[GLLUG] ipv6, privacy addressing, and mail servers.
Chris Bell
chrisbell at chrisbell.org.uk
Fri Nov 23 16:49:14 UTC 2018
On Thursday, 22 November 2018 08:41:59 GMT Tim Woodall via GLLUG wrote:
> Hi all,
>
> In one of my replies yesterday, the cc has been bounced - actually it's
> temp-failing but I'm assuming it will bounce.
>
> My mailserver is einstein.home.woodall.me.uk. That resolves to four
> addresses, all of which resolve back to einstein as expected.
>
> But that host is using privacy addressing. So the ip address that it
> uses to connect is merely in the same /64. (Assuming ipv6)
>
> The target mx in question is trying a reverse lookup, that is failing,
> and then the mx is temp-failing my email.
>
> What is the 'correct' behaviour?
>
> 1. I don't want to change privacy addressing - this host also runs a
> squid proxy and I like that the address it uses isn't suitable for
> connecting back to me.
>
> 2. I could add a wildcard PTR record to einstein - but like 1, this
> makes it easier to determine what address to connect back to me on.
>
> 3. I could add a wikdcard PTR record that has no matching AAAA record -
> no idea whether this would resolve this issue or not.
>
> 4. Just say that the target MX is badly configured and ignore the issue.
> With a handful of exceptions, I'm of the school of thought that 'if
> your mailserver doesn't want my email then I'll respect that and not
> bypass your filtering'
>
> (But I'm not sure if the IP used by a mailserver should always have a
> PTR record or whether it's just the EHLO host)
Hello,
I am not an expert, but I think that if a destination is given as a short
CNAME it should reply with its correct full address, which should not cause a
problem. Consider the case where a single short address applies to a round-
robin set of servers, and there must be at least a short series of exchanges.
--
Chris Bell
Website http://chrisbell.org.uk
More information about the GLLUG
mailing list