Re: incoming smtp from v6 addresses
Randy Bush ra...@psg.com wrote: for incoming mail that is *accepted*, i.e. not stuff like 2012-01-04 00:37:28 REJECT because 118.39.80.118 listed in rbl-plus.mail-abuse.org 2012-01-04 00:37:28 H=(nexo.es) [118.39.80.118] F=ped...@nexo.es rejected RCPT owner-radius...@ops.ietf.org: blocked because 118.39.80.118 is in blacklist at rbl-plus.mail-abuse.org: Mail from 118.39.80.118 blocked using Trend Micro Email Reputation database. Please see http://www.mail-abuse.com/cgi-bin/lookup?118.39.80.118 2012-01-04 00:37:28 no host name found for IP address 118.39.80.118 2012-01-04 00:37:29 REJECT 118.39.80.118 too many bad recip 2012-01-04 00:37:29 REJECT because 118.39.80.118 listed in rbl-plus.mail-abuse.org 7.8% is over ipv6 transport but only 2% of outgoing deliveries are over ipv6. what do other folk see? Main inbound MX for a large educational institution sees around 5% of mails coming in via IPv6. Might be a bit biased due to holiday season. Outbound is mostly running on legacy servers without IPv6, yet :-( Bernhard
Re: incoming smtp from v6 addresses
Randy Bush (randy) writes: 7.8% is over ipv6 transport but only 2% of outgoing deliveries are over ipv6. what do other folk see? What's your primary configuration ? Hub, end user system ? Care to share the methodology ? I can run some stats, but want to be sure we're comparing the same thing :) Cheers, Phil
Re: incoming smtp from v6 addresses
7.8% is over ipv6 transport but only 2% of outgoing deliveries are over ipv6. What's your primary configuration ? Hub, end user system ? the main smtp receiver and sender for maybe 100 users and a few dozen mailing list of small to lower middle class size. Care to share the methodology ? I can run some stats, but want to be sure we're comparing the same thing :) hold your nose zgrep '=.*\[:' /var/spool/exim/log/main* | wc zgrep '=' /var/spool/exim/log/main* | wc and the ever failthful bc :) randy
Re: incoming smtp from v6 addresses
Am 04.01.2012 11:10, schrieb Randy Bush:
for incoming mail that is *accepted*, i.e. not stuff like
2012-01-04 00:37:28 REJECT because 118.39.80.118 listed in
rbl-plus.mail-abuse.org
2012-01-04 00:37:28 H=(nexo.es) [118.39.80.118] F=ped...@nexo.es
rejected RCPT owner-radius...@ops.ietf.org: blocked because 118.39.80.118
is in blacklist at rbl-plus.mail-abuse.org: Mail from 118.39.80.118 blocked
using Trend Micro Email Reputation database. Please see
http://www.mail-abuse.com/cgi-bin/lookup?118.39.80.118
2012-01-04 00:37:28 no host name found for IP address 118.39.80.118
2012-01-04 00:37:29 REJECT 118.39.80.118 too many bad recip
2012-01-04 00:37:29 REJECT because 118.39.80.118 listed in
rbl-plus.mail-abuse.org
7.8% is over ipv6 transport
but only 2% of outgoing deliveries are over ipv6.
what do other folk see?
