KutuKupret colorful website
Even though spammers may not have thought to do the email forgery yet, I’m publishing SPF txt record in dns.
# dig txt ipv6.kutukupret.com +short "v=spf1 ip6:2001:470:19:13c::2 -all"
I don’t even know whose gonna validate my spf record anyway 😀 But for the sake of my curiousity, i’m continue developing SPF on my ipv6 postfix smtp. first i need to publish spf txt record
ipv6.kutukupret.com. 86400 IN SPF "v=spf1 ip6:2001:470:19:13c::2 -all"
for the scanner, i’m using postfix-policyd-spf-perl, can be download at http://www.openspf.org/Software The following Perl version and packages are required for running postfix-policyd-spf-perl: Perl 5.6 NetAddr-IP 4 Mail-SPF (not Mail-SPF-Query) perl-Net-DNS >= 0.65 perl-Net-IP >= 1.25 Test the postfix-policyd-spf-perl script, just make sure it works with ipv6 address.
# ./postfix-policyd-spf-perl request=smtpd_access_policy protocol_state=RCPT protocol_name=SMTP helo_name=mx.ipv6.kutukupret.com queue_id= instance=71b0.45e2f5f1.d4da1.0 sender=henet@ipv6.kutukupret.com recipient=hari.h@ipv6.kutukupret.com client_address=2001:470:19:13c::2 client_name=another.domain.tld action=PREPEND Received-SPF: pass (ipv6.kutukupret.com: 2001:470:19:13c::2 is authorized to use 'henet@ipv6.kutukupret.com' in 'mfrom' identity (mechanism 'ip6:2001:470:19:13C::2' matched)) receiver=unknown; identity=mailfrom; envelope-from="henet@ipv6.kutukupret.com"; helo=mx.ipv6.kutukupret.com; client-ip="2001:470:19:13c::2"
I’m not sure if it’s necessary for greylisting in ipv6 smtp right now, seems spammer haven’t move their target on ipv6 smtp server yet.After wandering around for couple of hour with google, i’ve finally found application that’s suitable for my postfix greylisting.i’m using milter-greylist previously, but seems like postfix didn’t have {if_addr} in its milter macros and i have to apply workaround.
so i decided using sqlgrey for easiness sake 🙂
Current state
SQLgrey gained the following features since the beginning:
* SQLgrey can withstand a database crash (grey-listing is automatically switched off) * 3 grey-listing algorithms to choose from * Support for file-based IP and FQDN whitelists * Support for fetching up-to-date whitelists from a repository * Can mail the admin when the database is unavailable * Auto-whitelists now understand SRS (SPF-aware mail forwarding) * IPv6 support * OPTIN / OPTOUT support * Fine log controls * Activity reports
Here is the case:
I have already wordpress/blog installation running on httpd with ipv4.(with no ipv6 enabled).
I want everyone with native ipv6 be able accesing my blog.
I have one server already connected to ipv6 via he.net tunnel brokers on different region.
It’s also have httpd listen on both ipv4/ipv6.
So here’s what i have done.
* I made a backup of wordpress installation on original server.
$ tar cjf wordpress.tar.bz2 wordpress
* Copy and extract wordpress backup to ipv6 enabled
server.(in my case it's extracted on /var/www/html/)
$ tar xjf wordpress.tar.bz2
* Edit wp-config.php
since wordpress using database on original server. I have to create one user, that can access the database from network.(i’m not going to explain how to do it, it’s not beyond this article scope).
define('DB_NAME', 'database');
define('DB_USER', 'user');
define('DB_PASSWORD', 'password');
define('DB_HOST', 'ip of original machine');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
* Create virtualhost on httpd, same as original server.
Sambil nunggu selesainya pentransferan domain kutukupret.com dari registrar lama ke registrar yg baru. mari kita liat2 total score yg sudah diperoleh.
registrar yg lama nggak support ipv6 glue record, dan parahnya di pegang temen ada di hawaii(tau masih di sana atau udah pulang ke indo) dan orangnya super sibuk.
kalo mau modified atau nambah nameserver untuk keperluan test2 ceritification jadi agak2 sungkan takut nganggu ke sibukannya, akhirnya di putuskan register sendiri account di salah satu registrar. dan minta domainnya di transfer sekalian.pentransferan masih dalam proses. kalo udah kelar niat nya mau bikin AAAA record/pointer di v6ns.org
supaya bisa di query secara native sama resolver he.net yg pakai ipv6.untuk keperluan "Sage cetification test".
berikut score sementara (masih yakin pasti masih bisa nambah 😀 )
Step 1:
Register Account at Freenet6
Step 2:
Download Gateway6 Client
Freenet6 (7 downloads )Step 3:
Compile source rpm and install
# rpmbuild --rebuild freenet6-6.0.1-1.src.rpm # rpm -ivh /path/to/freenet6-6.0.1-1.x86_64.rpm
Step 4:
Configure
# vi /etc/gw6c.conf