Re: RBL-type header checking

[Charles Cazabon]

Michael T. Babcock [EMAIL PROTECTED] wrote:
 I've written a filter in Python that scans for Received: lines and
 checks IP addresses found therein against a configurable list of
 RBL type services.  It is in beta stages and definately under
 development, but it is very functional (doesn't crash for me
 anymore).
 
 http://www.fibrespeed.net/code/spamcheck.tar.gz

I get a 404 on /code/ -- but I'm sure this is of interest to some here,
including myself.  Care to post a new URL?

Charles
-- 
---
Charles Cazabon[EMAIL PROTECTED]
GPL'ed software available at:  http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
---

Re: RBL-type header checking

[Ben Beuchler]

On Fri, Jun 08, 2001 at 02:02:23AM -0400, Michael T. Babcock wrote:

 I've written a filter in Python that scans for Received: lines and
 checks IP addresses found therein against a configurable list of
 RBL type services.  It is in beta stages and definately under
 development, but it is very functional (doesn't crash for me
 anymore).
 
 http://www.fibrespeed.net/code/spamcheck.tar.gz

404

-- 
Ben Beuchler   There is no spoon.
[EMAIL PROTECTED]-- The Matrix

Re: RBL-type header checking

[Michael T. Babcock]

  http://www.fibrespeed.net/code/spamcheck.tar.gz
 
 404

Thanks ...

http://www.fibrespeed.net/~mbabcock/code/spamcheck.tar.gz
-- 
Michael T. Babcock
CTO, FibreSpeed

Re: RBL and ORBS

[Scott Gifford]

"Andrew Wafula" [EMAIL PROTECTED] writes:

 Hello,
 
 I was at the ORBS site the other day and I saw that as from 1st Feb 2001
 relays.orbs.org would be deleted.
 
 This may seem dumb but here goes :).
 Now, does it mean that we can no longer use it to check for open
 relays 


  No, they just split it up, to make it easier to pick and choose the
parts of ORBS that you want to use.

  From the same part of the page that says that relays.orbs.org is
going away (http://www.orbs.org/usingindex.html):

* relays.orbs.org is going away and will be deleted by 1 February 2001.
* Manual entries and netblock entries have already been removed
  from relays.orbs.org.
* Use inputs.orbs.org for single stage relay filtering
* Use outputs.orbs.org for immediate filtering of multihop relays.
* Use delayed-outputs.orbs.org for multihop relay filtering using
  a 3-5 day grace period.

and also the experimental zones:

* manual.orbs.org - open relays tested manually and believed to be
  blocking the tester. Return code is 127.0.0.5. Updated: hourly
* spamsources.orbs.org - direct spam sources. Returns
  127.0.0.6. Updated: hourly
* untestable-netblocks.orbs.org - netblocks known to contain open
  relays and which have been proven to be blocking the ORBS tester
  or who have demanded that ORBS not test. Returns
  127.0.0.7. Updated: hourly
* spamsource-netblocks.orbs.org - spam source and support
  netblocks. - Returns 127.0.0.8. Updated: hourly

What this means is that you can configure your rblsmtpd to use:

-routputs.orbs.org

to get only use the actual, verified SPAM relays that ORBS does a good
job of finding, and avoid all of their political bullshit.  

And you can use

-rinputs.orbs.org

on your customers to make sure you don't allow them to send spam
through you as a third-party relay.

On the whole, it should be a good thing, even if you hate ORBS.  Makes
it easier to pick and choose which parts of ORBS you agree with, and
just filter based on them.  And it makes it harder for people to drop
mail that is blocked by the somewhat more biased parts of ORBS (like
spamsource and untestable-netblocks) without realizing that's what
they're doing.

 and if so what replacement do we have?

Although ORBS isn't going anywhere, the RBL (www.mail-abuse.org) does
similar things.

--ScottG.

Re: RBL and ORBS

[Piotr Kasztelowicz]

On 9 Feb 2001, Scott Gifford wrote:

   No, they just split it up, to make it easier to pick and choose the
 parts of ORBS that you want to use.

Also I must add to my blacklist the new ORBS addresses to avoid
to scan smtp of my servers

Thanks for info

Piotr
---
Piotr Kasztelowicz [EMAIL PROTECTED]
[http://www.am.torun.pl/~pekasz]

Re: RBL and ORBS

[Peter van Dijk]

On Fri, Feb 09, 2001 at 08:47:06AM +0100, Piotr Kasztelowicz wrote:
 Hello
 
  This may seem dumb but here goes :).
  Now, does it mean that we can no longer use it to check for open relays and
  if so what replacement do we have?
 
 I had said about the mor free time!!!
 
 But is this really true, that ORBS has been closed permanently?

Not at all. In fact, they are enhancing their service and making it
more clear to users by getting rid of relays.orbs.org and serving a
couple of other zones.

Greetz, Peter.

Re: RBL and ORBS

[Peter van Dijk]

On Fri, Feb 09, 2001 at 12:55:07PM +0100, Piotr Kasztelowicz wrote:
 On 9 Feb 2001, Scott Gifford wrote:
 
No, they just split it up, to make it easier to pick and choose the
  parts of ORBS that you want to use.
 
 Also I must add to my blacklist the new ORBS addresses to avoid
 to scan smtp of my servers

How do you know what the addresses of the ORBS testers are?

Greetz, Peter.

