Kolusion K via Postfix-users <postfix-users@postfix.org> wrote: > So I have a bizarre problem. I can't send e-mail to some servers but I can to > others. The e-mail that doesn't get sent is due to the connection timing out > to the remote server. > > Another strange problem is that some people can e-mail me while others can't. > > This is how my e-mail server is setup off the top of my head: > > E-mail server has a CG-NAT IP address.
Citating https://en.wikipedia.org/wiki/Carrier-grade_NAT Disadvantages Critics of carrier-grade NAT argue the following aspects: • Like any form of NAT, it breaks the end-to-end principle.[6] • It has significant security, scalability, and reliability problems, by virtue of being stateful. • It does not solve the IPv4 address exhaustion problem when a public IP address is needed, such as in web hosting. Carrier-grade NAT usually prevents the ISP customers from using port forwarding, because the network address translation (NAT) is usually implemented by mapping ports of the NAT devices in the network to other ports in the external interface. This is done so the router will be able to map the responses to the correct device; in carrier-grade NAT networks, even though the router at the consumer end might be configured for port forwarding, the "master router" of the ISP, which runs the CGN, will block this port forwarding because the actual port would not be the port configured by the consumer.[7] In order to overcome the former disadvantage, the Port Control Protocol (PCP) has been standardized in the RFC 6887. In cases of banning traffic based on IP addresses, the system might block the traffic of a spamming user by banning the user's IP address. If that user happens to be behind carrier-grade NAT, other users sharing the same public address with the spammer will be mistakenly blocked.[7] This can create serious problems for forum and wiki administrators attempting to address disruptive actions from a single user sharing an IP address with legitimate users. FYI, Michael _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
