A Realtime Block List (RBL) is a list of addresses that an RBL list supplier believes are a source of Spam.
- Download qmail-dnsbl patch
- Code and logic from
qmail-dnsblpatch by Fabio Busatto
- Added support for welcomelists, TXT and A queries, configurable return codes 451 or 553 with custom messages (by Luca Franceschini)
This patch replaces the djb's
rblsmtpd program. It incorporates into
qmail-smtpd the RBL stuff with the advantage that you can see the envelope in the logs. Registering the envelope as well as the sender ip is important to always know what happened to not received messages.
An additional improvement with respect to the use of the RBL filter *before*
rblsmtpd did is that the authenticated users who want to send messages from a remote dynamic IP will not be banned; this means that we are able to switch on the filter on the 587 submission port as well :)
To activate the RBL check just add your favourite block lists in the
dnsbllist control file (one per line).
cat > /var/qmail/control/dnsbllist << __EOF__ -b.barracudacentral.org -zen.spamhaus.org -psbl.surriel.com -bl.spamcop.net __EOF__
qmail and check that the RBL lists have been parsed:
> qmailctl restart > qmail-showctl |grep dnsbl dnsbllist: List at -zen.spamhaus.org configured for dnsbl check. List at -b.barracudacentral.org configured for dnsbl check. List at -psbl.surriel.com configured for dnsbl check. List at -bl.spamcop.net configured for dnsbl check.
Improvements with respect to the original
- default file
control/dnsbllistcan be overridden with env variable DNSBLLIST
- if DNSBLSKIP env variable is set, qmail-smtpd skips the rbl check
control/dnsblfailclosedor DNSBLFAILCLOSED are defined,
qmail-smtpdconsiders the source ip as blocked even in case of lookup failures (check
rblsmtpdman page for more details)
- support for environment variable RBLSMTPD (check
rblsmtpdman page for more details)
- dnsbllist can contain empty lines and comments with '#' at start or end of lines; leading and trailing spaces are automatically removed
Examples and formats
Query rbl for TXT records, return code 451: "451 http://www.spamhaus.org/query/bl?ip=184.108.40.206"
Query rbl for TXT records, return code 553: "553 http://www.spamhaus.org/query/bl?ip=220.127.116.11"
Query rbl for A records, custom return message with ret code 451: "451 Message rejected"
Query rbl for A records, custom return message with ret code 553: "553 Message rejected", the following syntaxes are allowed:
-zen.spamhaus.org:Message rejected zen.spamhaus.org:-Message rejected -zen.spamhaus.org:-Message rejected
Query rbl for A records, custom return message with IP variable, replaced by remote ip:
zen.spamhaus.org:Message blocked from %IP%
dns welcomelist A query:
+welcome.dnsbl.local:welcomelist test +welcome.dnsbl.local
The following syntaxes are NOT ALLOWED:
At the end of this guide I will show how to set up
fail2ban in order to ban malicious IPs and then decrease the amount of connections to the RBL lists, avoiding to be banned consequently.
As an alternative, you may be interested to take a look to the idea of Costel Balta, which is addressed to solve the same problem.
One thing to pay close attention to when configuring the servers is avoiding to use public dns like google's 18.104.22.168 to resolve their services (more info here). This will cause a cut off due to the fact that they cannot measure our load of traffic on their servers if you use a public dns.
Check your IP's reputation
When you buy an IP address, you know that it's not new and you inherit its reputation. So the first thing you may want to do is to check if it's listed in some RBL here: http://multirbl.valli.org or https://mxtoolbox.com/SuperTool.aspx