Skip to content

rblsmtpd.1

Jump to bottom
Manvendra Bhangui edited this page Feb 25, 2024 · 4 revisions

NAME

rblsmtpd - blocks mail from RBL-listed sites for any SMTP server that can run under tcpserver(1)

SYNOPSIS

rblsmtpd opts prog[.so]

DESCRIPTION

opts is a series of getopt-style options. prog consists of one or more arguments. prog can have the extension .so in which case, rblsmtpd will use dlopen(3) to load the shared object prog.so. When you want to load shared objects, prog.so should be an absolute path.

Normally rblsmtpd runs prog. prog is expected to carry out an SMTP conversation to receive incoming mail messages.

However, rblsmtpd does not invoke prog if it is told to block mail from this client. Instead it carries out its own limited SMTP conversation, temporarily rejecting all attempts to send a message. Meanwhile it prints one line on descriptor 2 to log its activity.

rblsmtpd drops the limited SMTP conversation after 60 seconds, even if the client has not quit by then.

OPTIONS

-t n
Change the timeout to n seconds.

Blocked clients

If the $RBLSMTPD environment variable is set and is nonempty, rblsmtpd blocks mail. It uses $RBLSMTPD as an error message for the client. Normally rblsmtpd runs under tcpserver(1); you can use tcprules(1) to set $RBLSMTPD for selected clients. Any occurrence of %IP% in $RBLSMTPD gets replaced with the IP address of the remote client.

If $RBLSMTPD is set and is empty, rblsmtpd does not block mail.

If $RBLSMTPD is not set, rblsmtpd looks up $TCPREMOTEIP in the RBL, and blocks mail if $TCPREMOTEIP is listed. tcpserver sets up $TCPREMOTEIP as the IP address of the remote host.

-r base
Use base as an RBL source. An IP address a.b.c.d is listed by that source if d.c.b.a.base has a TXT record. rblsmtpd uses the contents of the TXT record as an error message for the client.

-a base
Use base as an anti-RBL source. An IP address a.b.c.d is anti-listed by that source if d.c.b.a.base has an A record. In this case rblsmtpd does not block mail.

You may supply any number of -r and -a options. rblsmtpd tries each source in turn until it finds one that lists or anti-lists $TCPREMOTEIP. It also tries an RBL source of rbl.maps.vix.com if you do not supply any -r options. See http://maps.vix.com/rbl/ for more information about rbl.maps.vix.com.

If you want to run your own RBL source or anti-RBL source for rblsmtpd, you can use rbldns from the DNScache (djbdns) package.

Temporary errors

Normally, if $RBLSMTPD is set, and does not start with a hyphen '-' rblsmtpd uses a 451 error code in its limited SMTP conversation. This tells legitimate clients to try again later. It gives innocent relay operators a chance to see the problem, prohibit relaying, get off the RBL, and get the mail delivered.

However, if $RBLSMTPD begins with a hyphen, rblsmtpd removes the hyphen and uses a 553 error code. This tells legitimate clients to bounce the message immediately.

There are several error-handling options for RBL lookups:

-B
(Default.) Use a 451 error code for IP addresses listed in the RBL.

-b
Use a 553 error code for IP addresses listed in the RBL.

-C
(Default.) Handle RBL lookups in a ``fail-open'' mode. If an RBL lookup fails temporarily, assume that the address is not listed; if an anti-RBL lookup fails temporarily, assume that the address is anti-listed. Unfortunately, a knowledgeable attacker can force an RBL lookup or an anti-RBL lookup to fail temporarily, so that his mail is not blocked.

-c
Handle RBL lookups in a ``fail-closed'' mode. If an RBL lookup fails temporarily, assume that the address is listed (but use a 451 error code even with -b). If an anti-RBL lookup fails temporarily, assume that the address is not anti-listed (but use a 451 error code even if a subsequent RBL lookup succeeds with -b). Unfortunately, this sometimes delays legitimate mail.

-w delay
Use delay for adding a delay after the SMTP client has initiated the SMTP session and before qmail-smtpd answers with "220 ESMTP"

-W
The delay is control via the environment variable GREETDELAY, which is typically set by means of tcpserver's rule-set file.

NOTES

rblsmtpd constructs address scheme, from the incoming IP address TCPREMOTEIP, in inverse nibble format, depending on the setting of PROTO. If PROTO=TCP the standard inverse IPv4 address scheme is used, whereas in case of PROTO=TCP6 the IPv6 inverse nibble format is computed based on the expanded IPv6 address:

The default greeting rblsmtpd.greeting can be changed by setting the RBLGREETING environment variable.

You can make rblsmtpd respond to ehlo with a dummy output by setting RBLEHLO environment variable.

fe80::1 => 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.(tld)

rblsmtpd recognizes IPv4-mapped IPv6 addresses and strips the IPv6 prefix piror to build the IPv4 inverse address for the RBL lookup.

The following rbl sites can be typically used bl.spamcop.net, zen.spamhaus.org, cbl.abuseat.org, dnsbl.njabl.org and list.dsbl.org

SEE ALSO

tcpserver(1), tcprules(1), tcprulescheck(1), fixcrio(1), recordio(1), rblsmtpd(1), tcpclient(1), who@(1), date@(1), finger@(1), http@(1), tcpcat(1), mconnect(1), tcp-environ(5), http://cr.yp.to/ucspi-tcp.html

Clone this wiki locally