[6bone] Nothing is sacred...

[Rik van Riel]

On Fri, 1 Aug 2003, John Klos wrote:

> > I fixed IPv6 SMTP yesterday, only to discover the wonderful droppings of
> > a spammer with the audacity to operate over IPv6!
>
> IPv6 open relay? We all knew it was a matter of time before we started
> seeing SPAM on IPv6...

OK, time to start enhancing spamikaze to have ipv6 functionality ;)
http://spamikaze.nl.linux.org/ has the source and some basic info.

Unfortunately we have a problem.  Different MTAs do their ipv6
DNSBL queries differently.

Lets take the address 2001:4321::1 as an example, since it doesn't
seem to exist and it's really short when typed forwards.

Exim would query:

1.(many zeros).1.2.3.4.1.0.0.2.dnsbl.example.org

Zmailer would query:

1.(many zeros).1.2.3.4.1.0.0.2.ip6.dnsbl.example.org

I have no idea what the other MTAs would query.  I think we
should standardise on one way to do lookups, so the ipv6
DNSBLs would actually work...

Personally I prefer the zmailer version, since it allows one
dnsbl setting in the MTA configuration to catch both ipv4 and
ipv6 dnsbl content without any ambiguity.  Yes, I know 2.0.0.0/8
is currently reserved, but I'm not comfortable relying on that.

Also, we should have a dnsbl test address like the ipv4 dnsbls
have;  for ipv4 this is 127.0.0.2:

$ host -t any 2.0.0.127.psbl.surriel.com
2.0.0.127.psbl.surriel.com has address 127.0.0.2
2.0.0.127.psbl.surriel.com text "psbl.surriel.com test entry"
$ host -t any 2.0.0.127.list.dsbl.org
2.0.0.127.list.dsbl.org text "http://dsbl.org/listing?ip=127.0.0.2"
2.0.0.127.list.dsbl.org has address 127.0.0.2

What would be a suitable test address for ipv6 ?

kind regards,

Rik
-- 
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan