Greg Troxel wrote:
In my SA stats, the majority (+90%) of email inbound is classified as
rdns_none.
I have a suspicion that this is due to the IPv6-IPv4 mapped address
being written into the headers when I am speaking to a non-native IPv6
MTA:
Received: from unknown (HELO mail.apache.org) (::ffff:140.211.11.2)
by pearl.ibctech.ca with SMTP; 28 May 2008 09:13:00 -0000
(I presume you are trying to make this server IPv6 only instead of dual
stack.
...well, not intentionally. My intentions were/are to make this a fully
dual-stacked machine that hosts my personal domain that is my first
fully IPv6 compliant machine that I've configured.
When my machine had a globally routable v6 address I got some
mail over v6 and some over v4, but didn't used mapped addresses.)
Unfortunately, I'm not intently using mapped addresses. :)
I've got a hacked version of Qmail that uses Simscan to fire SA (at
least I believe this is how it works).
I'll need to go through the Qmail sources to find out where it's writing
these mapped addresses.
To be honest, I think that the work should focus on fixing the resolver
(or whatever calls the resolver) to extract the IPv4 address out of the
mapped address, instead of eliminating the mapped address entirely.
There are legitimate needs to use mapped addresses.
It seems that your SMTP listener is not correctly doing reverse dns
lookups of mapped addresses,
How can I identify *exactly* what is my SMTP 'listener', and how DNS is
called, and by what?
and I'm not sure what the right fix is.
Either the SMTP code should notice the mapped address, pull out the v4
address, and look it up, or the resolver should do this automaticall
I agree. I personally think that the mapped address should remain in the
header however. Although I've never tested sending to a mapped address
directly, I'll have to...it would be interesting to see how a return to
a mapped address ends up if my IPv4 BGP peers go down, but my IPv6 stays up.
(generally pretty hard core about this sort of
thing),
Nice to meet you, I am very much as well (particularly IP and routing :)
"dig -x ::ffff:140.211.11.2" returns NXDOMAIN on a query of
;2.0.b.0.3.d.c.8.f.f.f.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. IN
PTR
so I'd guess that it's not a normal expectation for a resolver to
extract the mapped address.
No, I see the exact same thing via FBSD, but seems right. I've been
going over the resolver code itself lately, so I'll have a look. Perhaps
it could be fixed right there, and then the SMTP engine (or anything
else that relies on DNS) could stay the same.
After the lookup issue is fixed, the received header would have the hostname.
This is why I didn't know if it were appropriate for the SA list...
essentially, I would like to follow up on where in my infrastructure
this is broken :)
Just think, I set out to set up a simple mail server on IPv6. While
doing so, I've written more patches for software in the last week than I
have my whole life...and I'm not even a programmer ;)
Thanks for the input.
Steve