[rbldnsd] The basics - help

Steve E. Mosher steve at moshtech.com
Thu Feb 15 05:10:54 MSK 2007 

> 
> Steve E. Mosher wrote:
> > Hi folks,
> >
> > I just have a couple questions and I am currently trying to pin
point if
> > I'm doing this correctly.
> >
> > The scenario and setups are as follows.
> >
> > This is a Gentoo Linux distro.
> > BIND version 9.4.0
> > rbldnsd version 0.996
> > Postfix version 2.3.7
> >
> > Sample of named.conf ...
> >
> > Seeting up a forward of each CIDR ip pool based on country.
> >
> > zone "AE.blocked.rbl" IN { ...
> > zone "AF.blocked.rbl" IN { ...
> > zone "AG.blocked.rbl" IN { ...
> 
> That's.. alot of zones ;)

Correct it is A TON of zones.  I was practicing concept.


> 
> > -----------------------------------------
> >
> > Sample of RBLDNSD config file ...
> >
> > OPTIONS="-r/var/lib/rbldns -b 127.0.0.1/530 -p/var/run/rbldnsd.pid \
> > AE.blocked.rbl:ip4set:AE \
> > AF.blocked.rbl:ip4set:AF \
> > AG.blocked.rbl:ip4set:AG \
> > AI.blocked.rbl:ip4set:AI \
> > AL.blocked.rbl:ip4set:AL \
> > AM.blocked.rbl:ip4set:AM \
> >
> > Based on country ....
> >
> > Sample of the files needed with CIDR format ip pools.
> >
> > :127.0.0.2:AD. $ is BLOCKED from this MAILSERVER
> > 85.94.160.0/19
> > 194.158.64.0/19
> >
> > -----------------------------------------
> >
> > Sample of main.cf for postfix.
> >
> > smtpd_recipient_restrictions =
> >         check_recipient_access hash:/etc/postfix/filtered_domains,
> >         permit_mynetworks,
> >         reject_rbl_client AE.blocked.rbl,
> >         reject_rbl_client AF.blocked.rbl,
> >         reject_rbl_client AG.blocked.rbl,
> >         reject_rbl_client AI.blocked.rbl,
> >         reject_rbl_client AL.blocked.rbl,
> >         reject_rbl_client AM.blocked.rbl,
> >         reject_rbl_client AN.blocked.rbl,
> >         reject_rbl_client AO.blocked.rbl,
> >         .................
> 
> And I wonder what's the purpose of all this separations.
> Why not list all the countries you don't need mail from (including .RU
> I suppose?) in a SINGLE zone, say, by-country.blocked.rbl?
> 
> Like this:
> 
>  rbldnsd ...
>    by-country.blocked.rbl:ip4set:AE,AF,AG,...
> 
> ?

This is the option I'm leaning towards at this time.

> 
> > I'm just trying to figure out if I'm getting this down right or not.
> 
> It depends on what you want to achieve.
> 
> > I seem to have issues with (I think) not picking up some of the
country
> > like per say the UK codes.  They are still getting thru.  I'm just
> 
> Please provide an example of what you think should be blocked but
isn't -
> together with the relevant data from the files (enclosing IP range
etc).
> 
> > trying to get a grasp on if my approach is correct.  Any advice
would be
> > greatly appreciated.  If anyone needs more info I can provide that.
> 
> But I still fail to see how blocking email by-country can help in the
> first
> place.  Yes, for a home mailserver which only communicates with a few
> friends that may be useful, but in that context using WHITElist
instead
> of a BLACKlist is way simpler (just add a list of allowed addresses
and
> block the rest).

This is just concept.  And the scripts I wrote to grep the CIDR pools
lined it up pretty good.  

--Mosher

> 
> /mjt
> _______________________________________________
> rbldnsd mailing list
> rbldnsd at corpit.ru
> http://www.corpit.ru/mailman/listinfo/rbldnsd

More information about the rbldnsd mailing list