RBL

Howto avoid being "cut off" by spamhaus.org

As you probably know spamhaus limits your smtp and DNS traffic (http://www.spamhaus.org/organization/dnsblusage/ for more info) and in case of big servers this can be a serious problem.

Luckily, Costel Balta sent me a solution to the problem that I'm going to copy below. In short, he suggests to dinamically create firewall rules via iptables (or better shorewall) to avoid connections from suspicious IPs in order to decrease the number of requests to the RBL lists of about 80%.

ipsets and swatch are also needed to manage iptables rules and scan your logs respectively.

A big thanks to Costel Balta for the following tutorial; this is not the first time that he posts an original idea.

Realtime Blackhole List (RBL) - qmail-dnsbl

This patch by Fabio Busatto replaces the djb's rblsmtpd program. It incorporates into qmail-smtpd the rbl stuff with the advantage that you can see the envelope in the logs. It was sufficient for me to add a line of code to get a log like this:

Setting up rblsmtpd

NB: you can skip this page if you decided to use qmail-dnsbl instead


A Realtime Blackhole List (RBL) is a list of addresses that an RBL list supplier believes are a source of Spam.
rblsmtpd blocks mail from RBL-listed sites. It works with any SMTP server that can run under tcpserver.

qmail-smtpd's run script is already set to run rblsmtpd before qmail-smtpd. The following lines are related to rblsmtpd (others are omitted):

# This enables greetdelay anti-spam functionality on rblsmtpd
export GREETDELAY=15

# This disables rblsmtpd reject
#export RBLSMTPD=""

exec /usr/local/bin/softlimit -m "$SOFTLIMIT" \
    /usr/local/bin/tcpserver -v -H -R -l 0 \
    -x /home/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" \
    -u "$QMAILDUID" -g "$NOFILESGID" 0 25 \
    /usr/local/bin/rblsmtpd -W \
        -b -r zen.spamhaus.org \
-r bl.spamcop.org \
 /var/qmail/bin/qmail-smtpd 2>&1

Realtime Blackhole List (RBL) - qmail-rblchk

Update: you may be interested to join in the poll "Which is the most accurate and reliable RBL list?"


This module is still under testing

A Realtime Blackhole List (RBL) is a list of addresses that an RBL list supplier believes are a source of Spam.

As an alternative to Bernstein's rblsmtpd, you can use Luca Morettoni's qmail-rblchk to block IPs from such lists.

Syndicate content