Blacklists

From QmailToaster
Jump to navigation Jump to search

A DNS-based Blackhole List (DNSBL, also known as Real-time Blackhole List or RBL), is a means by which an Internet site may publish a list of IP addresses in a format that can be easily queried by mail servers on the Internet. These addresses are those of known spammers or open relays, which are places from which you do not want to receive email. If an email comes from one of these addresses, it can be rejected as spam. There is a Wikipedia entry on how this works (thanks to Erik Espinoza).

QmailToaster can use such blacklists to reject spam email up front in the SMTP dialogue, saving bandwidth and other resources. The list of blacklists it will consult is in /var/qmail/control/blacklists.

By default this list looks like this:

  -r sbl.spamhaus.org

You can add other black lists just by adding a space, a -r, a space and the name of another server you want to check. Note that they are all on the same line and not on separate lines.

Here is a suggested list of somewhat "safe" blacklists:

   -r zen.spamhaus.org -r list.dsbl.org -r combined.njabl.org

Note from Quinn: I removed cbl.abuseat.org because it is included as part of the zen list, and bl.spamcop.net because many people are finding unacceptable levels of false-positives"false positives". zen.spamhaus.org replaces sbl-xbl.spamhaus.org. Removed relays.ordb.org because they are closing operations on 18 Dec 2006. Note from Espinoza: I removed sorbs as too many false positives are on there. I added njabl.org in it's place. Jan 08 2007

Be careful about which blacklists you use. Some of them reject mail from hotmail.com. Others are a bit less restrictive and are better used with a decent SpamAssassin configuration.

The Intra2net Blacklist Monitor compares the accuracy of over 40 blacklists. SpamLinks has a large list of blacklists for comparison.

If you have RBLs enabled at the SMTP level in this manner, you may still want to use the RBLs in SpamAssassin too, since SMTP checks the address which is delivering the email, while SpamAssassin checks the mail routing chain, which will catch spam that is delivered via any number of relays.

You will likely also want to use SURBL in SpamAssassin, which scans the body for spammy URI's, something that can't be done at the SMTP level.


If you want to check to see which BLs an IP address is listed on, you can visit the Multi-RBL check web site.


If you want to whitelist an IP address from these blacklists you can modify /etc/tcprules.d/tcp.smtp, adding a line like this:

192.168.1.:allow,RBLSMTPD="",DKSIGN="/var/qmail/control/domainkeys/%/private"

changing 192.168.1. to the IPaddress or ip block you want to allow. Specifying RBLSMTPD="" disables rblsmtpd processing for the specified IP block/address. See "man rblsmtpd" for more detail.

When you are finished with your edit, compile the rules into the cdb like this:

tcprules tcp.smtp.cdb tcp.smtp.tmp < tcp.smtp


Or for current versions of QMT:

qmailctl cdb