On Tue, Nov 09, 2004 at 16:28:00 +0100, Jeroen Massar wrote:
> On Tue, 2004-11-09 at 16:15 +0100, Philipp Morger wrote:
> > well, you sound like a candidate for propagating SPF in your DNS :)
>
> http://spf.pobox.com/mechanisms.html#ip6
> 8<---------------
> ip6
> Could someone with IPv6 experience please provide some input?
> --------------->8
well, check http://www.ozonehouse.com/mark/spf/draft-lentczner-spf-00.txt
from the file:
--- snip ---
5.6 "ip4" and "ip6"
These mechanisms test if <ip> is contained within a given IP network.
Lentczner & Wong Expires April 12, 2005 [Page 21]
�
Internet-Draft Sender Policy Framework (SPF) October 2004
IP4 = "ip4" ":" ip4-network [ ip4-cidr-length ]
IP6 = "ip6" ":" ip6-network [ ip6-cidr-length ]
ip4-cidr-length = "/" 1*DIGIT
ip6-cidr-length = "/" 1*DIGIT
ip4-network = as per conventional dotted quad notation,
e.g. 192.0.2.0
ip6-network = as per [RFC 3513], section 2.2,
e.g. 2001:DB8::CD30
The <ip> is compared to the given network. If CIDR-length high-order
bits match, the mechanism matches.
If ip4-cidr-length is omitted it is taken to be "/32". If
ip6-cidr-length is omitted it is taken to be "/128".
--- snap ---
and:
--($:~)-- telnet caladan.freestone.net smtp
Trying 2001:8e0::2b0:d0ff:fe22:d757...
Connected to dns.freestone.net.
Escape character is '^]'.
220 caladan.freestone.net ESMTP Yes, give it to me ...
ehlo atlantis.dolphins.ch
250-caladan.freestone.net
250-PIPELINING
250-SIZE 50000000
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5
250-AUTH=LOGIN PLAIN DIGEST-MD5 CRAM-MD5
250 8BITMIME
mail from: <[EMAIL PROTECTED]>
250 Ok
rcpt to: <[EMAIL PROTECTED]>
554 <[EMAIL PROTECTED]>: Sender address rejected: Please see
http://spf.pobox.com/why.html?sender=philipp.morger%40dominion.ch&ip=2001%3A8e0%3A40%3A2%3A202%3Ab3ff%3Afe09%3A4b82&receiver=caladan.freestone.net
ok, ok - I admit it, the Query.pm module had to be modified, but it works!
Don't try the link, the website only understands IPv4. The patch-file to the pm
is submited to Meng, but somehow are not yet implemented.
If you check the spf record you'll see that I only allowed the mx's, but
according the
"snipplet" above you can also define bare IP's.
--
_;\_ Philipp Morger / PHM2-RIPE System & Network Administrator
/_. \ Dolphins Network Systems AG Phone +41-1-847'45'45
|/ -\ .) Email: <[EMAIL PROTECTED]>
-'^`- \; Don't send mail to: [EMAIL PROTECTED]
_______________________________________________
swinog mailing list
[EMAIL PROTECTED]
http://lists.init7.net/cgi-bin/mailman/listinfo/swinog
