SYNOPSIS
rblsmtpd opts prog
DESCRIPTION
rblsmtpd works with any SMTP server that can run under tcpserver or
sslserver It accepts a series of getopt-style options opts while prog
consists of one or more arguments.
Normally rblsmtpd runs prog. prog is expected to carry out an SMTP
conversation to receive incoming emails.
However, rblsmtpd does not invoke prog if it is told to block emails
from this client. Instead it carries out its own limited SMTP
conversation, temporarily rejecting all attempts to send an email.
Meanwhile it prints one line on descriptor 2 to log its activity.
rblsmtpd drops the limited SMTP conversation after 60 seconds, even if
the client has not quit by then.
RBL LOOKUP OPTIONS
-t n Change the timeout to n seconds.
Blocked clients
If the RBLSMTPD environment variable is set and is nonempty, rblsmtpd
blocks emails. It uses RBLSMTPD as an error message for the client.
Normally rblsmtpd runs under tcpserver or better sslserver and you can
use tcprules to set RBLSMTPD for selected clients.
If RBLSMTPD is set and is empty, rblsmtpd does not block emails.
If RBLSMTPD is not set, rblsmtpd looks up TCP6REMOTEIP/TCPREMOTEIP in
the RBL and blocks emails if either TCP6REMOTEIP or TCPREMOTEIP is
listed here. tcpserver and sslserver set up TCP6REMOTEIP or
TCPREMOTEIP as the IP address of the remote host.
-r base
Use base as an RBL source. An IPv4 address a.b.c.d is listed by
that source if d.c.b.a.base has a TXT record. An IPv6 address
is expanded in its inverse nibble format. rblsmtpd uses the
contents of the TXT record as an error message for the client.
-a base
Use base as an anti-RBL source. An IPv4 address a.b.c.d is anti-
listed by that source if d.c.b.a.base has an A record. In this
case rblsmtpd does not block emails. The same holds for IPv6
addresses (see below) and a corresponding AAAA record.
You may supply any number of -r and -a options. rblsmtpd tries each
source in turn until it finds one that lists or anti-lists according to
TCP6REMOTEIP or TCPREMOTEIP.
-B (Default.) Use a 451 error code for IP addresses listed in the
RBL.
-b Use a 553 error code for IP addresses listed in the RBL.
-C (Default.) Handle RBL lookups in a ``fail-open'' mode. If an
RBL lookup fails temporarily, assume that the address is not
listed; if an anti-RBL lookup fails temporarily, assume that the
address is anti-listed. Unfortunately, a knowledgeable attacker
can force an RBL lookup or an anti-RBL lookup to fail
temporarily, so that his email is not blocked.
-c Handle RBL lookups in a ``fail-closed'' mode. If an RBL lookup
fails temporarily, assume that the address is listed (but use a
451 error code even with -b). If an anti-RBL lookup fails
temporarily, assume that the address is not anti-listed (but use
a 451 error code even if a subsequent RBL lookup succeeds with
-b). Unfortunately, this sometimes delays legitimate emails.
INTERROGATION MODE
rblsmtpd may be used to only query RBLs and to present the results to
qmail-smtpd in an interrogation mode.
-i interrogation mode; the RBL information is written on descriptor
2 and available via the environment variable RBLSMTPD for
further decisions.
GREETDELEY OPTIONS
Introduce a certain delay in the SMTP connection; either before or
after the RBL, the anti-RBL lookups respectively, depending whether
this option is defined before or after the lookups.
-w n provides a delay of 'n' seconds for all connections.
-W evaluate the environment variable GREETDELAY and potentially
delay the call to qmail-smtpd.
IPv4/IPv6 INVERSE NIBBLE FORMAT
rblsmtpd constructs from the provided IP address
TCP6REMOTEIP/TCPREMOTEIP the respective inverse nibble format
concatenated with the base name and thus constructing the inverse
domain name. Here is a sample for IPv6:
fe80::1 =>
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.(base)
rblsmtpd recognizes IPv4-mapped IPv6 addresses and strips the IPv6
prefix piror to build the IPv4 inverse address for the RBL lookup.
SEE ALSO
sslserver(1), tcpserver(1), tcprules(1), tcprulescheck(1),
tcp-environ(5).
Man(1) output converted with
man2html