[ipv6hackers] my IPv6 insecurity slides
Fabian Wenk
fabian at wenks.ch
Fri Dec 2 10:17:17 CET 2011
Hello Owen
On 01.12.2011 02:48, Owen DeLong wrote:
> On Nov 30, 2011, at 4:54 PM, Fabian Wenk<fabian at wenks.ch> wrote:
>> For my own mail server I have 3 MX entries (all pointing to
>> the same physical server), the one with the lowest priority
>> has both IPv4 and IPv6 entries, the middle with only an IPv4
>> entry and the highest with only IPv6 entry (to fool spam
>> bots which are on IPv4 only). I think that such an setup
>> could have helped on the receiving side, so that my server
>> would have tried on a different MX (with only IPv4) to send
>> the mail.
>
> What's the point of the third one?
As I already have answered Owen in private e-mails with all the
other stuff, I post here only my answer about the MX stuff, which
I wrote the wrong way around above:
Ok, now I see the mistake I did. With the "lowest" I did mean the
lowest MX (eg. MX 10, which has the highest priority) and with
the "highest" the highest MX (eg. MX 30, which has the lowest
priority).
It is like this:
MX 10 IPv4 + IPv6 (the one preferred)
MX 20 IPv4
MX 30 IPv6 (to also fool spam bots)
Hopefully this is something which could help other mail admins
when creating the MX entries in a dual-stacked setups.
bye
Fabian
More information about the Ipv6hackers
mailing list