Date: Fri, 1 Oct 2021 14:24:01 -0700 From: Michael Sierchio <kudzu@tenebras.com> To: Doug McIntyre <merlyn@geeks.org> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: FreeBSD.org MX servers refusing mail from host via ipv6 Message-ID: <CAHu1Y737dEc4CYMWCtxSiiFxTJ7LPpqOL-0b=2oY84XQZ0r_1Q@mail.gmail.com> In-Reply-To: <YVdyi10zTG3MiQWd@geeks.org> References: <8BF8713A-6677-4BAD-A61B-9A7B5D9CC297@gmail.com> <YVdyi10zTG3MiQWd@geeks.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 1, 2021 at 1:42 PM Doug McIntyre <merlyn@geeks.org> wrote: > > As much as I think it is worthless security, this has been the > standard for quite some time on IPv4, and IPv6 copied it along. I'm > not sure you'd find more than a handful of mail servers out there that > would let a mailserver without a reverse PTR setup to talk to them > either on IPv4 nor IPv6. So, if you don't get to control your IPv6 > reverse PTR, you probably shouldn't be sending email from that > machine, because none of it is going to get through. > It's not only not a positive security tactic, it's negative =E2=80=93 if I= can get you to do a PTR lookup from the NS host that's authoritative for my domain, I can craft a response that does interesting things to vulnerable versions of BIND. It's almost as stupid as doing an ident on the TCP connection.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHu1Y737dEc4CYMWCtxSiiFxTJ7LPpqOL-0b=2oY84XQZ0r_1Q>