Re: incoming smtp from v6 addresses

2012-01-06 Thread Bernhard Schmidt 
Randy Bush  wrote:
> for incoming mail that is *accepted*, i.e. not stuff like
> 2012-01-04 00:37:28 REJECT because 118.39.80.118 listed in 
> rbl-plus.mail-abuse.org
> 2012-01-04 00:37:28 H=(nexo.es) [118.39.80.118] F= 
> rejected RCPT : blocked because 118.39.80.118 
> is in  blacklist at rbl-plus.mail-abuse.org: Mail from 118.39.80.118 blocked 
> using Trend Micro Email Reputation database. Please see 
> 
> 2012-01-04 00:37:28 no host name found for IP address 118.39.80.118
> 2012-01-04 00:37:29 REJECT 118.39.80.118 too many bad recip
> 2012-01-04 00:37:29 REJECT because 118.39.80.118 listed in 
> rbl-plus.mail-abuse.org
>
> 7.8% is over ipv6 transport
>
> but only 2% of outgoing deliveries are over ipv6.
>
> what do other folk see?

Main inbound MX for a large educational institution sees around 5% of
mails coming in via IPv6. Might be a bit biased due to holiday season.

Outbound is mostly running on legacy servers without IPv6, yet :-(

Bernhard

Re: incoming smtp from v6 addresses

2012-01-04 Thread Christopher Morrow 
On Wed, Jan 4, 2012 at 5:26 AM, Randy Bush  wrote:
> hold your nose
>
> zgrep '<=.*\[:' /var/spool/exim/log/main* | wc
> zgrep '<=' /var/spool/exim/log/main* | wc
>
> and the ever failthful bc :)

err... one of 4 MX's for home email... (I'll catch the others later on)

v6 inbound: $ egrep '\[2...:' /tmp/today.from |wc -l
244
v4 inbound: $ egrep -v '\[2...:' /tmp/today.from |wc -l
135591

percent v4:
135591/(244+135591) * 100
99.82

v6 outbound: $ egrep '\[2...:' /tmp/today.to |wc -l
  198
v4 outbound: $ egrep -v '\[2...:' /tmp/today.to |wc -l
  196

a note about the OUT numbers... I was apparently
bouncing/connection-refusing to a relay over v6 :( so 2 REAL
connections out, 196 failures, w00t! (this mailserver does little
'out' email apparently)

Re: incoming smtp from v6 addresses

2012-01-04 Thread James Cloos 
> "RB" == Randy Bush  writes:

>>> 7.8% is over ipv6 transport
>>> but only 2% of outgoing deliveries are over ipv6.

This is incoming only, mostly mailing lists (including a few *busy* ones):

:; zgrep -Ec 'client=[^[]+\[[^]]+:' /var/log/mail.info* |awk -F: '{i+=$NF} END 
{print i}'
33966

:; zgrep -Ec 'client=[^[]+\[[0-9]+\.' /var/log/mail.info* |awk -F: '{i+=$NF} 
END {print i}'
176978

so 19.19% ipv6.

That is somewhat biased by the fact that debian and, IIRC, gnome lists
are sent from ipv6-capable hosts and their bugs lists are among the
busiest lists.

For outgoing, s/client/relay/ which results in about 4.75% ipv6.

-JimC
-- 
James Cloos  OpenPGP: 1024D/ED7DAEA6

grep --color=yes -Ec 'client=[^[]+\[[^]]+:' /var/log/mail.info

Re: incoming smtp from v6 addresses

2012-01-04 Thread Dave Israel 

On 1/4/2012 10:46 AM, Mike Tancsa wrote:
I suspect the higher inbound values might be due to tech mailling 
lists which tend to come from IPv6 enabled hosts ?


Yeah, all of my (non-internal) ipv6 mail is from such mailing lists.

-Dave

Re: incoming smtp from v6 addresses

2012-01-04 Thread Mike Tancsa 
On 1/4/2012 5:10 AM, Randy Bush wrote:
> for incoming mail that is *accepted*, i.e. not stuff like
> 2012-01-04 00:37:28 REJECT because 118.39.80.118 listed in 
> rbl-plus.mail-abuse.org
> 2012-01-04 00:37:28 H=(nexo.es) [118.39.80.118] F= 
> rejected RCPT : blocked because 118.39.80.118 
> is in  blacklist at rbl-plus.mail-abuse.org: Mail from 118.39.80.118 blocked 
> using Trend Micro Email Reputation database. Please see 
> 
> 2012-01-04 00:37:28 no host name found for IP address 118.39.80.118
> 2012-01-04 00:37:29 REJECT 118.39.80.118 too many bad recip
> 2012-01-04 00:37:29 REJECT because 118.39.80.118 listed in 
> rbl-plus.mail-abuse.org
> 
> 7.8% is over ipv6 transport
> 
> but only 2% of outgoing deliveries are over ipv6.

