Rbl-add-ip: Difference between revisions

From Lundman Wiki
No edit summary
mNo edit summary
Line 60: Line 60:
  define(`DNSBL_MAP', `dns -R A -a. -r2 -d3')dnl
  define(`DNSBL_MAP', `dns -R A -a. -r2 -d3')dnl
  dnl FEATURE(dnsbl,`rbl.domain.com')dnl
  dnl FEATURE(dnsbl,`rbl.domain.com')dnl
  FEATURE(`dnsbl', `rbl.domain.com', `$&{client_addr}": "$>GetTXT $&{client_addr} $| rbl.domain.com $| $(dequote "Address " $&{client_addr} " blocked by rbl.domain.com" $)')
  FEATURE(`dnsbl', `rbl.domain.com', `$
LOCAL_CONFIG
KDNSTXT dns -R TXT
LOCAL_RULESETS
# Pass in $&{client_addr} $| txt-lookup.dom.ain $| default-text
SGetTXT
R$-.$-.$-.$- $| $+ $| $+        $: $(DNSTXT $4.$3.$2.$1.$5 $: $6 $)
 
Watch out for the '''TAB''' in the last line!
 
 
Currently, our RBL are as follows:
 
-rw-rw-rw-  1 root    other    8785887232 Nov  2 09:16 DLZ.dnsdata.db
530327  Number of hash buckets.
18,178,801 IPs in the Database.

Revision as of 18:17, 10 April 2007

rbl_add_ip.pl

Newer version exists that fixes the Clean code. Fix me

For our RBL implementation at work, we went with a [DLZ] named, initially using the "file system" driver (proof of concept) then change to a BDBHPT driver. The latest patches are here [[1]] .

To create the BDB files, add/remove/list IP's we wrote this perl script. 

 [rbl_add_ip.pl] 2006-11-02

Download the script and change the path location of your DBD's and DB environment home. To initially create your BDB files use: 

 ./rbl_add_ip.pl -Z

But you do not want to run that on a live system, it will erase your BDB files.

Other uses are: 

# ./rbl_add_ip 123.2.12.3
# ./rbl_add_ip -d 123.2.12.3
# ./rbl_add_ip 12.22.22.34 "550 You sent too much spam, you suck."
# ./rbl_add_ip -D 86400

The default message is: 

450 You have been blocked for sending SPAM or similar.

which is a little tame, but the 450 message has saved me already. (Real servers queue the emails when some servers were added by mistake).

The whitelist file is a file of perl regular expressions on each line. For example: 

^127.0.0.1$
^192.168.
.your.domain.com$

The current list of RBL codes (is this current? It was not easy to find) 

       "127.0.0.2"=>"UCE",
       "127.0.0.3"=>"Fraud",
       "127.0.0.4"=>"Spam Promo",
       "127.0.0.5"=>"Illegal Content",
       "127.0.0.6"=>"Pre-emptive",
       "127.0.0.7"=>"Improper List Practices"
       "127.0.0.8"=>"Botnet Activity / Malware"

Where rbl_add_ip.pl will use "2" unless otherwise specified.

The named.conf entry we use here, is for a Concurrant DLZ bdbhpt setup: 

dlz "bdbhpt zone" { database "bdbhpt C /etc/ns DLZ.dnsdata.db"; };

Please note that "/etc/ns" and "DLZ.dnsdata.db" entries here, has to match the setting in rbl_add_ip.pl for $dbenvpath and $dbfilename.

There is currently an idea of temporary vs permanent additions. If you use the -p switch when adding an IP to RBL, it will be added permanently. The only difference is in the records TTL. However, using the -D <age> option, rbl_add_ip.pl will clean out entries that are temporary and older than <age> (in seconds). That way you can put an IP in the penalty box for, say, 24 hours. (-D 86400). If you do not use the -D option, all entries stay in the BDB until you use the -d option to delete them.

For sendmail, we add this code: 

# cat rbl.m4
FEATURE(`delay_checks')
define(`DNSBL_MAP', `dns -R A -a. -r2 -d3')dnl
dnl FEATURE(dnsbl,`rbl.domain.com')dnl
FEATURE(`dnsbl', `rbl.domain.com', `$
Retrieved from "http://lundman.net/wiki/index.php?title=Rbl-add-ip&oldid=2006"