Hi All,

I have created an patch against the current policyd-weight
version(0.1.14 beta-17). This patch adds support for IPv6 Helo and RBL
checks. This code is not very nice, but it seems to work :)

I have modified the default configuration to query the IPv6 Beta RBL at
http://ipv6rbl.ipv6-world.net/.

Greets,
        Jonas
--- policyd-weight.orig	2008-09-22 20:33:22.000000000 +0200
+++ policyd-weight	2008-09-22 20:33:21.000000000 +0200
@@ -68,6 +68,7 @@ use Fcntl;
 use File::Spec;
 use Sys::Syslog qw(:DEFAULT setlogsock);
 use Net::DNS;
+use Net::IP;
 use Net::DNS::Packet qw(dn_expand);
 use IO::Socket::INET;
 use IO::Socket::UNIX;
@@ -375,7 +376,8 @@ my @dnsbl_score = (
     'bl.spamcop.net',         3.75,       -1.5,        'SPAMCOP',
     'dnsbl.njabl.org',        4.25,       -1.5,        'BL_NJABL',
     'list.dsbl.org',          4.35,          0,        'DSBL_ORG',
-    'ix.dnsbl.manitu.net',    4.35,          0,        'IX_MANITU'
+    'ix.dnsbl.manitu.net',    4.35,          0,        'IX_MANITU',
+    'rbl.ipv6-world.net',    10.05,          0,        'IPv6_RBL'
 );
 
 my $MAXDNSBLHITS  = 2;  # If Client IP is listed in MORE
@@ -1736,13 +1738,14 @@ sub weighted_check
     local %_        = @_;
     my %attr        = %{ $_{attr} };
     my $ip          = $attr{client_address};
+    $ip = Net::IP::ip_expand_address($ip,6) if Net::IP::ip_is_ipv6($ip);
     my $cl_hostname = $attr{client_name};
 
     my $cansw;
 
     if(index($ip,":") != -1)
     { 
-        return ('DUNNO IPv6');               # we have no IPv6 support for now
+        #return ('DUNNO IPv6');               # we have no IPv6 support for now
     }
 
     my $client_name = $attr{client_name}              || '';
@@ -1809,10 +1812,22 @@ sub weighted_check
 
 ## startup checks and preparing ###############################################
 
-    my ($ipp1, $ipp2, $ipp3, $ipp4) = split(/\./, $ip);
-    my $revip       = $ipp4.'.'.$ipp3.'.'.$ipp2.'.'.$ipp1;
-    my $subip16     = $ipp1.'.'.$ipp2.'.';
-    my $subip       = $subip16.$ipp3.'.';
+    my ($revip, $subip16, $subip);
+    if (Net::IP::ip_is_ipv4($ip)) 
+    {
+    	my ($ipp1, $ipp2, $ipp3, $ipp4) = split(/\./, $ip);
+	$revip       = $ipp4.'.'.$ipp3.'.'.$ipp2.'.'.$ipp1;
+	$subip16     = $ipp1.'.'.$ipp2.'.';
+	$subip       = $subip16.$ipp3.'.';
+    }
+    else {
+    	$ip          = Net::IP::ip_expand_address($ip,6);
+	$revip       = Net::IP::ip_reverse($ip);
+	$revip       =~s/\.ip6.arpa\.$//;
+	$subip16     = substr($ip,0,15);
+	$subip       = substr($ip,0,20);
+    }
+   
 
     my $rate                    = 0;
     my $total_dnsbl_score;               # this var holds only positive scores!
@@ -2048,8 +2063,9 @@ sub weighted_check
                 {
                     if($rr->type eq 'MX')
                     {
-                        
-                        my $mxres  = $res->send($rr->exchange);
+                        for my $query_type ('A','AAAA') {
+
+                        my $mxres  = $res->send($rr->exchange , $query_type);
 
                         if(dns_error(\$mxres, \$res))
                         {
@@ -2062,7 +2078,10 @@ sub weighted_check
                         }
                         foreach my $mxvar ($mxres->answer)
                         {
-                            next if $mxvar->type ne 'A';
+                            next if ($mxvar->type ne 'A' && $mxvar->type ne 'AAAA');
+			    my $ip_address = $mxvar->address;
+			    $ip_address = Net::IP::ip_expand_address($mxvar->address,6) 
+			    		if Net::IP::ip_is_ipv6($mxvar->address);
                             
                             # store sender MX hostname entries for comparission 
                             # with HELO argument
@@ -2073,12 +2092,12 @@ sub weighted_check
                             
                             if($tmpcnt == 0)
                             {
-                                $from_addresses .= ' '.$mxvar->address;
+                                $from_addresses .= ' '.$ip_address;
                             }
 
-                            $addresses .= ' '.$mxvar->address;
+                            $addresses .= ' '.$ip_address;
 
-                            if ($ip eq $mxvar->address)
+                            if ($ip eq $ip_address)
                             {
                                 $RET    .= ' CL_IP_EQ_'.$MATCH_TYPE.'_MX=' .
                                            $helo_from_mx_eq_ip_score[1];
@@ -2090,7 +2109,10 @@ sub weighted_check
                                 $rate   += $helo_from_mx_eq_ip_score[1];
                                 last;
                             }
+			    undef $ip_address;
                         }
+
+			}  #Ipv4/IPv6
                     }
                     last if $found;
                 }
@@ -2113,7 +2135,9 @@ sub weighted_check
                 if(!($found))
                 {
                     
-                    my $query = $res->send($testhelo, 'A');
+		    for my $query_type ('A','AAAA') {
+
+                    my $query = $res->send($testhelo,$query_type);  
                     if(dns_error(\$query, \$res))
                     {
                         if($maxdnserr-- <= 1)
@@ -2137,14 +2161,16 @@ sub weighted_check
                                 $helo_untrusted_ok = 1;
                             }
                         }
-                        if(($addr->type ne 'A')){ next; }
+                        if(($addr->type ne 'A' && $addr->type ne 'AAAA')){ next; }
+			my $ip_address = $addr->address;
+			$ip_address= Net::IP::ip_expand_address($addr->address,6) if Net::IP::ip_is_ipv6($addr->address);
                         if($tmpcnt == 0)
                         {
-                            $from_addresses .= ' '.$addr->address;
+                            $from_addresses .= ' '.$ip_address;
                         }
 
-                        $addresses .= ' '.$addr->address;
-                        if ($ip eq $addr->address)
+                        $addresses .= ' '.$ip_address;
+                        if ($ip eq $ip_address)
                         {
                             $found    = 1;
                             $helo_ok  = 1;
@@ -2159,7 +2185,9 @@ sub weighted_check
                             }
                             last;
                         }
+			undef $ip_address;
                     }
+		    } #IPv4/IPv6
                 }
 
                 if($bad_mx && (!($bad_mx_scored)))

Reply via email to