[Bug 6519] New: RBL lookups for IPv6 addresses

[bugzilla-daemon]

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6519

           Summary: RBL lookups for IPv6 addresses
           Product: Spamassassin
           Version: SVN Trunk (Latest Devel Version)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Plugins
        AssignedTo: dev@spamassassin.apache.org
        ReportedBy: mark.marti...@ijs.si


We have a bit of a "chicken or the egg" problem with DNS black/white-lists
and IPv6 addresses: SpamAssassin does not query them because most of RBL
lists presently do not yet enlist IPv6 addresses, and RBL operators do not
start listing them because nobody queries for them (and spam originating
from IPv6 hosts is still low).

Then there is an apparent problem of choosing a format for queries.
Luckily that is no longer the case since February 2010 when RFC 5782
was published: "DNS Blacklists and Whitelists".

Section 2.4 of RFC 5782 states:

2.4.  IPv6 DNSxLs

   The structure of DNSxLs based on IPv6 addresses is adapted from that
   of the IP6.ARPA domain defined in [RFC3596].  Each entry's name MUST
   be a 32-component hex nibble-reversed IPv6 address suffixed by the
   DNSxL domain.  The entries contain A and TXT records, interpreted the
   same way as they are in IPv4 DNSxLs.

   For example, to represent the address:

     2001:db8:1:2:3:4:567:89ab

   in the DNSxL ugly.example.com, the entry might be:

     b.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.8.b.d.0.1.0.0.2.
                  ugly.example.com. A 127.0.0.2
                                    TXT "Spam received."

   Combined IPv6 sublist DNSxLs are represented the same way as IPv4
   DNSxLs, replacing the four octets of IPv4 address with the 32 nibbles
   of IPv6 address.

   A single DNSxL could in principle contain both IPv4 and IPv6
   addresses, since the different lengths prevent any ambiguity.  If a
   DNSxL is represented using traditional zone files and wildcards,
   there is no way to specify the length of the name that a wildcard
   matches, so wildcard names would indeed be ambiguous for DNSxLs
   served in that fashion.


So, we have a format, and we know there is no conflict between the two
forms, so there is no reason not to start querying DNS RBLs for IPv6
addresses of incoming mail.

The attached patch is quite straightforward, I see no reason not to
start using it right away. If need be, we can adapt to whatever
common best practices emerge what or RBL list idiosyncrasies pop up.

-- 
Configure bugmail: 
https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.