pilot error? or idiots at microsoft?

Michael Orlitzky michael at orlitzky.com
Wed Aug 10 17:02:29 CEST 2011


On 08/10/11 10:48, Michael Scheidell wrote:
> On 8/10/11 10:33 AM, Michael Orlitzky wrote:
>> On 08/10/11 10:26, Michael Scheidell wrote:
>>> so, what brain decided it would be ok to use 169.* addresses for their
>>> internal ip's?
>>>
>>> was it microsoft? (var says that ms uses these for their internal
>>> clustering ip's for clustered exchange servers
>> http://en.wikipedia.org/wiki/Link-local_address
>>
> I am moving more to assume ms are idiots.  this seems to be the default
> config for exchange clusters.
> 
> So, we open a bugzilla and put 169.254* addresses into 'local_networks'
> by default? like rfc1918?
> it the example, sa sees the internal (trusted) 172* ip, and sees 'first
> untrusted' (the 169* address!)
> spf fails, rbls are consulted. all could be avoided if ms actually
> followed RFC's

I'm not sure what else you've got going on here (Where is amavis? Who's
doing SPF checks?) but yeah, 169.254.0.0/16 should be considered local.

I think it's a fine default for Exchange, though. Having it be
unreachable by default means that someone who knows what he's doing has
to go in and make it accessible from other networks. It's a huge
improvement from listening on 0.0.0.0/0 with submission/relay open to
everyone.


More information about the amavis-users mailing list