[6bone] RBLcheckd (was Re: Nothing is sacred...)

Todd T. Fries todd@fries.net
Tue, 5 Aug 2003 14:01:04 -0500 

I'm not sure I follow your question "How do we handle RBL's in a dual
stack environment" .. the `table' of addresses to block gets loaded into
pf on my machine, and it includes both IPv4 and IPv6 addresses.  I simply
'rdr' (redirect) an IPv4 connection with a matching source address to
spamd in the same way that I redirect an IPv6 connection with a matching
source address.

relaydb handles both IPv4 and IPv6 addresses in headers.

I'm already handling this on a multistack machine.  It handles quite
seamlessly.

Please explain your question.
-- 
Todd Fries .. todd@fries.net


Free Daemon Consulting, LLC                    Land: 405-748-4596
http://FreeDaemonConsulting.com              Mobile: 405-203-6124
"..in support of free software solutions."

Key fingerprint: 37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
            Key: http://todd.fries.net/pgp.txt

(last updated 2003/03/13 07:14:10)

Penned by Tim Chown on Tue, Aug 05, 2003 at 07:55:30PM +0100, we have:
| We've developed MailScanner here (www.mailscanner.info).  It's very
| popular, and allows SpamAssassin and other tools to be bolted in.
| 
| The question is how best to handle RBLs/etc in a dual-stack environment.
| 
| We'll have a think - proxying seems appropriate.
| 
| Tim
| 
| On Tue, Aug 05, 2003 at 12:54:44PM -0500, Todd T. Fries wrote:
| > Everyone has a different peg and a different shaped hole to fit it when it
| > comes to MTA's and anti spam solutions.
| > 
| > Here's mine:
| > 	
| > 	http://FreeDaemonConsulting/tech/spam.php
| > 
| > In short, relaydb gets fed headers (being told this is a good message or spam)
| > and ends up with a list of good and bad relays.
| > 
| > More info about relaydb is available at:
| > 
| > 	http://www.benzedrine.cx/relaydb.html
| > 
| > Feed this to the list fed into 'spamd(8)' on OpenBSD and you can block
| > addresses via pf.
| > 
| > I've a local diff set to update, but those interested I'll mail you with it
| > to enable 'spamd' in OpenBSD to deal with IPv6.
| > 
| > More info about spamd is available at:
| > 
| > 	http://www.openbsd.org/cgi-bin/man.cgi?query=spamd
| > 
| > While I applaud any efforts to develop a list of IPv6 known spam hosts and/or
| > networks, I would want the ability to over-ride any settings as pertained to
| > my local settings.  So long as there exists an automated way to retrieve any
| > such lists, I can format them appropriately locally, and use spamd to block
| > them.
| > 
| > For anyone who wishes to get a demonstration of spamd in action, feel free to
| > telnet to 66.210.106.28 port 25.  It's not one of my mx hosts, therefore it
| > gets redirected to spamd automagically ;-)
| > 
| > Thanks,
| > -- 
| > Todd Fries .. todd@fries.net
| > 
| > 
| > Free Daemon Consulting, LLC                    Land: 405-748-4596
| > http://FreeDaemonConsulting.com              Mobile: 405-203-6124
| > "..in support of free software solutions."
| > 
| > Key fingerprint: 37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
| >             Key: http://todd.fries.net/pgp.txt
| > 
| > (last updated 2003/03/13 07:14:10)
| > 
| > Penned by Pim van Pelt on Tue, Aug 05, 2003 at 06:50:05PM +0200, we have:
| > | Hi Greg, John, Cory, Dean, others,
| > | 
| > | Greg wrote:
| > | | I can't speak for anyone else, but I would definitely be interested in it.
| > | | I use postfix as my MTA, and didn't see you mention it, but I suspect that
| > | | it would probably be fairly easy to integrate.
| > | 
| > | Sabri has opened a sourceforge project (it was approved swiftly) and we're 
| > | now organizing things in that environment. I had some feedback from Dean
| > | Strik who maintains the unofficial (or?) IPv6 patches to postfix. He
| > | promised to look into patching the rbl client into that MTA. We already
| > | have a working patch for Qmail and a Sendmail milter program, as I said. 
| > | They'll be packaged and delivered seperately in a seperate tarball/CVS 
| > | module.
| > | 
| > | I'm highly enthusiastic wrt the amount of positive feedback I received
| > | on this! It definately motivates Sabri and me to push things further :-)
| > | 
| > | Let me gete back to you on the status at end of this week/somewhere next 
| > | week.
| > | 
| > | Thanks and groet,
| > | Pim
| > | -- 
| > | ---------- - -    - - -+- - -    - - ----------
| > | Pim van Pelt                 Email: pim@ipng.nl
| > | http://www.ipng.nl/             IPv6 Deployment
| > | -----------------------------------------------
| > | _______________________________________________
| > | 6bone mailing list
| > | 6bone@mailman.isi.edu
| > | http://mailman.isi.edu/mailman/listinfo/6bone
| > _______________________________________________
| > 6bone mailing list
| > 6bone@mailman.isi.edu
| > http://mailman.isi.edu/mailman/listinfo/6bone
| _______________________________________________
| 6bone mailing list
| 6bone@mailman.isi.edu
| http://mailman.isi.edu/mailman/listinfo/6bone