randy
Received
$ grep 'amavis' mail.log | grep Passed | wc -l
448
$ grep 'amavis' mail.log | grep Passed | grep IPv6 | wc -l
91
$ grep 'amavis' mail.log | grep Passed | grep IPv6 | grep -v
'2001:1838::cc5d:d48a' | wc -l
18
Sent
$ grep 'postfix/smtp' mail.log | grep 'status=sent' | grep -v
'127.0.0.1' |wc -l
253
enceladus:/var/log# grep 'postfix/smtp' mail.log | grep 'status=sent' |
egrep '\[([a-f0-9]{0,4}:)+[a-f0-9]{0,4}\]' | wc -l
19
with most of them going to mailin.v6.t-online.de[2003:2:2:10:fee::32]:25
~40 silent users
Sebastian
Re: incoming smtp from v6 addresses
On Jan 4, 2012, at 5:26 AM, Randy Bush wrote: 7.8% is over ipv6 transport but only 2% of outgoing deliveries are over ipv6. What's your primary configuration ? Hub, end user system ? the main smtp receiver and sender for maybe 100 users and a few dozen mailing list of small to lower middle class size. Care to share the methodology ? I can run some stats, but want to be sure we're comparing the same thing :) hold your nose zgrep '=.*\[:' /var/spool/exim/log/main* | wc zgrep '=' /var/spool/exim/log/main* | wc and the ever failthful bc :) Similar footprint, and I have something like the following on puck: puck:~$ grep IPv6: /var/log/maillog | grep stat=Sent | wc -l 9043 puck:~$ grep stat=Sent /var/log/maillog | wc -l 110343 If gmail were to host for their MX I would see a lot more mail delivered over there. - Jared -- stats -- unique list delivery [mailman@puck jared]$ /home/mailman/bin/find_member @ | grep -v 'found in' | wc -l 26442 [mailman@puck jared]$ /home/mailman/bin/find_member @gmail | grep -v 'found in' | wc -l 7098 unique addresses [mailman@puck jared]$ /home/mailman/bin/find_member @ | grep 'found in' | wc -l 16044 [mailman@puck jared]$ /home/mailman/bin/find_member @gmail | grep 'found in' | wc -l 4076
Re: incoming smtp from v6 addresses
On Wed, Jan 4, 2012 at 3:56 PM, Randy Bush ra...@psg.com wrote: zgrep '=.*\[:' /var/spool/exim/log/main* | wc zgrep '=' /var/spool/exim/log/main* | wc frodo:/home/suresh# zgrep '=.*\[:' /var/log/exim4/mainlog* | wc 16673 385620 7023087 frodo:/home/suresh# zgrep '=' /var/log/exim4/mainlog* | wc 24277 559746 10110840 -- Suresh Ramasubramanian (ops.li...@gmail.com)
Re: incoming smtp from v6 addresses
Received
# grep 'amavis' mail.log | grep Passed | wc -l
1411 (1189 if only counting CLEAN, post amavisd)
#grep 'amavis' mail.log | grep Passed | grep IPv6 | grep -v '::1' | wc -l
255 (253 if only counting CLEAN - so less spam in IPv6 :)
Sent
# grep 'postfix/smtp' mail.log | grep 'status=sent' | grep -v '127.0.0.1' | wc
-l
1422
# grep 'postfix/smtp' mail.log | grep 'status=sent' | egrep
'\[([a-f0-9]{0,4}:)+[a-f0-9]{0,4}\]' | wc -l
13 (filtered out a v6 IP that gets a copy of every mail)
18% incoming, .9% outgoing...
