Ted Mittelstaedt <t...@ipinc.net> writes: > For unrelated reasons I had to turn off IPv6 on my incoming mailserver. > > Spam plummeted. Like by 80% at least. Both uncaught and caught spam did. > > When IPv6 was on, the mailserver had all PTR and AAAA and MX records to > allow it to receive incoming mail via IPv6. > > Something about this seems really wrong. Any suggestions of where to > start digging?
Something indeed seems fishy. I look at uncaught spam to see what I
should tweak on a routine basis, and my impression has been that it's
overwhelmingly either places like gmail (which tend to be delivered over
v6 but would of course come v4 if you don't have v6), or v4. So being
v4 only and getting 20% of the spam you used to get just doesn't make
sense.
When you "turned off" IPv6, did you change DNS so that doing MX/A/AAAA
no longer returned an AAAA record?
Did you notice a reduction in legit mail and an associated increase in
complaints?
When you looked at incoming spam from the time when you had the normal
v4/v6 setup, did you find that most spam arrived over IPv6?
I looked over my own logs. In the log interval I examined there are
spam counts:
329 MTA rejects (which I count as 100% spam)
139 filed as spam by the normal SA standards (>=5)
26 filed as marginal (>=1 < 5)
13 filed as ham (<1)
I'm not examining things misfiled as spam that I refiled into ham
folders. I also skipped about 13 spams misfiled as ham, but on a quick
scan they fit the same pattern.
Looking at the 329 MTA rejects (because that was easiest):
309 IPv4
20 IPv6
and of the IPv6:
4 gmail
13 a mailinglist/forwarding host (lists I'm on -- they don't filter
well enough)
2 my own v6 address - need to look into this, but pretty sure it
is external spam logged oddly
1 a v6 address with no rDNS that is probably some compromised
server that happens to have v6 set up. As far as I can tell
it is some company in .au.
Looking over the 139 >=5 spams, it's mostly v4, and of the v6, once I
exclude google and the same mailinglist, there is only1 v6 address, this
time a random company in .es.
So for me, spam over v6 is very rare, except for mailinglists without
adequately strict filtering and google (which we all know doesn't do a
good enough job of outgoing filtering, but that's not about v6).
Thus, I don't know what to make of your experience; something about it
must be very different and understanding that is likely interesting.
signature.asc
Description: PGP signature
