We're now starting to see some IPv6 DNSRBLs (eg:
bl.ipv6.spameatingmonkey.net). It occurs to me that postscreen and
postfix should only be sending IPv4 requests to IPv4-specific DNSRBLs
and IPv6 requests to IPv6-specific lists. I would therefore hope for
consideration of the following changes:
postscreen_dnsbl_sites would be replaced by two settings,
postcreen_1pv4_dnsbl_sites and postscreen_ipv6_dnsbl_sites. Both would
default to $postscreen_dnsbl_sites for backwards-compatibility reasons,
but any IPv4 checks would go to the lists specified in
postcreen_dnsbl_ipv4_sites and any IPv6 checks would go to the lists
specified in postscreen_dnsbl_ipv6_sites.
Add new smtpd_client_restrictions of reject_ipv4_rbl_client and
reject_ipv6_rbl_client. reject_rbl_client would remain for backwards
compatibility and to support a single entry for lists that contain both
IPv4 and IPv6 entries.
Same as above for permit_dnswl_client.
At the moment the IPv6 lists that I'm aware of are designed to respond
to A requests. If there are IPv6 lists that instead respond to AAAA
requests then some sort of change would be needed to deal with those as
well. If that becomes a need then we could allow the "filter" portion
(after the "=") of the above settings to contain IPv6 patterns as well
and a recognized IPv6 pattern could indicate to postfix to do an AAAA
lookup instead of A. Alternatively there could be some other indicator
to tell postfix to do an AAAA lookup instead of an A lookup.
Peter
