[Bloat] ipv6 now disabled for lists.bufferbloat.net

[Bloat] ipv6 now disabled for lists.bufferbloat.net

[Dave Taht]

For no reason that I've been able to discern, for months and months
now, nearly any use of ipv6 as an email transport has ended up getting
the ipv6 address blocked in spamhaus's SBL listing, and thus a lot of
email has been blocked. IPv4, seems ok, but for all I know
whatever's triggering it only triggers when ipv6 is used. So I've
given up on ipv6 and switched it over to ipv4 only.

If anyone has any insight on how to run a dual stack email server
correctly nowadays, please contact me offlist?! If anybody here
actually needs to talk to this server over ipv6, well.....

--

Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740

Re: [Bloat] ipv6 now disabled for lists.bufferbloat.net

[Dave Taht]

'course, a pretty huge percentage of our traffic USED to run over ipv6...

Re: [Bloat] ipv6 now disabled for lists.bufferbloat.net

[Michael Richardson]

[-- Attachment #1: Type: text/plain, Size: 953 bytes --]



On 2019-11-09 1:56 p.m., Dave Taht wrote:
> For no reason that I've been able to discern, for months and months
> now, nearly any use of ipv6 as an email transport has ended up getting
> the ipv6 address blocked in spamhaus's SBL listing, and thus a lot of
> email has been blocked. IPv4, seems ok, but for all I know
> whatever's triggering it only triggers when ipv6 is used. So I've
> given up on ipv6 and switched it over to ipv4 only.

I'm sorry to hear that.  can we still send to you on v6?

Spamhaus is useless.  Discourage it as widely as you can. They seem to
be on autopilot.
I have blackholed a few IPv6 for destinations that I can't live without,
and I've pushed ietf.org to whitelist me in to avoid their spamhaus
dependancy.    The major problem is that the SBL listing uses a bunch of
other listings which nobody maintains and which have some bogus rules.
Like that SLAAC addresses as instantly suspicious.



[-- Attachment #2: pEpkey.asc --]
[-- Type: application/pgp-keys, Size: 2501 bytes --]

Re: [Bloat] ipv6 now disabled for lists.bufferbloat.net

[Dave Taht]

On Sat, Nov 9, 2019 at 6:18 PM Michael Richardson <mcr@sandelman.ca> wrote:
>
>
>
> On 2019-11-09 1:56 p.m., Dave Taht wrote:
> > For no reason that I've been able to discern, for months and months
> > now, nearly any use of ipv6 as an email transport has ended up getting
> > the ipv6 address blocked in spamhaus's SBL listing, and thus a lot of
> > email has been blocked. IPv4, seems ok, but for all I know
> > whatever's triggering it only triggers when ipv6 is used. So I've
> > given up on ipv6 and switched it over to ipv4 only.
>
> I'm sorry to hear that.  can we still send to you on v6?
>
> Spamhaus is useless.  Discourage it as widely as you can. They seem to
> be on autopilot.
> I have blackholed a few IPv6 for destinations that I can't live without,
> and I've pushed ietf.org to whitelist me in to avoid their spamhaus
> dependancy.    The major problem is that the SBL listing uses a bunch of
> other listings which nobody maintains and which have some bogus rules.
> Like that SLAAC addresses as instantly suspicious.

I would just like to thank everyone that helped. Notably john levine
pointed me at:

https://www.spamhaus.org/faq/section/Spamhaus%20CSS#426

Which said that linode, specifically, has had a tendency to gain a bad
reputation in the
default /64 block, and that you should request a whole /64 so you
don't get caught
by collateral damage. So I just did that and hopefully will turn ipv6
back on later today.

...

(I have a tendency to do "IT stuff" in the wintertime, so, thinking
aloud, appreciating the help, and apologetic about the noise)

That said, well, I do kind of wish there was a way to get email
directly "home", like in the good ole days. I have a business class
static ipv4/29 from comcast, and have been thinking of finally
upgrading a few modems
to docsis 3.1 over the winter (any recomendations?), but sorting it
all out, oy. For example that ipv4/29 is only usuable on that local
"wire" and the actual IT area is 5 hops in, and port forwarding port
25,
not huge on. Similarly, perhaps I could get (overly) happy about
trying to use ipv6 as my default mx exchanger but I think that's out
of spec.

In particular, finding a modem that will somehow delegate more than a
/60 would be nice. (a /56 is allocated but I've not managed to get the
netgears I have to use it) I'm out of subnets. Maybe if I'm
getting static business class ipv6 now I could use more.

The vast majority of my campus traffic is ipv6 nowadays. It's kind of
amazing, actually. One of my fws is about 75% ipv6.

(my life is made more complicated by the fact that I have 5 comcast
links spread around campus, and use babel with SADR to manage the ipv6
connectivity,
 on a lot of unnumbered routers inbetween - and of course, run cake on
the openwrt firewalls in front of them)

IETF homenet has put out a spec for dns prefix delegation that I don't
think went anywhere, it looks like calling comcast is the only way to
get reverse dns setup, still.

>
> _______________________________________________
> Bloat mailing list
> Bloat@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/bloat



-- 

Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740

Re: [Bloat] ipv6 now disabled for lists.bufferbloat.net

[Michael Richardson]

[-- Attachment #1: Type: text/plain, Size: 321 bytes --]



On 2019-11-10 1:38 p.m., Dave Taht wrote
> IETF homenet has put out a spec for dns prefix delegation that I don't
> think went anywhere, it looks like calling comcast is the only way to
> get reverse dns setup, still.

It is still in progress, but whether or not Comcast will deploy is yet
another question.


[-- Attachment #2: pEpkey.asc --]
[-- Type: application/pgp-keys, Size: 2501 bytes --]

[Bloat] test: ipv6 re-enabled for lists.bufferbloat.net

[Dave Taht]

this is a test. I moved this server over to a fresh /64.

If you normally got this via ipv6 before, you should
be getting it now. 

Otherwise, please ignore.

Re: [Bloat] test: ipv6 re-enabled for lists.bufferbloat.net

[Dave Taht]

Test 2 - sorry for the noise.

Dave Taht <dave@taht.net> writes:

> this is a test. I moved this server over to a fresh /64.
>
> If you normally got this via ipv6 before, you should
> be getting it now. 
>
> Otherwise, please ignore.
> _______________________________________________
> Bloat mailing list
> Bloat@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/bloat

Re: [Bloat] test: ipv6 re-enabled for lists.bufferbloat.net

[Dave Taht]

Last test. And then hopefully I can forget about this a while.

Re: [Bloat] test: ipv6 re-enabled for lists.bufferbloat.net

[James Cloos]

So which film/tv bot is lists's :f00f:f00f:b33b:b33b based on?

(My suspicions are one of the SW bots or BR's.)

-JimC
-- 
James Cloos <cloos@jhcloos.com>         OpenPGP: 0x997A9F17ED7DAEA6