Rbl-add-ip

From Lundman Wiki
Jump to: navigation, search

rbl_add_ip.pl

Newer version exists that fixes the Clean code. Fix me

For our RBL implementation at work, we went with a [DLZ] named, initially using the "file system" driver (proof of concept) then change to a BDBHPT driver. The latest patches are here [[1]] . Patches are no longer required, as DLZ is now distributes with the BIND sources.


To create the BDB files, add/remove/list IP's we wrote this perl script.

 [rbl_add_ip.pl] 2006-11-02

Download the script and change the path location of your DBD's and DB environment home. To initially create your BDB files use:

 ./rbl_add_ip.pl -Z

But you do not want to run that on a live system, it will erase your BDB files.

Other uses are:

# ./rbl_add_ip 123.2.12.3
# ./rbl_add_ip -d 123.2.12.3
# ./rbl_add_ip 12.22.22.34 "550 You sent too much spam, you suck."
# ./rbl_add_ip -D 86400

The default message is:

450 You have been blocked for sending SPAM or similar.

which is a little tame, but the 450 message has saved me already. (Real servers queue the emails when some servers were added by mistake).

The whitelist file is a file of perl regular expressions on each line. For example:

^127.0.0.1$
^192.168.
.your.domain.com$

The current list of RBL codes (is this current? It was not easy to find)

       "127.0.0.2"=>"UCE",
       "127.0.0.3"=>"Fraud",
       "127.0.0.4"=>"Spam Promo",
       "127.0.0.5"=>"Illegal Content",
       "127.0.0.6"=>"Pre-emptive",
       "127.0.0.7"=>"Improper List Practices"
       "127.0.0.8"=>"Botnet Activity / Malware" 

Where rbl_add_ip.pl will use "2" unless otherwise specified.

The named.conf entry we use here, is for a Concurrant DLZ bdbhpt setup:

dlz "bdbhpt zone" { database "bdbhpt C /etc/ns DLZ.dnsdata.db"; };

Please note that "/etc/ns" and "DLZ.dnsdata.db" entries here, has to match the setting in rbl_add_ip.pl for $dbenvpath and $dbfilename.

There is currently an idea of temporary vs permanent additions. If you use the -p switch when adding an IP to RBL, it will be added permanently. The only difference is in the records TTL. However, using the -D <age> option, rbl_add_ip.pl will clean out entries that are temporary and older than <age> (in seconds). That way you can put an IP in the penalty box for, say, 24 hours. (-D 86400). If you do not use the -D option, all entries stay in the BDB until you use the -d option to delete them.

For sendmail, we add this code:

# cat rbl.m4
FEATURE(`delay_checks')
define(`DNSBL_MAP', `dns -R A -a. -r2 -d3')dnl
dnl FEATURE(dnsbl,`rbl.domain.com')dnl
FEATURE(`dnsbl', `rbl.domain.com', `$