Want Linux

I always thought that RBL were a cost effective way to get rid of SPAM. The more email I can drop at the RBL level with postfix the less Spamassassin processing I have to do. Since running spamassassin at a business level requires alot of horsepower and memory I like to clean up the know offenders at the postfix level. RBL blacklist.

The first thing you have to do is get a blackhole email built and out on the internet hide it in websites owned by your company with policy statements or whatever you need to help you sleep at night. Make sure the email has never been used before on your domain, and the email address is working. For this case I am using postfix maildirs cause it separates the messages for cleaner processing, and filing.

Next install rbldns on ubuntu I am testing out Jaunty Jackalope right now, but it will work for 7.04 and forward.

sudo apt-get install rbldnsd

sudo vi /etc/default/rbldnsd

If everything is commented add to the bottom of the file.

RBLDNSD=”dsbl -r/var/lib/rbldns/ -c60 -b10.0.0.1\
rbl.example.com:ip4set:rbl.example.com.db \

Create db file

echo “:127.0.0.2:http://www.example.com/removal.php?ip=$” > /var/lib/rbldnsd/rbl.example.com.db

You can add a url or whatever in the http section I have above. Next add an ip address or two to the file. I assume you have a couple if you have gotten this far.

echo “10.0.0.1″ >> /var/lib/rbldnsd/rbl.example.com.db

and so on and so on.

Restart Rbldnsd

sudo /etc/init.d/rbldnsd

Test Rbl server.

dig 1.0.0.10.rbl.example.com

I should respond with something like the following.

$ dig 1.0.0.10.rbl.example.com

; < <>> DiG 9.5.1-P1 < <>> 1.0.0.10.rbl.example.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 62354
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;1.0.0.10.rbl.example.com. IN A

;; ANSWER SECTION:
1.0.0.10.rbl.example.com. 2100 IN A 127.0.0.2

;; AUTHORITY SECTION:
rbl.example.com. 600 IN NS rbl.example.com.

;; Query time: 588 msec
;; SERVER: 10.0.0.55#53(10.0.0.55)
;; WHEN: Wed Mar 18 09:53:14 2009
;; MSG SIZE rcvd: 80

Yay you have a working rbldnsd install. Now what right. well remember that email address you setup I bet is has an email. Maybe? Well now you just have to extract the senders email address and put it in the /var/lib/rbldnsd/rbl.example.com.db file.

I have a script to automatically extract the ip and add it to the file, but my rbl server can't access my email directory so it is over complicated. So I will give you the make part of the script.

sudo grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' /home/test.example.com/Maildir/new/*|grep -v 127.0.0.1|awk -F[ '{print $2}'|sed s/\]\)//| grep -v 66.37 |grep -v 66.7.175| awk '{print $1}'|sed s/\]//|grep -v ^$| sed s/\>//|sort| uniq|sort >> /var/lib/rbldns/rbl.example.com.db

I have a few scripts to clean that up some, but you get the point. I am going to test sa2dnsbl, but I have the feeling it will block to much.