Loading ...
Sorry, an error occurred while loading the content.

Re: Google rejecting IPv6 mails

Expand Messages
  • Stan Hoeppner
    ... Agreed. Postfix reject_unknown_reverse_client_hostname is functionally equivalent to what Google is doing here. And I d guess everyone here enables this
    Message 1 of 64 , Oct 7, 2013
    • 0 Attachment
      On 10/7/2013 12:25 PM, Jim Reid wrote:
      > On 7 Oct 2013, at 18:15, Erwan David <erwan@...> wrote:
      >
      >> Google is really rejecting emails in IPv6 because of a lack of PTR...
      >
      > If that's the case, good. Just do The Right Thing and arrange a valid PTR for the IPv6 address that speaks SMTP. This should be simpler and less hassle than changing the postfix config. Or adding more workaround to that when someone finds yet more mail providers who reject connections from addresses with no reverse DNS.
      >
      > SMTP from an address with no reverse DNS is a fairly good indicator of a spam source. YMMV.

      Agreed.

      Postfix' reject_unknown_reverse_client_hostname is functionally
      equivalent to what Google is doing here. And I'd guess everyone here
      enables this restriction. And if not, they should. Hmm...that makes me
      wonder...

      Since Postscreen stops bots without checking for existence of PTR, I'm
      wondering if many folks have simply eliminated this restriction in
      main.cf, and thus forgotten how critical PTR is as a first level of
      trust evaluation of inbound SMTP connections.

      Yesterday reject_unknown_reverse_client_hostname accounted for 45% of
      rejected spam attempts here. I do not use Postscreen. And neither does
      Google, and their MTA is self baked.

      --
      Stan
    • /dev/rob0
      ... Amen. Along those lines, Postfix 2.11 will be the most important minor version since the introduction of postscreen itself in 2.8. At last we can have the
      Message 64 of 64 , Oct 13, 2013
      • 0 Attachment
        On Sun, Oct 13, 2013 at 09:26:12PM +0200, Dominik George wrote:
        > > There is, in fact, no reliable lsit of *all* mail hosts that will
        > > ever (as in, for a long time in the future) be the sending MTAs
        > > of Google-hosted domains.
        >
        > Apart from that, I am tired of implementing exceptions for each and
        > every big proprietary mail provider out there. If a company desires
        > to take part in federated e-mail communicaiton, I expect them to
        > set up there stuff the way others expect it. If there setup is too
        > huge to manage it without awkward tricks, like Google dynamically
        > assigning roles to servers and not even reliably using subnets,
        > whatever, for certain roles, then they are by definition not up to
        > the task of operating it, be it for conceptional or personnel
        > limitations. If we go ahead and teach all _other_ mail systems to
        > fit their needs, we effectively do the work their customers pay
        > them for.
        >
        > I am close to deciding not to opt-in to that and simply not
        > accepting their mail if I can't using standard configurations.

        Amen. Along those lines, Postfix 2.11 will be the most important
        minor version since the introduction of postscreen itself in 2.8. At
        last we can have the benefits of postscreen zombie detection without
        the pain of greylisting.

        Gmail and just about every big proprietary mail provider out there
        maintains lists of their hosts on dnswl.org. Postscreen with a
        relatively simple DNSBL configuration, including a negative point
        lookup for list.dnswl.org, will make this all very easy and low
        maintenance. (Consider signing up for dnswl.org yourself; it costs
        only a few minutes of your time.)

        http://www.postfix.org/postconf.5.html#postscreen_dnsbl_whitelist_threshold
        http://dnswl.org/

        My postscreen page, not yet updated for 2.11:
        http://rob0.nodns4.us/postscreen.html
        --
        http://rob0.nodns4.us/ -- system administration and consulting
        Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
      Your message has been successfully submitted and would be delivered to recipients shortly.