** Description changed:
There is only one hook for checking DNSBLs in
acl/30_exim4-config_check_rcpt which is run unconditionally for both
IPv4 and IPv6 addresses. This can lead to problems when IPv6 addresses
- are checked against IPv4-only lists. See exim spec 40.35.
+ are checked against IPv4-only lists.
+
+ From exim spec 40.35:
+
+ 40.35 DNS lists and IPv6
+ If Exim is asked to do a dnslist lookup for an IPv6 address, it inverts it
nibble by nibble. For example, if the calling host’s IP address is
3ffe:ffff:836f:0a00:000a:0800:200a:c031, Exim might look up
+
+ 1.3.0.c.a.0.0.2.0.0.8.0.a.0.0.0.0.0.a.0.f.6.3.8.f.f.f.f.e.f.f.3.blackholes
+ .mail-abuse.org
+
+ Unfortunately, some of the DNS lists contain wildcard records, intended
+ for IPv4, that interact badly with IPv6. For example, the DNS entry
+
+ *.3.some.list.example. A 127.0.0.1
+
+ is probably intended to put the entire 3.0.0.0/8 IPv4 network on the
+ list. Unfortunately, it also matches the entire 3::/4 IPv6 network.
+
+ You can exclude IPv6 addresses from DNS lookups by making use of a
+ suitable condition condition, as in this example:
+
+ deny condition = ${if isip4{$sender_host_address}}
+ dnslists = some.list.example
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/953876
Title:
Can not specify different DNSBLs for IPv4/IPv6
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/953876/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
