FreeBSD.org MX servers refusing mail from host via ipv6
Michael Sierchio
kudzu at tenebras.com
Fri Oct 1 21:24:39 UTC 2021
On Fri, Oct 1, 2021 at 1:42 PM Doug McIntyre <merlyn at geeks.org> wrote:
>
> As much as I think it is worthless security, this has been the
> standard for quite some time on IPv4, and IPv6 copied it along. I'm
> not sure you'd find more than a handful of mail servers out there that
> would let a mailserver without a reverse PTR setup to talk to them
> either on IPv4 nor IPv6. So, if you don't get to control your IPv6
> reverse PTR, you probably shouldn't be sending email from that
> machine, because none of it is going to get through.
>
It's not only not a positive security tactic, it's negative – if I can get
you to do a PTR lookup from the NS host that's authoritative for my domain,
I can craft a response that does interesting things to vulnerable versions
of BIND. It's almost as stupid as doing an ident on the TCP connection.
More information about the freebsd-questions
mailing list