rblsmtpd
Section: User Commands (1)
Index
Return to Main Contents
NAME
rblsmtpd - block emails from RBL-listed sites and unwanted sources
SYNOPSIS
rblsmtpd
opts
prog
DESCRIPTION
rblsmtpd
works with any SMTP server that can run under
tcpserver
or
sslserver
It accepts a series of getopt-style options
opts
while
prog
consists of one or more arguments.
Normally
rblsmtpd
runs
prog.
prog
is expected to carry out an SMTP conversation to receive incoming emails.
However,
rblsmtpd
does not invoke
prog
if it is told to block emails from this client.
Instead it carries out its own limited SMTP conversation,
temporarily rejecting all attempts to send an email.
Meanwhile it prints one line on descriptor 2 to log its activity.
rblsmtpd
drops the limited SMTP conversation after 60 seconds,
even if the client has not quit by then.
RBL LOOKUP OPTIONS
- -t n
-
Change the timeout to
n
seconds.
Blocked clients
If the
RBLSMTPD
environment variable is set and is nonempty,
rblsmtpd
blocks emails. It uses
RBLSMTPD
as an error message for the client. Normally
rblsmtpd
runs under
tcpserver
or better
sslserver
and you can use
tcprules
to set
RBLSMTPD
for selected clients.
If
RBLSMTPD
is set and is empty,
rblsmtpd
does not block emails.
If
RBLSMTPD
is not set,
rblsmtpd
looks up
TCP6REMOTEIP/TCPREMOTEIP
in the RBL and blocks emails if either
TCP6REMOTEIP
or
TCPREMOTEIP
is listed here.
tcpserver
and
sslserver
set up
TCP6REMOTEIP
or
TCPREMOTEIP
as the IP address of the remote host.
- -r base
-
Use
base
as an RBL source. An IPv4 address
a.b.c.d
is listed by that source if
d.c.b.a.base
has a TXT record.
An IPv6 address is expanded in its inverse nibble format.
rblsmtpd
uses the contents of the TXT record as an error message for the client.
- -a base
-
Use
base
as an anti-RBL source. An IPv4 address
a.b.c.d
is anti-listed by that source if
d.c.b.a.base
has an A record. In this case
rblsmtpd
does not block emails. The same holds for IPv6 addresses (see below)
and a corresponding AAAA record.
You may supply any number of
-r
and
-a
options.
rblsmtpd
tries each source in turn until it finds one that lists or anti-lists
according to
TCP6REMOTEIP
or
TCPREMOTEIP.
If you want to run your own RBL source or anti-RBL source for
rblsmtpd,
you can use
rbldns
from the
djbdnscurve6
package.
SMTP REPLIES
Normally, if
RBLSMTPD
is set,
rblsmtpd
uses a 451 error code in it's limited SMTP conversation.
This tells legitimate clients to try again later.
It gives innocent relay operators a chance to see the problem,
prohibit relaying, get off the RBL, and get the email delivered.
However, if
RBLSMTPD
begins with a hyphen ('-'),
rblsmtpd
removes the hyphen and uses a 553 error code together with the message.
This tells legitimate clients to bounce the email immediately.
There are several error-handling options for RBL lookups:
- -B
-
(Default.) Use a 451 error code for IP addresses listed in the RBL.
- -b
-
Use a 553 error code for IP addresses listed in the RBL.
- -C
-
(Default.) Handle RBL lookups in a ``fail-open'' mode.
If an RBL lookup fails temporarily, assume that the address is not listed;
if an anti-RBL lookup fails temporarily, assume that the address is anti-listed.
Unfortunately, a knowledgeable attacker can force an RBL lookup or an anti-RBL
lookup to fail temporarily, so that his email is not blocked.
- -c
-
Handle RBL lookups in a ``fail-closed'' mode.
If an RBL lookup fails temporarily, assume that the address is listed
(but use a 451 error code even with -b). If an anti-RBL lookup fails temporarily,
assume that the address is not anti-listed (but use a 451 error code even if a
subsequent RBL lookup succeeds with -b). Unfortunately, this sometimes delays legitimate emails.
INTERROGATION MODE
rblsmtpd
may be used to only query RBLs and to present the results to
qmail-smtpd
in an interrogation mode.
- -i
-
interrogation mode; the RBL information is written on descriptor 2 and available
via the environment variable
RBLSMTPD
for further decisions.
GREETDELAY OPTIONS
Introduce a certain delay in the SMTP connection;
either before or after the RBL, the anti-RBL lookups respectively,
depending whether this option is defined before or after the lookups.
- -w n
-
provides a delay of 'n' seconds for all connections.
- -W
-
evaluate the environment variable
GREETDELAY
and potentially delays the call to
prog.
IPv4/IPv6 INVERSE NIBBLE FORMAT
rblsmtpd
constructs from the provided IP address
TCP6REMOTEIP/TCPREMOTEIP
the respective inverse nibble format concatenated with the
base
name and thus constructing the inverse domain name. Here is a sample for IPv6:
-
fe80::1 =>
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.(base)
rblsmtpd
recognizes IPv4-mapped IPv6 addresses
and strips the IPv6 prefix
piror to build the IPv4 inverse address
for the RBL lookup.
SEE ALSO
sslserver(1),
tcpserver(1),
tcprules(1),
tcprulescheck(1),
tcp-environ(5).
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- RBL LOOKUP OPTIONS
-
- SMTP REPLIES
-
- INTERROGATION MODE
-
- GREETDELAY OPTIONS
-
- IPv4/IPv6 INVERSE NIBBLE FORMAT
-
- SEE ALSO
-
This document was created by
man2html,
using the manual pages.
Time: 13:39:03 GMT, July 14, 2025