For accepted mail today,

2% is v6 for outbound,
4% for v6 is inbound.

I suspect the higher inbound values might be due to tech mailling lists
which tend to come from IPv6 enabled hosts ?

---Mike


-- 
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada   http://www.tancsa.com/

Re: incoming smtp from v6 addresses

2012-01-04 Thread Simon Perreault 
Randy Bush wrote, on 01/04/2012 05:10 AM:
> 7.8% is over ipv6 transport
> 
> but only 2% of outgoing deliveries are over ipv6.

A consequence of  whitelisting?

Simon
-- 
DTN made easy, lean, and smart --> http://postellation.viagenie.ca
NAT64/DNS64 open-source--> http://ecdysis.viagenie.ca
STUN/TURN server   --> http://numb.viagenie.ca

Re: incoming smtp from v6 addresses

2012-01-04 Thread Leo Bicknell 
In a message written on Wed, Jan 04, 2012 at 07:18:11AM -0500, Jared Mauch 
wrote:
> Similar footprint, and I have something like the following on puck:
> 
> puck:~$ grep IPv6: /var/log/maillog | grep stat=Sent | wc -l
> 9043
> puck:~$   grep stat=Sent /var/log/maillog | wc -l
> 110343

I have a mail system that has almost 0 technical users on it.

%   grep IPv6: /var/log/maillog | grep stat=Sent | wc -l
   4
%   grep stat=Sent /var/log/maillog | wc -l
1298

:(

> If gmail were to host  for their MX I would see a lot more mail delivered 
> over there.

Agreed, gmail, yahoo, hotmail and AOL are probably 80% of the total mail
on that box, so those four could make a huge swing, individually or
collectively.

-- 
   Leo Bicknell - bickn...@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/


pgpuHbwOarGf9.pgp
Description: PGP signature

Re: incoming smtp from v6 addresses

2012-01-04 Thread Phil Regnauld 

Received

# grep 'amavis' mail.log | grep Passed | wc -l

1411 (1189 if only counting CLEAN, post amavisd)

#grep 'amavis' mail.log | grep Passed | grep IPv6 | grep -v '::1' | wc -l

255 (253 if only counting CLEAN - so less spam in IPv6 :)

Sent

# grep 'postfix/smtp' mail.log | grep 'status=sent' | grep -v '127.0.0.1' | wc 
-l

1422

# grep 'postfix/smtp' mail.log | grep 'status=sent' | egrep 
'\[([a-f0-9]{0,4}:)+[a-f0-9]{0,4}\]' | wc -l

13 (filtered out a v6 IP that gets a copy of every mail)


18% incoming, .9% outgoing...

Re: incoming smtp from v6 addresses

2012-01-04 Thread Suresh Ramasubramanian 
On Wed, Jan 4, 2012 at 3:56 PM, Randy Bush  wrote:
> zgrep '<=.*\[:' /var/spool/exim/log/main* | wc
> zgrep '<=' /var/spool/exim/log/main* | wc

frodo:/home/suresh# zgrep '<=.*\[:' /var/log/exim4/mainlog* | wc
  16673  385620 7023087

frodo:/home/suresh# zgrep '<=' /var/log/exim4/mainlog* | wc
  24277  559746 10110840


-- 
Suresh Ramasubramanian (ops.li...@gmail.com)

Re: incoming smtp from v6 addresses

2012-01-04 Thread Jared Mauch 

On Jan 4, 2012, at 5:26 AM, Randy Bush wrote:

>>> 7.8% is over ipv6 transport
>>> but only 2% of outgoing deliveries are over ipv6.
>> What's your primary configuration ?  Hub, end user system ?
> 
> the main smtp receiver and sender for  maybe 100 users and a few
> dozen mailing list of small to lower middle class size.
> 
>> Care to share the methodology ? I can run some stats, but want
>> to be sure we're comparing the same thing :)
> 
> hold your nose
> 
> zgrep '<=.*\[:' /var/spool/exim/log/main* | wc
> zgrep '<=' /var/spool/exim/log/main* | wc
> 
> and the ever failthful bc :)

Similar footprint, and I have something like the following on puck:

puck:~$ grep IPv6: /var/log/maillog | grep stat=Sent | wc -l
9043
puck:~$   grep stat=Sent /var/log/maillog | wc -l
110343

If gmail were to host  for their MX I would see a lot more mail delivered 
over there.

