17 May 2011 Roberto Puzzanghera0 comments
This module is still under testing
A Realtime Blackhole List (RBL) is a list of addresses that an RBL list supplier believes are a source of Spam.
As an alternative to Bernstein's
rblsmtpd, you can use Luca Morettoni's
qmail-rblchk to block IPs from such lists.
For an exaustive guide about the program you are invited to visit the author's site.
We have to patch the program for
errno, since it is derived from DJB's
djbdns. The patch is included in the
cd /usr/local/src wget http://www.morettoni.net/qmail/qmail-rblchk-2.4.1.tar.gz tar xzf qmail-rblchk-2.4.1.tar.gz cd qmail-rblchk chown -R root.root . patch < /usr/local/src/netqmail-1.06/other-patches/djbdns-1.05.errno.patch make setup check
This will install
qmail-rblchk in the
If you want to let the program log its work and record the blocked IPs (which is useful to create your own rbl later) you have to create a log dir and assign write priviledges to the user who run
mkdir /usr/local/etc/rbl chown -R vpopmail /usr/local/etc/rbl
qmail-rblchk is a filter to be executed before the delivery. You have to install it in the first line on the
> /var/qmail/bin/qmail-rblchk -h qmail-rblchk: usage: qmail-rblchk [opz] [dir] options may be: -h this screen -s add X-Spam header into the incoming mail (work only with delivery ``dir'') -c turn on condredirect compatibility mode -i NUM ignore first ``NUM'' IPs found in the header -x IP do not check ``IP'', try to find other address in header -v verbose (debug) mode -V show program version -q quiet mode (suppress any output) -p don''t check private IP class: 127.0.0.0 - 127.255.255.255 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 -m check all IPs in email (default: check only first IP) -l log write program action to ``log'' file -L data write blocked IP to ``data'' file -r addr use ``addr'' for RBL checking (if TXT record exist block mail) -R addr use ``addr'' for RBL reverted checking (if TXT record NOT exist block mail) -C addr use ``addr'' for one time RBL checking (if TXT or A record exist don''t block mail) -a addr use ``addr'' for anti-RBL checking (if A record NOT exist block mail) -A addr use ``addr'' for anti-RBL reverted checking (if A record exist block mail) -X cdb check IP from tcpserver-style ``cdb'' file (IP:deny block mail from that IP) You must specify one or more (max 32) RBL address, example: qmail-rblchk -r dnsbl.sorbs.net -r sbl-xbl.spamhaus.org -r relays.ordb.org You can ignore (-x option) no more than 16 IP address If ``dir'' is given in command line and it exist all blocked mails are delivered into Maildir ``dir'' (dir must start with a / or a . and end with a /); the program run in ``delivery mode''. The program exit status may be (normal mode): 0 when the message is not blocked 100 when the message is blocked 111 when fails or no checking options was given In ``delivery mode'': 0 the message is not blocked (continue .qmail checking) 99 the blocked message has been wrote to ``dir'' Maildir 111 same as above In ``condredirect compatibility mode'': 0 when the message is blocked 1 when the message is not blocked 111 same as above
This powerful program can log its activity, store blocked IPs, move spam in the Junk folder, bypass incoming messages from the internal net.
This is how I use it inside my
.qmail-default files. You have to insert a line like this at the top of the
.qmail-default file of the domain where you want to enable the filter:
|/var/qmail/bin/qmail-rblchk -r zen.spamhaus.org -r dnsbl.sorbs.net -p -L /usr/local/etc/rbl/rbl.txt -l /usr/local/etc/rbl/qmail-rblchk.log
NB: If you decide to use
zen.spamhaus.org as suggested here, check the free use terms and be aware the exceeding these terms causes the cut off of your server.
Another thing you can do is to use the shell script from the
contrib folder in the source dir to rotate the log file and periodically advice you via email about the program's activity.
> cp /usr/local/src/qmail-rblchk/contrib/spam-report.sh /usr/local/etc/rbl/qmail-rblchk-report.sh > crontab -e 3 02 * * * /usr/local/etc/rbl/qmail-rblchk-report.sh firstname.lastname@example.org 5
where 5 is the maximum number of log file to leave on the disk.
apache clamav dkim dovecot ezmlm fail2ban hacks lamp linux linux-vserver mariadb mediawiki mozilla mysql owncloud patches php proftpd qmail qmailadmin rbl roundcube rsync sieve simscan slackware spamassassin ssh surbl tcprules tex ucspi-tcp vpopmail vqadmin