Hi, On Wed, Feb 19, 2014 at 02:45:33PM +1000, Noel Butler wrote: > We block only by IP from whatever spam source is used (4, or 6), and > rbldnsd handles ipv6 nicely (albeit in /64's - fair enough too, since > most end users get that, typically), so your MTA's query would get a > response from your DNSBL if it has an entry.
Blocking by /64 by default is likely to get collateral damage. Enough people do shared subnets with multiple customers in the same /64 - while I won't recommend it, it is *done*, and blocking the whole /64 because you have seen SPAM from a single IP out of it is hurting the wrong people. And yes, I've seen that in the wild, Ironport reputation for a very well-behaved machine going down the drain because of "bad neighbourhood". Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279