- Jared

-- stats --
unique list delivery

[mailman@puck jared]$ /home/mailman/bin/find_member @ | grep -v 'found in' | wc 
-l
26442
[mailman@puck jared]$ /home/mailman/bin/find_member @gmail | grep -v 'found in' 
| wc -l
7098

unique addresses

[mailman@puck jared]$ /home/mailman/bin/find_member @ | grep 'found in' | wc -l
16044
[mailman@puck jared]$ /home/mailman/bin/find_member @gmail | grep 'found in' | 
wc -l
4076

Re: incoming smtp from v6 addresses

2012-01-04 Thread Sebastian Spies 
Am 04.01.2012 11:10, schrieb Randy Bush:
> for incoming mail that is *accepted*, i.e. not stuff like
> 2012-01-04 00:37:28 REJECT because 118.39.80.118 listed in 
> rbl-plus.mail-abuse.org
> 2012-01-04 00:37:28 H=(nexo.es) [118.39.80.118] F= 
> rejected RCPT : blocked because 118.39.80.118 
> is in  blacklist at rbl-plus.mail-abuse.org: Mail from 118.39.80.118 blocked 
> using Trend Micro Email Reputation database. Please see 
> 
> 2012-01-04 00:37:28 no host name found for IP address 118.39.80.118
> 2012-01-04 00:37:29 REJECT 118.39.80.118 too many bad recip
> 2012-01-04 00:37:29 REJECT because 118.39.80.118 listed in 
> rbl-plus.mail-abuse.org
>
> 7.8% is over ipv6 transport
>
> but only 2% of outgoing deliveries are over ipv6.
>
> what do other folk see?
>
> randy

Received

$ grep 'amavis' mail.log | grep Passed | wc -l
448

$ grep 'amavis' mail.log | grep Passed | grep IPv6 | wc -l
91

$ grep 'amavis' mail.log | grep Passed  | grep IPv6 | grep -v
'2001:1838::cc5d:d48a' | wc -l
18


Sent

$ grep 'postfix/smtp' mail.log | grep 'status=sent' | grep -v
'127.0.0.1' |wc -l
253

enceladus:/var/log# grep 'postfix/smtp' mail.log | grep 'status=sent' |
egrep '\[([a-f0-9]{0,4}:)+[a-f0-9]{0,4}\]' | wc -l
19

with most of them going to mailin.v6.t-online.de[2003:2:2:10:fee::32]:25
~40 silent users


Sebastian

Re: incoming smtp from v6 addresses

2012-01-04 Thread Randy Bush 
>> 7.8% is over ipv6 transport
>> but only 2% of outgoing deliveries are over ipv6.
> What's your primary configuration ?  Hub, end user system ?

the main smtp receiver and sender for  maybe 100 users and a few
dozen mailing list of small to lower middle class size.

> Care to share the methodology ? I can run some stats, but want
> to be sure we're comparing the same thing :)

hold your nose

zgrep '<=.*\[:' /var/spool/exim/log/main* | wc
zgrep '<=' /var/spool/exim/log/main* | wc

and the ever failthful bc :)

randy

Re: incoming smtp from v6 addresses

2012-01-04 Thread Phil Regnauld 
Randy Bush (randy) writes:
> 
> 7.8% is over ipv6 transport
> 
> but only 2% of outgoing deliveries are over ipv6.
> 
> what do other folk see?

What's your primary configuration ?  Hub, end user system ?

Care to share the methodology ? I can run some stats, but want
to be sure we're comparing the same thing :)

Cheers,
Phil

incoming smtp from v6 addresses

2012-01-04 Thread Randy Bush 
for incoming mail that is *accepted*, i.e. not stuff like
2012-01-04 00:37:28 REJECT because 118.39.80.118 listed in 
rbl-plus.mail-abuse.org
2012-01-04 00:37:28 H=(nexo.es) [118.39.80.118] F= rejected 
RCPT : blocked because 118.39.80.118 is in  
blacklist at rbl-plus.mail-abuse.org: Mail from 118.39.80.118 blocked using 
Trend Micro Email Reputation database. Please see 

2012-01-04 00:37:28 no host name found for IP address 118.39.80.118
2012-01-04 00:37:29 REJECT 118.39.80.118 too many bad recip
2012-01-04 00:37:29 REJECT because 118.39.80.118 listed in 
rbl-plus.mail-abuse.org

7.8% is over ipv6 transport

but only 2% of outgoing deliveries are over ipv6.

what do other folk see?

randy