DNS bailiwick

The term in-bailiwick means that nameservers for a domain is in the same domain (within the domain). ie domain.com nameserver is ns.domain.com not ns.domain.net nor ns.otherdomain.org (glued delegation) The term out-of-bailiwick means that nameservers for a domain is not in the same domain. ie domain.com nameserver is ns.domain.net or ns.otherdomain.org…

Postfix IPv6 + RBL + BIND9 as DNSBL

Here we go again :) for using ipv6 dnsbl, we need postfix version => 2.6 as the author of postfix state in postfix-users list. This site is a good reference on how to build postfix RPM under redhat based system http://postfix.wl0.org/en/ How ipv6 dnsbl keep AAAA record in their zone?…

Postfix IPv6 + SPF (sender policy framework)

Even though spammers may not have thought to do the email forgery yet, I’m publishing SPF txt record in dns.

# dig txt ipv6.kutukupret.com +short
"v=spf1 ip6:2001:470:19:13c::2 -all"

I don’t even know whose gonna validate my spf record anyway 😀 But for the sake of my curiousity, i’m continue developing SPF on my ipv6 postfix smtp. first i need to publish spf txt record

ipv6.kutukupret.com.    86400   IN      SPF     "v=spf1 ip6:2001:470:19:13c::2 -all"

for the scanner, i’m using postfix-policyd-spf-perl, can be download at http://www.openspf.org/Software The following Perl version and packages are required for running postfix-policyd-spf-perl: Perl 5.6 NetAddr-IP 4 Mail-SPF (not Mail-SPF-Query) perl-Net-DNS >= 0.65 perl-Net-IP >= 1.25 Test the postfix-policyd-spf-perl script, just make sure it works with ipv6 address.

# ./postfix-policyd-spf-perl
request=smtpd_access_policy
protocol_state=RCPT
protocol_name=SMTP
helo_name=mx.ipv6.kutukupret.com
queue_id=
instance=71b0.45e2f5f1.d4da1.0
sender=henet@ipv6.kutukupret.com
recipient=hari.h@ipv6.kutukupret.com
client_address=2001:470:19:13c::2
client_name=another.domain.tld

action=PREPEND Received-SPF: pass (ipv6.kutukupret.com: 2001:470:19:13c::2 is authorized to use 'henet@ipv6.kutukupret.com' in 'mfrom' identity (mechanism 'ip6:2001:470:19:13C::2' matched)) receiver=unknown; identity=mailfrom; envelope-from="henet@ipv6.kutukupret.com"; helo=mx.ipv6.kutukupret.com; client-ip="2001:470:19:13c::2"

Postfix IPv6 + sqlgrey

I’m not sure if it’s necessary for greylisting in ipv6 smtp right now, seems spammer haven’t move their target on ipv6 smtp server yet.After wandering around for couple of hour with google, i’ve finally found application that’s suitable for my postfix greylisting.i’m using milter-greylist previously, but seems like postfix didn’t have {if_addr} in its milter macros and i have to apply workaround.

so i decided using sqlgrey for easiness sake 🙂

Current state

SQLgrey gained the following features since the beginning:

* SQLgrey can withstand a database crash (grey-listing is automatically switched off)
* 3 grey-listing algorithms to choose from
* Support for file-based IP and FQDN whitelists
* Support for fetching up-to-date whitelists from a repository
* Can mail the admin when the database is unavailable
* Auto-whitelists now understand SRS (SPF-aware mail forwarding)
* IPv6 support
* OPTIN / OPTOUT support
* Fine log controls
* Activity reports

Howto make postfix listening on IPv6

Postfix, by default only listen on ipv4 interface. this is howto make Postfix listen on both ipv4/ipv6 This example using IPv6 address given by he.net In main.cf [text] -- others config -- -- snippet -- inet_protocols = ipv4, ipv6 inet_interfaces = 127.0.0.1, 192.168.200.18, [::1], [2001:470:19:xxxx::2] mynetworks = [2001:470:19:xxxx::/64], [::1/128], 127.0.0.1,…

APJII suggest that Internet Service providers Ready to migrate

APJII suggest that Internet Service providers Ready to migrate Friday, December 07, 2007 | 05:31 WIB TEMPO Interactive, Jakarta: Association of Internet Service Internet Company (APJII) require the company's Internet service provider to prepare themselves migrated to the Internet address protocol version IPv4 addresses for IPv4 Internet protocol version is…

WordPress with one database, same domain, two identical installation on two different machine/network(ipv4/ipv6)

Here is the case:

I have already wordpress/blog installation running on httpd with ipv4.(with no ipv6 enabled).
I want everyone with native ipv6 be able accesing my blog.
I have one server already connected to ipv6 via he.net tunnel brokers on different region.

It’s also have httpd listen on both ipv4/ipv6.

So here’s what i have done.

    * I made a backup of wordpress installation on original server.
$ tar cjf wordpress.tar.bz2 wordpress
    * Copy and extract  wordpress backup to ipv6 enabled
server.(in my case it's extracted on /var/www/html/)
$ tar xjf wordpress.tar.bz2
    * Edit wp-config.php

since wordpress using database on original server. I have to create one user, that can access the database from network.(i’m not going to explain how to do it, it’s not beyond this article scope).

define('DB_NAME', 'database');
define('DB_USER', 'user');
define('DB_PASSWORD', 'password');
define('DB_HOST', 'ip of original machine');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
    * Create virtualhost on httpd, same as original server.

Hurricane Electric IPv6 certification

Sambil nunggu selesainya pentransferan domain kutukupret.com dari registrar lama ke registrar yg baru. mari kita liat2 total score yg sudah diperoleh.

registrar yg lama nggak support  ipv6 glue record, dan parahnya di pegang temen ada di hawaii(tau masih di sana atau udah pulang ke indo) dan orangnya super sibuk.

kalo mau modified atau nambah nameserver untuk keperluan test2 ceritification jadi agak2 sungkan takut nganggu ke sibukannya, akhirnya di putuskan register sendiri account di salah satu registrar. dan minta domainnya di transfer sekalian.pentransferan masih dalam proses. kalo udah kelar niat nya mau bikin AAAA record/pointer di v6ns.org

supaya bisa di query secara native sama resolver he.net yg pakai  ipv6.untuk keperluan "Sage cetification test".

berikut score sementara (masih yakin pasti masih bisa nambah 😀 )