Greg Troxel wrote:
  In my SA stats, the majority (+90%) of email inbound is classified as
  rdns_none.

  I have a suspicion that this is due to the IPv6-IPv4 mapped address
  being written into the headers when I am speaking to a non-native IPv6
  MTA:

  Received: from unknown (HELO mail.apache.org) (::ffff:140.211.11.2)
  by pearl.ibctech.ca with SMTP; 28 May 2008 09:13:00 -0000


(I presume you are trying to make this server IPv6 only instead of dual
stack.

...well, not intentionally. My intentions were/are to make this a fully dual-stacked machine that hosts my personal domain that is my first fully IPv6 compliant machine that I've configured.

When my machine had a globally routable v6 address I got some
mail over v6 and some over v4, but didn't used mapped addresses.)

Unfortunately, I'm not intently using mapped addresses. :)

I've got a hacked version of Qmail that uses Simscan to fire SA (at least I believe this is how it works).

I'll need to go through the Qmail sources to find out where it's writing these mapped addresses.

To be honest, I think that the work should focus on fixing the resolver (or whatever calls the resolver) to extract the IPv4 address out of the mapped address, instead of eliminating the mapped address entirely. There are legitimate needs to use mapped addresses.

It seems that your SMTP listener is not correctly doing reverse dns
lookups of mapped addresses,

How can I identify *exactly* what is my SMTP 'listener', and how DNS is called, and by what?

and I'm not sure what the right fix is.
Either the SMTP code should notice the mapped address, pull out the v4
address, and look it up, or the resolver should do this automaticall

I agree. I personally think that the mapped address should remain in the header however. Although I've never tested sending to a mapped address directly, I'll have to...it would be interesting to see how a return to a mapped address ends up if my IPv4 BGP peers go down, but my IPv6 stays up.

(generally pretty hard core about this sort of
thing),

Nice to meet you, I am very much as well (particularly IP and routing :)

"dig -x ::ffff:140.211.11.2" returns NXDOMAIN on a query of

;2.0.b.0.3.d.c.8.f.f.f.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. IN 
PTR

so I'd guess that it's not a normal expectation for a resolver to
extract the mapped address.

No, I see the exact same thing via FBSD, but seems right. I've been going over the resolver code itself lately, so I'll have a look. Perhaps it could be fixed right there, and then the SMTP engine (or anything else that relies on DNS) could stay the same.

After the lookup issue is fixed, the received header would have the hostname.

This is why I didn't know if it were appropriate for the SA list... essentially, I would like to follow up on where in my infrastructure this is broken :)

Just think, I set out to set up a simple mail server on IPv6. While doing so, I've written more patches for software in the last week than I have my whole life...and I'm not even a programmer ;)

Thanks for the input.

Steve



Reply via email to