rblsmtpd - Defer and/or block mail from RBL-listed sites and unwanted sources
Purpose
rblsmtpd is a minimalistic SMTP email server, faking an email sessions while doing some (DNS) lookups for Relay Black List and Relay White List servers and responding to the connecting client or calling the main (E)SMTPD server, typically qmail-smtpd.
rblsmtpd is additional able to defer the SMTP connection for a defined time period, called Greedelay. Further, RBL decisions may be forwarded to the called program in interrogation mode.
The way rblsmtpd operates depends on the contents of the envrionment variables RBLSMTPD and GREETDELAY.
Feeding rblsmtpd with connection information
In order to operate, rblsmtpd needs to receive IP and DNS information for the SMTP connection it is called for. While historically inetd or xinetd is used, a typical choice would be
Both servers can be adviced to populate the required environment variables TCPREMOTEIP and TCP6REMOTEIP per connection and potentially do a DNS lookup for TCPREMOTEHOST for this very SMTP connection.
From the given TCPREMOTEIP and TCP6REMOTEIP information rblsmtpd constructs the 'reverse IP name' for the lookup in the RBL/white list, even for IPv6 addresses.
Setting up black or white lists
Upon call, rblsmtpd can be instructed to contact several RLB or white list sources in 'fail-open' or 'fail-close' mode:
- -r base
Use base as an RBL source. An IP address a.b.c.d is listed by that source if d.c.b.a.base has a TXT record. rblsmtpd uses the contents of the TXT record as an error message for the client. - -a base
Use base as an anti-RBL source. An IP address a.b.c.d is anti-listed by that source if d.c.b.a.base has an A record. In this case rblsmtpd does not block mail.
Any number of -r and -a options may be supplied. rblsmtpd tries each source in turn until it finds one that lists or anti-lists for TCPREMOTEIP.
If you want to run your own RBL or anti-RBL source for rblsmtpd, you can use rbldns from the DJBDNSCurve6 package.
Triggering activation of rblsmtpd
rblsmtpd's activity is triggered by two different environment variables:
- RBLSMTP: Causing RBL lookup, defining response mode, and providing response information.
- GREETDELAY: Defining and setting the Greetdelay.
Normally rblsmtpd runs under sslserver or tcpserver and you can use tcprules to set RBLSMTPD and/or GREETDELAY for selected clients:
- Clients can be specified individually per IPv4/IPv6 address, octett-wise for IPv4, or via IP/netprefix; both for IPv4 and IPv6.
- In case DNS lookups are forseen, DNS labels can be used instead.
- Employing DNS lookups, a special choice is '=' saying a DNS response was given.
rblsmtpd with RBLSMTPD set
Given RBLSMTPD, the following behavior of rblsmtpd can be achieved:
- If RBLSMTPD is set and is empty, rblsmtpd does not block mail.
- If the RBLSMTPD environment variable is set and is nonempty, rblsmtpd blocks mail.
rblsmtpd with GREETDELAY
Asking rblsmtpd for greetdelay depends on the follow settings:
- -w n
setting the GREETDELAY value for all connections to n seconds. - -W
reading the GREETDELAY environment variable from tcprules for individual connections (preferred).
rblsmtpd client messages
Apart from triggering rblsmtpd, RBLSMTPD has a combined usage:
- The content of RBLSMTPD is used as an error message for the client.
- If RBLSMTPD starts with a dash '-', a 553 error is given to the client instead the default 451 reply (meaning: 'don't try it again').
The global behavior of rblsmtpd can be given invoking it with the following argument:
- -B (Default.)
Use a 451 error code for IP addresses listed in the RBL. - -b
Use a 553 error code for IP addresses listed in the RBL. - -t n
Change the RBL lookup timeout to n seconds.
rblsmtpd unblocking mode
rblsmtpd if not adviced by RBLSMTPD to reject a SMTP connection simply will call prog to continue with the SMTP dialoge.
Interrogation Mode
rblsmtpd may be used to only query RBLs and to present this to prog in interrogation mode.
- -i
interrogation mode; the RBL information is written on descriptor 2 and available via RBLSMTPD for further decisions.