Re: incoming smtp from v6 addresses
In a message written on Wed, Jan 04, 2012 at 07:18:11AM -0500, Jared Mauch wrote: Similar footprint, and I have something like the following on puck: puck:~$ grep IPv6: /var/log/maillog | grep stat=Sent | wc -l 9043 puck:~$ grep stat=Sent /var/log/maillog | wc -l 110343 I have a mail system that has almost 0 technical users on it. % grep IPv6: /var/log/maillog | grep stat=Sent | wc -l 4 % grep stat=Sent /var/log/maillog | wc -l 1298 :( If gmail were to host for their MX I would see a lot more mail delivered over there. Agreed, gmail, yahoo, hotmail and AOL are probably 80% of the total mail on that box, so those four could make a huge swing, individually or collectively. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgpuHbwOarGf9.pgp Description: PGP signature
Re: incoming smtp from v6 addresses
Randy Bush wrote, on 01/04/2012 05:10 AM: 7.8% is over ipv6 transport but only 2% of outgoing deliveries are over ipv6. A consequence of whitelisting? Simon -- DTN made easy, lean, and smart -- http://postellation.viagenie.ca NAT64/DNS64 open-source-- http://ecdysis.viagenie.ca STUN/TURN server -- http://numb.viagenie.ca
Re: incoming smtp from v6 addresses
On 1/4/2012 5:10 AM, Randy Bush wrote: for incoming mail that is *accepted*, i.e. not stuff like 2012-01-04 00:37:28 REJECT because 118.39.80.118 listed in rbl-plus.mail-abuse.org 2012-01-04 00:37:28 H=(nexo.es) [118.39.80.118] F=ped...@nexo.es rejected RCPT owner-radius...@ops.ietf.org: blocked because 118.39.80.118 is in blacklist at rbl-plus.mail-abuse.org: Mail from 118.39.80.118 blocked using Trend Micro Email Reputation database. Please see http://www.mail-abuse.com/cgi-bin/lookup?118.39.80.118 2012-01-04 00:37:28 no host name found for IP address 118.39.80.118 2012-01-04 00:37:29 REJECT 118.39.80.118 too many bad recip 2012-01-04 00:37:29 REJECT because 118.39.80.118 listed in rbl-plus.mail-abuse.org 7.8% is over ipv6 transport but only 2% of outgoing deliveries are over ipv6. For accepted mail today, 2% is v6 for outbound, 4% for v6 is inbound. I suspect the higher inbound values might be due to tech mailling lists which tend to come from IPv6 enabled hosts ? ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/
Re: incoming smtp from v6 addresses
On 1/4/2012 10:46 AM, Mike Tancsa wrote: I suspect the higher inbound values might be due to tech mailling lists which tend to come from IPv6 enabled hosts ? Yeah, all of my (non-internal) ipv6 mail is from such mailing lists. -Dave
Re: incoming smtp from v6 addresses
RB == Randy Bush ra...@psg.com writes:
7.8% is over ipv6 transport
but only 2% of outgoing deliveries are over ipv6.
This is incoming only, mostly mailing lists (including a few *busy* ones):
:; zgrep -Ec 'client=[^[]+\[[^]]+:' /var/log/mail.info* |awk -F: '{i+=$NF} END
{print i}'
33966
:; zgrep -Ec 'client=[^[]+\[[0-9]+\.' /var/log/mail.info* |awk -F: '{i+=$NF}
END {print i}'
176978
so 19.19% ipv6.
That is somewhat biased by the fact that debian and, IIRC, gnome lists
are sent from ipv6-capable hosts and their bugs lists are among the
busiest lists.
For outgoing, s/client/relay/ which results in about 4.75% ipv6.
-JimC
--
James Cloos cl...@jhcloos.com OpenPGP: 1024D/ED7DAEA6
grep --color=yes -Ec 'client=[^[]+\[[^]]+:' /var/log/mail.info
Re: incoming smtp from v6 addresses
On Wed, Jan 4, 2012 at 5:26 AM, Randy Bush ra...@psg.com wrote: hold your nose zgrep '=.*\[:' /var/spool/exim/log/main* | wc zgrep '=' /var/spool/exim/log/main* | wc and the ever failthful bc :) err... one of 4 MX's for home email... (I'll catch the others later on) v6 inbound: $ egrep '\[2...:' /tmp/today.from |wc -l 244 v4 inbound: $ egrep -v '\[2...:' /tmp/today.from |wc -l 135591 percent v4: 135591/(244+135591) * 100 99.82 v6 outbound: $ egrep '\[2...:' /tmp/today.to |wc -l 198 v4 outbound: $ egrep -v '\[2...:' /tmp/today.to |wc -l 196 a note about the OUT numbers... I was apparently bouncing/connection-refusing to a relay over v6 :( so 2 REAL connections out, 196 failures, w00t! (this mailserver does little 'out' email apparently)
