From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <toke@toke.dk>
Received: from mail2.tohojo.dk (mail2.tohojo.dk [77.235.48.147])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by lists.bufferbloat.net (Postfix) with ESMTPS id E4BD73B2D0
 for <cerowrt-devel@lists.bufferbloat.net>;
 Mon, 15 Feb 2016 16:13:17 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail2.tohojo.dk
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=toke.dk; s=201310;
 t=1455570795; bh=f0YMf90EUEM4kcicq0IvyDzdTv1hACbg7F8CucDP+FI=;
 h=From:To:Cc:Subject:References:Date:In-Reply-To;
 b=VOwcR9NRaI/q0cpKal/0r0oKeeJx49QtUSKuz2GK1UBbJxKMJNCRi16/NqYqbEEeL
 k/pdKh+PhWWNslN1i+2hLcmw1IBZ459hov1INlwpP1sdn0SDlnSDDTA5OG8nVQa8ag
 L0pEktmPZWNnwtIGO05FDUGKuSjwQTrw+ISaVmF8=
Sender: toke@toke.dk
Received: by alrua-karlstad.karlstad.toke.dk (Postfix, from userid 1000)
 id 45524609B19; Mon, 15 Feb 2016 22:13:14 +0100 (CET)
From: =?utf-8?Q?Toke_H=C3=B8iland-J=C3=B8rgensen?= <toke@toke.dk>
To: Dave =?utf-8?Q?T=C3=A4ht?= <dave@taht.net>
Cc: cerowrt-devel@lists.bufferbloat.net
References: <56C22402.3080506@taht.net>
Date: Mon, 15 Feb 2016 22:13:14 +0100
In-Reply-To: <56C22402.3080506@taht.net> ("Dave =?utf-8?Q?T=C3=A4ht=22's?=
 message of "Mon, 15 Feb 2016 11:16:18 -0800")
X-Clacks-Overhead: GNU Terry Pratchett
Message-ID: <877fi5he39.fsf@toke.dk>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Cerowrt-devel] in the post-cisa world
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
 <cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
 <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
 <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Mon, 15 Feb 2016 21:13:18 -0000

Dave T=C3=A4ht <dave@taht.net> writes:

> Even then, though, barrier #2 - the prospect of being a drive-by spam
> target - bothers me, so having a box in the cloud that can
> "turnaround" and rate limit stuff from port 25 there to my vpn here
> seemed ideal... except that good anti-spam requires that there be a
> reverse lookup on the origin ip and spf record that you lose that way,
> before you can get as far as starttls.

Use the cloud server as a NAT box, forwarding through the VPN? If you do
this in both directions (i.e. outgoing traffic will seem to come from
the cloud IP), you can get the reverse lookup while still having the
actual TLS connection terminate in the house? That was my plan... Will
get around to implementing it one of these days...

-Toke