If you operate your own mailserver, it is very simple to start blocking spam from unregistered mailservers.
- IPv6 whitelist DNS: rbl.ipv6wl.eu
- Response IPv6 from a supported country which is not whitelisted: 127.0.0.2 (blacklisted)
- Response IPv6 from a supported country which is whitelisted: 127.0.2.10 (whitelisted)
- Response IPv6 from an unsupported country : NXDOMAIN
If the response is 127.0.0.2, the connection should be temporarily rejected (4xx) with the message: “IPv6 address is NOT whitelisted at ipv6whitelist.eu”.
The testing addresses 127.0.0.2 and ::FFFF:7F00:2 are always blacklisted.
The testing addresses 127.0.2.10 and ::FFFF:7f00:20a are always whitelisted.
Requests on the RBL are always being done with standard inverted nibbles.
If the IPv6 address you want to look up is “3ffe:ffff:836f:0a00:000a:0800:200a:c031″ you have to remove all : from it. Then, the whole string should be reversed and have all characters separated with a “.”. The end result will then become: “1.3.0.c.a.0.0.2.0.0.8.0.a.0.0.0.0.0.a.0.f.6.3.8.f.f.f.f.e.f.f.3″.
You can then use that to lookup the status of that IP by doing an lookup for “1.3.0.c.a.0.0.2.0.0.8.0.a.0.0.0.0.0.a.0.f.6.3.8.f.f.f.f.e.f.f.3.rbl.ipv6wl.eu”. The types returned are (currently) always either A or TXT, depending on what you request. The A record will contain the response IP (see above) and the TXT will contain the descriptive text.
Add to the Exim ACL:
message = IPv6 address $sender_host_address is NOT whitelisted at ipv6whitelist.eu.
dnslists = rbl.ipv6wl.eu=127.0.0.2
Add to the Postfix configuration:
smtpd_recipient_restrictions = reject_rbl_client rbl.ipv6wl.eu=127.0.0.2