Hi All, I have created an patch against the current policyd-weight version(0.1.14 beta-17). This patch adds support for IPv6 Helo and RBL checks. This code is not very nice, but it seems to work :)
I have modified the default configuration to query the IPv6 Beta RBL at http://ipv6rbl.ipv6-world.net/. Greets, Jonas
--- policyd-weight.orig 2008-09-22 20:33:22.000000000 +0200 +++ policyd-weight 2008-09-22 20:33:21.000000000 +0200 @@ -68,6 +68,7 @@ use Fcntl; use File::Spec; use Sys::Syslog qw(:DEFAULT setlogsock); use Net::DNS; +use Net::IP; use Net::DNS::Packet qw(dn_expand); use IO::Socket::INET; use IO::Socket::UNIX; @@ -375,7 +376,8 @@ my @dnsbl_score = ( 'bl.spamcop.net', 3.75, -1.5, 'SPAMCOP', 'dnsbl.njabl.org', 4.25, -1.5, 'BL_NJABL', 'list.dsbl.org', 4.35, 0, 'DSBL_ORG', - 'ix.dnsbl.manitu.net', 4.35, 0, 'IX_MANITU' + 'ix.dnsbl.manitu.net', 4.35, 0, 'IX_MANITU', + 'rbl.ipv6-world.net', 10.05, 0, 'IPv6_RBL' ); my $MAXDNSBLHITS = 2; # If Client IP is listed in MORE @@ -1736,13 +1738,14 @@ sub weighted_check local %_ = @_; my %attr = %{ $_{attr} }; my $ip = $attr{client_address}; + $ip = Net::IP::ip_expand_address($ip,6) if Net::IP::ip_is_ipv6($ip); my $cl_hostname = $attr{client_name}; my $cansw; if(index($ip,":") != -1) { - return ('DUNNO IPv6'); # we have no IPv6 support for now + #return ('DUNNO IPv6'); # we have no IPv6 support for now } my $client_name = $attr{client_name} || ''; @@ -1809,10 +1812,22 @@ sub weighted_check ## startup checks and preparing ############################################### - my ($ipp1, $ipp2, $ipp3, $ipp4) = split(/\./, $ip); - my $revip = $ipp4.'.'.$ipp3.'.'.$ipp2.'.'.$ipp1; - my $subip16 = $ipp1.'.'.$ipp2.'.'; - my $subip = $subip16.$ipp3.'.'; + my ($revip, $subip16, $subip); + if (Net::IP::ip_is_ipv4($ip)) + { + my ($ipp1, $ipp2, $ipp3, $ipp4) = split(/\./, $ip); + $revip = $ipp4.'.'.$ipp3.'.'.$ipp2.'.'.$ipp1; + $subip16 = $ipp1.'.'.$ipp2.'.'; + $subip = $subip16.$ipp3.'.'; + } + else { + $ip = Net::IP::ip_expand_address($ip,6); + $revip = Net::IP::ip_reverse($ip); + $revip =~s/\.ip6.arpa\.$//; + $subip16 = substr($ip,0,15); + $subip = substr($ip,0,20); + } + my $rate = 0; my $total_dnsbl_score; # this var holds only positive scores! @@ -2048,8 +2063,9 @@ sub weighted_check { if($rr->type eq 'MX') { - - my $mxres = $res->send($rr->exchange); + for my $query_type ('A','AAAA') { + + my $mxres = $res->send($rr->exchange , $query_type); if(dns_error(\$mxres, \$res)) { @@ -2062,7 +2078,10 @@ sub weighted_check } foreach my $mxvar ($mxres->answer) { - next if $mxvar->type ne 'A'; + next if ($mxvar->type ne 'A' && $mxvar->type ne 'AAAA'); + my $ip_address = $mxvar->address; + $ip_address = Net::IP::ip_expand_address($mxvar->address,6) + if Net::IP::ip_is_ipv6($mxvar->address); # store sender MX hostname entries for comparission # with HELO argument @@ -2073,12 +2092,12 @@ sub weighted_check if($tmpcnt == 0) { - $from_addresses .= ' '.$mxvar->address; + $from_addresses .= ' '.$ip_address; } - $addresses .= ' '.$mxvar->address; + $addresses .= ' '.$ip_address; - if ($ip eq $mxvar->address) + if ($ip eq $ip_address) { $RET .= ' CL_IP_EQ_'.$MATCH_TYPE.'_MX=' . $helo_from_mx_eq_ip_score[1]; @@ -2090,7 +2109,10 @@ sub weighted_check $rate += $helo_from_mx_eq_ip_score[1]; last; } + undef $ip_address; } + + } #Ipv4/IPv6 } last if $found; } @@ -2113,7 +2135,9 @@ sub weighted_check if(!($found)) { - my $query = $res->send($testhelo, 'A'); + for my $query_type ('A','AAAA') { + + my $query = $res->send($testhelo,$query_type); if(dns_error(\$query, \$res)) { if($maxdnserr-- <= 1) @@ -2137,14 +2161,16 @@ sub weighted_check $helo_untrusted_ok = 1; } } - if(($addr->type ne 'A')){ next; } + if(($addr->type ne 'A' && $addr->type ne 'AAAA')){ next; } + my $ip_address = $addr->address; + $ip_address= Net::IP::ip_expand_address($addr->address,6) if Net::IP::ip_is_ipv6($addr->address); if($tmpcnt == 0) { - $from_addresses .= ' '.$addr->address; + $from_addresses .= ' '.$ip_address; } - $addresses .= ' '.$addr->address; - if ($ip eq $addr->address) + $addresses .= ' '.$ip_address; + if ($ip eq $ip_address) { $found = 1; $helo_ok = 1; @@ -2159,7 +2185,9 @@ sub weighted_check } last; } + undef $ip_address; } + } #IPv4/IPv6 } if($bad_mx && (!($bad_mx_scored)))