Here we go again 
for using ipv6 dnsbl, we need postfix version => 2.6 as the author of postfix state in postfix-users list. This site is a good reference on how to build postfix RPM under redhat based system
How ipv6 dnsbl keep AAAA record in their zone? this is how it done. for example we got ipv6:
2001:470:19:13c:219:d1ff:feea:ee16
(this one of my workstation ipv6 address )
RBL query lookup would be like this:
$ dig aaaa 6.1.e.e.a.e.e.f.f.f.1.d.9.1.2.0.c.3.1.0.9.1.0.0.0.7.4.0.1.0.0.2.dnsbl.domain.tld. $ dig txt 6.1.e.e.a.e.e.f.f.f.1.d.9.1.2.0.c.3.1.0.9.1.0.0.0.7.4.0.1.0.0.2.dnsbl.domain.tld.
So, we need configure our private BIND9 RBL like this: first create dnsbl.domain.tld zone in /etc/named.conf
zone "dnsbl.domain.tld" {
type master;
file "dnsbl.domain.tld";
};
second, we have to create dnsbl.domain.tld zone file.
$TTL 86400
@ IN SOA ns1.dnsbl.domain.tld. hostmaster.dnsbl.domain.tld. (
2009071228 ; serial number YYMMDDNN
28800 ; Refresh
7200 ; Retry
864000 ; Expire
86400 ; Min TTL
)
NS ns1.dnsbl.domain.tld.
NS ns2.dnsbl.domain.tld.
$ORIGIN dnsbl.domain.tld.
blackhole IN A 127.0.0.2
IN AAAA ::2
IN TXT "Blocked by dnsbl.domain.tld for SPAM Sources"
1.3.0.c.a.0.0.2.0.0.8.0.a.0.0.0.0.0.a.0.f.6.3.8.f.f.f.f.e.f.f.3 IN CNAME blackhole
e.c.a.f.e.b.a.b.0.0.0.0.0.0.0.0.1.0.0.0.7.e.8.f.0.7.4.0.1.0.0.2 IN CNAME blackhole
6.1.e.e.a.e.e.f.f.f.1.d.9.1.2.0.c.3.1.0.9.1.0.0.0.7.4.0.1.0.0.2 IN CNAME blackhole
why do i using CNAME instead of direct AAAA record? it’s just for efficiency, to avoid repetitions when adding ipv6 address on the blacklist. beside, postfix resolver can follow CNAME until found AAAA and TXT record. IN postfix configuration, main.cf add this line:
smtpd_recipient_restrictions =
...
reject_unauth_destination,
reject_rbl_client dnsbl.domain.tld,
...
don’t forget to exclude 2001:470:19:13c:219:d1ff:feea:ee16 from mynetworks
mynetworks = ![2001:470:19:13c:219:d1ff:feea:ee16], .....
now test all the things we’ve configured.
$ telnet mx.domain.tld 25 220 mx.domain.tld ESMTP Postfix (2.6.1) ehlo wks.domain.tld 250-mx.domain.tld 250-PIPELINING 250-SIZE 52428800 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from: 250 2.1.0 Ok rcpt to: 554 5.7.1 Service unavailable; Client host [2001:470:19:13c:219:d1ff:feea:ee16] blocked using dnsbl.domain.tld; Blocked by dnsbl.domain.tld for SPAM Sources quit 221 2.0.0 Bye Connection to host lost.
In Postfix log, we will see rejection like this:
Aug 14 08:56:16 fire postfix/qmgr[3237]: D10B1262DBB: removed Aug 14 08:56:19 fire postfix/smtpd[3239]: NOQUEUE: reject: RCPT from wks.domain.tld[2001:470:19:13c:219:d1ff:feea:ee16]: 554 5.7.1 Service unavailable; Client host [2001:470:19:13c:219:d1ff:feea:ee16] blocked using dnsbl.domain.tld; Blocked by dnsbl.domain.tld for SPAM Sources; from= to= proto=ESMTP helo=
that’s all
You may also want to read these posts:
- Most Commonly Used ipv6 Command In My Windows XP Workstation
- Postfix IPv6 + SPF (sender policy framework)
- Howto make postfix listening on IPv6
- Postfix IPv6 + sqlgrey
- Geo Location DNSBL Using Perl, Memcached And GeoIP
- DNSBL Using Perl And Memcached
- Hurricane Electric IPv6 certification
- Extract ipv6 prefix in python
- Centos 5 and IPv6 (IPv6-in-IPv4 tunneling)
- IPv6 without tunnel broker on linux
Follow me on Twitter
test
Great!