Date: Fri, 1 Oct 2021 14:24:01 -0700 From: Michael Sierchio <kudzu@tenebras.com> To: Doug McIntyre <merlyn@geeks.org> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: FreeBSD.org MX servers refusing mail from host via ipv6 Message-ID: <CAHu1Y737dEc4CYMWCtxSiiFxTJ7LPpqOL-0b=2oY84XQZ0r_1Q@mail.gmail.com> In-Reply-To: <YVdyi10zTG3MiQWd@geeks.org> References: <8BF8713A-6677-4BAD-A61B-9A7B5D9CC297@gmail.com> <YVdyi10zTG3MiQWd@geeks.org>
index | next in thread | previous in thread | raw e-mail
On Fri, Oct 1, 2021 at 1:42 PM Doug McIntyre <merlyn@geeks.org> wrote: > > As much as I think it is worthless security, this has been the > standard for quite some time on IPv4, and IPv6 copied it along. I'm > not sure you'd find more than a handful of mail servers out there that > would let a mailserver without a reverse PTR setup to talk to them > either on IPv4 nor IPv6. So, if you don't get to control your IPv6 > reverse PTR, you probably shouldn't be sending email from that > machine, because none of it is going to get through. > It's not only not a positive security tactic, it's negative – if I can get you to do a PTR lookup from the NS host that's authoritative for my domain, I can craft a response that does interesting things to vulnerable versions of BIND. It's almost as stupid as doing an ident on the TCP connection.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHu1Y737dEc4CYMWCtxSiiFxTJ7LPpqOL-0b=2oY84XQZ0r_1Q>