[GLLUG] ipv6, privacy addressing, and mail servers.

Chris Bell chrisbell at chrisbell.org.uk
Fri Nov 23 16:49:14 UTC 2018

On Thursday, 22 November 2018 08:41:59 GMT Tim Woodall via GLLUG wrote:
> Hi all,
> In one of my replies yesterday, the cc has been bounced - actually it's
> temp-failing but I'm assuming it will bounce.
> My mailserver is einstein.home.woodall.me.uk. That resolves to four
> addresses, all of which resolve back to einstein as expected.
> But that host is using privacy addressing. So the ip address that it
> uses to connect is merely in the same /64. (Assuming ipv6)
> The target mx in question is trying a reverse lookup, that is failing,
> and then the mx is temp-failing my email.
> What is the 'correct' behaviour?
> 1. I don't want to change privacy addressing - this host also runs a
> squid proxy and I like that the address it uses isn't suitable for
> connecting back to me.
> 2. I could add a wildcard PTR record to einstein - but like 1, this
> makes it easier to determine what address to connect back to me on.
> 3. I could add a wikdcard PTR record that has no matching AAAA record -
> no idea whether this would resolve this issue or not.
> 4. Just say that the target MX is badly configured and ignore the issue.
> With a handful of exceptions, I'm of the school of thought that 'if
> your mailserver doesn't want my email then I'll respect that and not
> bypass your filtering'
> (But I'm not sure if the IP used by a mailserver should always have a
> PTR record or whether it's just the EHLO host)

I am not an expert, but I think that if a destination is given as a short 
CNAME it should reply with its correct full address, which should not cause a 
problem. Consider the case where a single short address applies to a round-
robin set of servers, and there must be at least a short series of exchanges.

Chris Bell
Website http://chrisbell.org.uk

More information about the GLLUG mailing list