[rbldnsd] IPv6 RBL's

Michael Tokarev mjt at corpit.ru
Mon Sep 24 13:13:37 MSD 2007 

Amos Jeffries wrote:
> I've left this on the back burner for a while, but am now starting to
> receive steady amounts of IPv6 emails. What I have seen of the current
> IPv6+SMTP arrangements show almost no postmaster-level changes from IPv4.
> Just a new set of addresses in the Received: .
> 
> That, added to the well-known comcast factor: spam-happy customers +
> pending migration to IPv6. Call me paranoid, but it leads me to believe we
> are going to need IPv6-capable RBL before too much longer.

Well... I don't thing so, because if "us" includes "me" as well, --
I don't have IPv6 connectivity... ;)

Seriously, yes - this question has been asked several times already
in the past, with various argumentation, and yes, people with IPv6
connectivity refers to spam they're receiving over IPv6 (not much
of it for obvious reasons but still).

> Last I heard rbldnsd ran on IPv6 ports, but could not store rDNS
> addresses. If this has changed could someone point me in the right
> direction.

Yes that's correct - it can run on IPv6 but can't store IPv6 addresses.

> Otherwise I have some concepts for list types/methods and would like to
> discuss them here if others are interested.

Yes it'd be great.  I was thinking about how to store IPv6 addresses
more-or-less effectively, but can't come with a good solution so far.
Only something like ip6trie (from ip4trie) comes to mind, but with
alot of complexity.  Storing whole IPv6 addresses (all 128 bits) like
ip4set or even ip4tset does is too ineffecient - from both memory and
processing time perspective, something better is needed.  Unless we
declare that we require several 100s gigs of RAM ;)  Or it all will
be stored on disk instead of in memory (but even with that, mmap()
is problematic too for large files).

Another question is how to interpret queries coming to an IPv6
DNSBL.  The thing is that this feature has already been implemented
in several MTAs (Exim comes to mind at least), but differently.
Some are querying for
  f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.0.dnsbl.example
some for
  f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.0.ipv6.dnsbl.example
some combines nibbles like
  cdef.89ab.4567.0123.dnsbl.example
and so on.

This is from rbldnsd query logs of current public (IP4-only!)
DNSBLs I'm operating.

Thanks.

/mjt

P.S.  If you want to participate in this discussion, you'd
better subscribe to the mailinglist... ;)  It was just a
tiny lucky chance that I noticied your email in a long row
of spam this list receives (it's now subscribers-only due
to this).

More information about the rbldnsd mailing list