Hi All,
I have created an patch against the current policyd-weight
version(0.1.14 beta-17). This patch adds support for IPv6 Helo and RBL
checks. This code is not very nice, but it seems to work :)
I have modified the default configuration to query the IPv6 Beta RBL at
http://ipv6rbl.ipv6-world.net/.
Greets,
Jonas
--- policyd-weight.orig 2008-09-22 20:33:22.000000000 +0200
+++ policyd-weight 2008-09-22 20:33:21.000000000 +0200
@@ -68,6 +68,7 @@ use Fcntl;
use File::Spec;
use Sys::Syslog qw(:DEFAULT setlogsock);
use Net::DNS;
+use Net::IP;
use Net::DNS::Packet qw(dn_expand);
use IO::Socket::INET;
use IO::Socket::UNIX;
@@ -375,7 +376,8 @@ my @dnsbl_score = (
'bl.spamcop.net', 3.75, -1.5, 'SPAMCOP',
'dnsbl.njabl.org', 4.25, -1.5, 'BL_NJABL',
'list.dsbl.org', 4.35, 0, 'DSBL_ORG',
- 'ix.dnsbl.manitu.net', 4.35, 0, 'IX_MANITU'
+ 'ix.dnsbl.manitu.net', 4.35, 0, 'IX_MANITU',
+ 'rbl.ipv6-world.net', 10.05, 0, 'IPv6_RBL'
);
my $MAXDNSBLHITS = 2; # If Client IP is listed in MORE
@@ -1736,13 +1738,14 @@ sub weighted_check
local %_ = @_;
my %attr = %{ $_{attr} };
my $ip = $attr{client_address};
+ $ip = Net::IP::ip_expand_address($ip,6) if Net::IP::ip_is_ipv6($ip);
my $cl_hostname = $attr{client_name};
my $cansw;
if(index($ip,":") != -1)
{
- return ('DUNNO IPv6'); # we have no IPv6 support for now
+ #return ('DUNNO IPv6'); # we have no IPv6 support for now
}
my $client_name = $attr{client_name} || '';
@@ -1809,10 +1812,22 @@ sub weighted_check
## startup checks and preparing ###############################################
- my ($ipp1, $ipp2, $ipp3, $ipp4) = split(/\./, $ip);
- my $revip = $ipp4.'.'.$ipp3.'.'.$ipp2.'.'.$ipp1;
- my $subip16 = $ipp1.'.'.$ipp2.'.';
- my $subip = $subip16.$ipp3.'.';
+ my ($revip, $subip16, $subip);
+ if (Net::IP::ip_is_ipv4($ip))
+ {
+ my ($ipp1, $ipp2, $ipp3, $ipp4) = split(/\./, $ip);
+ $revip = $ipp4.'.'.$ipp3.'.'.$ipp2.'.'.$ipp1;
+ $subip16 = $ipp1.'.'.$ipp2.'.';
+ $subip = $subip16.$ipp3.'.';
+ }
+ else {
+ $ip = Net::IP::ip_expand_address($ip,6);
+ $revip = Net::IP::ip_reverse($ip);
+ $revip =~s/\.ip6.arpa\.$//;
+ $subip16 = substr($ip,0,15);
+ $subip = substr($ip,0,20);
+ }
+
my $rate = 0;
my $total_dnsbl_score; # this var holds only positive scores!
@@ -2048,8 +2063,9 @@ sub weighted_check
{
if($rr->type eq 'MX')
{
-
- my $mxres = $res->send($rr->exchange);
+ for my $query_type ('A','AAAA') {
+
+ my $mxres = $res->send($rr->exchange , $query_type);
if(dns_error(\$mxres, \$res))
{
@@ -2062,7 +2078,10 @@ sub weighted_check
}
foreach my $mxvar ($mxres->answer)
{
- next if $mxvar->type ne 'A';
+ next if ($mxvar->type ne 'A' && $mxvar->type ne 'AAAA');
+ my $ip_address = $mxvar->address;
+ $ip_address = Net::IP::ip_expand_address($mxvar->address,6)
+ if Net::IP::ip_is_ipv6($mxvar->address);
# store sender MX hostname entries for comparission
# with HELO argument
@@ -2073,12 +2092,12 @@ sub weighted_check
if($tmpcnt == 0)
{
- $from_addresses .= ' '.$mxvar->address;
+ $from_addresses .= ' '.$ip_address;
}
- $addresses .= ' '.$mxvar->address;
+ $addresses .= ' '.$ip_address;
- if ($ip eq $mxvar->address)
+ if ($ip eq $ip_address)
{
$RET .= ' CL_IP_EQ_'.$MATCH_TYPE.'_MX=' .
$helo_from_mx_eq_ip_score[1];
@@ -2090,7 +2109,10 @@ sub weighted_check
$rate += $helo_from_mx_eq_ip_score[1];
last;
}
+ undef $ip_address;
}
+
+ } #Ipv4/IPv6
}
last if $found;
}
@@ -2113,7 +2135,9 @@ sub weighted_check
if(!($found))
{
- my $query = $res->send($testhelo, 'A');
+ for my $query_type ('A','AAAA') {
+
+ my $query = $res->send($testhelo,$query_type);
if(dns_error(\$query, \$res))
{
if($maxdnserr-- <= 1)
@@ -2137,14 +2161,16 @@ sub weighted_check
$helo_untrusted_ok = 1;
}
}
- if(($addr->type ne 'A')){ next; }
+ if(($addr->type ne 'A' && $addr->type ne 'AAAA')){ next; }
+ my $ip_address = $addr->address;
+ $ip_address= Net::IP::ip_expand_address($addr->address,6) if Net::IP::ip_is_ipv6($addr->address);
if($tmpcnt == 0)
{
- $from_addresses .= ' '.$addr->address;
+ $from_addresses .= ' '.$ip_address;
}
- $addresses .= ' '.$addr->address;
- if ($ip eq $addr->address)
+ $addresses .= ' '.$ip_address;
+ if ($ip eq $ip_address)
{
$found = 1;
$helo_ok = 1;
@@ -2159,7 +2185,9 @@ sub weighted_check
}
last;
}
+ undef $ip_address;
}
+ } #IPv4/IPv6
}
if($bad_mx && (!($bad_mx_scored)))
