Rblsmtpd
From Qmail Info Wiki
rblsmtpd is a program which is designed to run under tcpserver, within the context of an SMTP service. It checks the remote client's IP address against one or more RBLs.
If it finds a match, it will engage the client in what looks like an SMTP session, but only returns error messages- and after 60 seconds, it forcibly closes the socket, hanging up on the remote client.
If it does not find a match, rblsmtpd runs another program (specified on its command line), presumably to carry out a real SMTP conversation. This other program is usually qmail-smtpd.
rblsmtpd is part of the ucspi-tcp package.
[edit]
From the documentation (http://cr.yp.to/ucspi-tcp/rblsmtpd.html)
There are several error-handling options for RBL lookups:
| parameter | meaning |
|---|---|
| -B | (Default.) Use a 451 error code for IP addresses listed in the RBL. |
| -b | Use a 553 error code for IP addresses listed in the RBL. |
| -C | (Default.) Handle RBL lookups in a ``fail-open mode. If an RBL lookup fails temporarily, assume that the address is not listed; if an anti-RBL lookup fails temporarily, assume that the address is anti-listed. Unfortunately, a knowledgeable attacker can force an RBL lookup or an anti-RBL lookup to fail temporarily, so that his mail is not blocked. |
| -c | Handle RBL lookups in a ``fail-closed mode. If an RBL lookup fails temporarily, assume that the address is listed (but use a 451 error code even with -b). If an anti-RBL lookup fails temporarily, assume that the address is not anti-listed (but use a 451 error code even if a subsequent RBL lookup succeeds with -b). Unfortunately, this sometimes delays legitimate mail. |
| -r base | Use base as an RBL source. An IP address a.b.c.d is listed by that source if d.c.b.a.base has a TXT record. rblsmtpd uses the contents of the TXT record as an error message for the client. |
| -a base | Use base as an anti-RBL source. An IP address a.b.c.d is anti-listed by that source if d.c.b.a.base has an A record. In this case rblsmtpd does not block mail. |
- If $RBLSMTPD is set and is empty, rblsmtpd does not block mail.
- If $RBLSMTPD is not set, rblsmtpd looks up $TCPREMOTEIP in the RBL, and blocks mail if $TCPREMOTEIP is listed. tcpserver sets up $TCPREMOTEIP as the IP address of the remote host.
Given the above, one can create a tcp.smtp file to not scan or perform DNS lookups
127.:allow,RELAYCLIENT="",QMAILQUEUE="/var/qmail/bin/qmail-queue" 192.168.:allow,RELAYCLIENT="",QMAILQUEUE="/var/qmail/bin/qmail-queue" 44.55.66.:RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
One configuration example
#!/bin/sh QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" ; export QMAILQUEUE QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` FORCE_TLS=1 MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` # update (2004-10-05 EN) FIXCRIO FIXCRIO=$( which fixcrio) # update (2005-01-05 EN) RBL LIST RBLLIST="" RBLLIST=$RBLLIST" -r bl.spamcop.net" #RBLLIST=$RBLLIST" -r relays.ordb.org" RBLLIST=$RBLLIST" -r dnsbl.sorbs.net" #RBLLIST=$RBLLIST" -r safe.dnsbl.sorbs.net" #RBLLIST=$RBLLIST" -r dev.null.dk" #RBLLIST=$RBLLIST" -r list.dsbl.org" #RBLLIST=$RBLLIST" -r multihop.dsbl.org" #RBLLIST=$RBLLIST" -r orbs.dorkslayers.com" #RBLLIST=$RBLLIST" -r orbz.gst-group.co.uk" #RBLLIST=$RBLLIST" -r sbl-xbl.spamhaus.org" if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi if [ ! -f /var/qmail/control/rcpthosts ]; then echo "No /var/qmail/control/rcpthosts!" echo "Refusing to start SMTP listener because it'll create an open relay" exit 1 fi if [ ! -f /var/qmail/control/rcpthosts ]; then echo "No /var/qmail/control/rcpthosts!" echo "Refusing to start SMTP listener because it'll create an open relay" exit 1 fi exec /usr/local/bin/softlimit -m 40000000 \ /usr/local/bin/tcpserver -v -R -H -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \ rblsmtpd -C $RBLLIST \ /var/qmail/bin/greylist \ /var/qmail/bin/qmail-smtpd ednevitible.co.uk \ /home/vpopmail/bin/vchkpw /usr/bin/true 2>&1
In the above script adding or removing various RBL lists is a simple task.
