote:
> > > > If the customer isn't getting their mail, you're not doing your job. 
> > 
> > Ummm, no, if the clients gets more that could have easily been stopped -
> > I'm not doing my job.
> 
> And right there is the tension between two equally worthy goals. "Our
> job" is making the right judgement and striking the right balance
> between the two requirements.
> 


You will never really make everyone happy, it will never happen, ever
doing it Shane's way will only make the spammers happy.


> Dropping an email *only* because the sender has no PTR record, is IMHO
> going too far in one direction. The lack of a PTR is just one of many


quick look at yesterday on just one box 
5xx Reject unknown client host              45.71%

That's a rather large chunk of trash that amavisd doesn't have to look
at


> 
> IPv6 (which is where this discussion started!) opens up the local LAN.
> NAT disappears, and local subnets become very large, globally
> addressable, and globally reachable (modulo any desired firewalling). It


You don't just chuck a box online do you though, as you indicated you
take the time to set up firewalls, as well as what daemons you want to
run,  again, DNS takes mere seconds, even by to add by hand.


> is *easy* to run servers in the home. No UPnP, no port forwarding,

True, so when your configuring postfix, dovecot, apache, whatever,
configure bind, edit your details in your providers portal if your not
authoritative, or a home or small business user can ask their ISP to set
PTR, yes, I know, my bad for suggesting somebody actually do some
work :)



> One thing that is *not* likely to change without customer pressure is
> the lack of reverse delegation to such peers. Not that it is


Most decent and serious operators in the U.S. learnt a looooong time
ago, back when AOL were a real force, and they added PTR checking, the
problem here is, too many lazy people, too many "charged with
responsibility" that have no experience (not their fault, but a little
research does go a long way - we all started somewhere).
 


> So I would suggest that in the IPv6 world that is coming (slowly :-)
> dropping email based solely on a lack of PTR record is a
> business-damaging, community-damaging, customer-damaging, user-damaging


If they have not learnt from IPv4 days, there is little hope now.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130521/da30e7ca/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: face-smile.png
Type: image/png
Size: 873 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130521/da30e7ca/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130521/da30e7ca/attachment.sig>


More information about the AusNOG mailing list