rblsmtpd

Section: User Commands (1)
Index Return to Main Contents
 

NAME

rblsmtpd - block emails from RBL-listed sites and unwanted sources  

SYNOPSIS

rblsmtpd opts prog  

DESCRIPTION

rblsmtpd works with any SMTP server that can run under tcpserver or sslserver It accepts a series of getopt-style options opts while prog consists of one or more arguments.

Normally rblsmtpd runs prog. prog is expected to carry out an SMTP conversation to receive incoming emails.

However, rblsmtpd does not invoke prog if it is told to block emails from this client. Instead it carries out its own limited SMTP conversation, temporarily rejecting all attempts to send an email. Meanwhile it prints one line on descriptor 2 to log its activity.

rblsmtpd drops the limited SMTP conversation after 60 seconds, even if the client has not quit by then.  

RBL LOOKUP OPTIONS

-t n
Change the timeout to n seconds. Blocked clients If the RBLSMTPD environment variable is set and is nonempty, rblsmtpd blocks emails. It uses RBLSMTPD as an error message for the client. Normally rblsmtpd runs under tcpserver or better sslserver and you can use tcprules to set RBLSMTPD for selected clients.

If RBLSMTPD is set and is empty, rblsmtpd does not block emails.

If RBLSMTPD is not set, rblsmtpd looks up TCP6REMOTEIP/TCPREMOTEIP in the RBL and blocks emails if either TCP6REMOTEIP or TCPREMOTEIP is listed here. tcpserver and sslserver set up TCP6REMOTEIP or TCPREMOTEIP as the IP address of the remote host.

-r base
Use base as an RBL source. An IPv4 address a.b.c.d is listed by that source if d.c.b.a.base has a TXT record. An IPv6 address is expanded in its inverse nibble format. rblsmtpd uses the contents of the TXT record as an error message for the client.
-a base
Use base as an anti-RBL source. An IPv4 address a.b.c.d is anti-listed by that source if d.c.b.a.base has an A record. In this case rblsmtpd does not block emails. The same holds for IPv6 addresses (see below) and a corresponding AAAA record. You may supply any number of -r and -a options. rblsmtpd tries each source in turn until it finds one that lists or anti-lists according to TCP6REMOTEIP or TCPREMOTEIP.

If you want to run your own RBL source or anti-RBL source for rblsmtpd, you can use rbldns from the djbdnscurve6 package.

 

SMTP REPLIES

Normally, if RBLSMTPD is set, rblsmtpd uses a 451 error code in it's limited SMTP conversation. This tells legitimate clients to try again later. It gives innocent relay operators a chance to see the problem, prohibit relaying, get off the RBL, and get the email delivered.

However, if RBLSMTPD begins with a hyphen ('-'), rblsmtpd removes the hyphen and uses a 553 error code together with the message. This tells legitimate clients to bounce the email immediately.

There are several error-handling options for RBL lookups:

-B
(Default.) Use a 451 error code for IP addresses listed in the RBL.
-b
Use a 553 error code for IP addresses listed in the RBL.
-C
(Default.) Handle RBL lookups in a ``fail-open'' mode. If an RBL lookup fails temporarily, assume that the address is not listed; if an anti-RBL lookup fails temporarily, assume that the address is anti-listed. Unfortunately, a knowledgeable attacker can force an RBL lookup or an anti-RBL lookup to fail temporarily, so that his email is not blocked.
-c
Handle RBL lookups in a ``fail-closed'' mode. If an RBL lookup fails temporarily, assume that the address is listed (but use a 451 error code even with -b). If an anti-RBL lookup fails temporarily, assume that the address is not anti-listed (but use a 451 error code even if a subsequent RBL lookup succeeds with -b). Unfortunately, this sometimes delays legitimate emails.
 

INTERROGATION MODE

rblsmtpd may be used to only query RBLs and to present the results to qmail-smtpd in an interrogation mode.
-i
interrogation mode; the RBL information is written on descriptor 2 and available via the environment variable RBLSMTPD for further decisions.
 

GREETDELAY OPTIONS

Introduce a certain delay in the SMTP connection; either before or after the RBL, the anti-RBL lookups respectively, depending whether this option is defined before or after the lookups.
-w n
provides a delay of 'n' seconds for all connections.
-W
evaluate the environment variable GREETDELAY and potentially delays the call to prog.
 

IPv4/IPv6 INVERSE NIBBLE FORMAT

rblsmtpd constructs from the provided IP address TCP6REMOTEIP/TCPREMOTEIP the respective inverse nibble format concatenated with the base name and thus constructing the inverse domain name. Here is a sample for IPv6:
fe80::1 => 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.(base) rblsmtpd recognizes IPv4-mapped IPv6 addresses and strips the IPv6 prefix piror to build the IPv4 inverse address for the RBL lookup.
 

SEE ALSO

sslserver(1), tcpserver(1), tcprules(1), tcprulescheck(1), tcp-environ(5).


 

Index

NAME
SYNOPSIS
DESCRIPTION
RBL LOOKUP OPTIONS
SMTP REPLIES
INTERROGATION MODE
GREETDELAY OPTIONS
IPv4/IPv6 INVERSE NIBBLE FORMAT
SEE ALSO

This document was created by man2html, using the manual pages.
Time: 13:39:03 GMT, July 14, 2025