Re: RBL gone crazy?

[Edward S. Marshall]

On Thu, 14 Dec 2000, asantos wrote:
 I think this is interesting for this list:

 http://slashdot.org/yro/00/12/13/1853237.shtml

That's a mail policy issue, not a mail server issue. Consider taking
RBL-related issues to:

[EMAIL PROTECTED]

It's certainly on-topic for that list. It'll certainly do nothing but
worsen the signal-to-noise ratio here.

-- 
Edward S. Marshall [EMAIL PROTECTED]   http://www.nyx.net/~emarshal/
---
[  Felix qui potuit rerum cognoscere causas.  ]

Re: RBL

[Mate Wierdl]

 msci.memphis.edu

This should be relays.msci.memphis.edu.

How did you enter these domains?
Why did you enter both 

dul.maps.vix.com

and

dialups.mail-abuse.org

What is the difference?  

Mate

Re: RBL

[Jon Griffin]

I think I entered the names that I got off of the anti-spam doc on qmail.org.
I could have messed up also, thanks for the corrections.

At 11:32 AM 11/20/00 -0600, Mate Wierdl wrote:
  msci.memphis.edu

This should be relays.msci.memphis.edu.

How did you enter these domains?
Why did you enter both

dul.maps.vix.com

and

dialups.mail-abuse.org

What is the difference?

Mate

Re: rbl users beware: MSN blocked

[Scott D. Yelich]

On Wed, 15 Nov 2000, Jon Rust wrote:
 Just got a call from an angry MSN user.
   http://www.internetnews.com/isp-news/article/0,,8_512791,00.html
 jon

It's too bad that companies can't set up two systems... one for people
who don't want to receive this spam crap and one for customers who lack
clue.

Amen for blocking MSN.

Scott

Re: rbl users beware: MSN blocked

[Bruce Guenter]

On Wed, Nov 15, 2000 at 06:58:30PM -0700, Scott D. Yelich wrote:
 It's too bad that companies can't set up two systems... one for people
 who don't want to receive this spam crap and one for customers who lack
 clue.

As well as us who actually want to collect spam (for research and
investigation purposes):  http://em.ca/~bruceg/spam/
-- 
Bruce Guenter [EMAIL PROTECTED]   http://em.ca/~bruceg/

 PGP signature

RE: RBL

[Dave Sill]

Dave Gresham [EMAIL PROTECTED] wrote:

Not sure about anyone else, however this is about the 30th time I have
received
this message.

Hmm. I only sent it once. :-) Is the message ID the same? Do the
Received fields show any unexpected hops? Anyone else seeing these
dupes?

-Dave

-Original Message-
From: Dave Sill [mailto:[EMAIL PROTECTED]]
Sent: Friday, October 20, 2000 8:05 AM
To: [EMAIL PROTECTED]
Subject: Re: RBL


Mike Jimenez [EMAIL PROTECTED] wrote:

First I did this setup and it did not work .
tcpserver -p -v -x/etc/tcp.smtp.cdb -u1007 -g1007 0 25 \
rblsmtpd qmail-smtpd 21 | setuser qmaill accustamp | \
setuser qmaill cyclog \
-s100 -n5 /var/log/qmail/qmail-smtpd

[root@black(/var/log)]: smstart
[x] starting: qmail-pop3, /etc/rc.d/init.d/sendmail: setuser: command
not found
/etc/rc.d/init.d/sendmail: setuser: command not found

accustamp, setuser, and cyclog are from an older version of
daemontools. You should read the documentation for the current version 
of daemontools[1] and convert your script to the new commands
setuidgid and multilog. LWQ's example[2] might help.

-Dave

Footnotes: 
[1]  http://cr.yp.to/daemontools.html

[2]  http://Web.InfoAve.Net/~dsill/lwq.html#rblsmtpd

-Dave

Re: RBL

[Dave Sill]

Mike Jimenez [EMAIL PROTECTED] wrote:

First I did this setup and it did not work .
tcpserver -p -v -x/etc/tcp.smtp.cdb -u1007 -g1007 0 25 \
rblsmtpd qmail-smtpd 21 | setuser qmaill accustamp | \
setuser qmaill cyclog \
-s100 -n5 /var/log/qmail/qmail-smtpd

[root@black(/var/log)]: smstart
[x] starting: qmail-pop3, /etc/rc.d/init.d/sendmail: setuser: command
not found
/etc/rc.d/init.d/sendmail: setuser: command not found

accustamp, setuser, and cyclog are from an older version of
daemontools. You should read the documentation for the current version 
of daemontools[1] and convert your script to the new commands
setuidgid and multilog. LWQ's example[2] might help.

-Dave

Footnotes: 
[1]  http://cr.yp.to/daemontools.html

[2]  http://Web.InfoAve.Net/~dsill/lwq.html#rblsmtpd

Re: RBL... Hmmm...

[Duane L.]

Believe me, I've been very tempted to blackhole .jp, .kr and don't forget
.co.uk or .it but then I realized, for the most port the spam originates
from the U.S. and uses an open relay in these countries to spam.

I think the long term goal is to educate the admins of these foreign
domains. A good way to do that is get them listed in RBL, RSS and DUL.
If sending to your domain is important to them, then they'll be prompted
to secure their relaying systems. If they do not secure them, then all
RBL/DUL/RSS users benefit.

Meanwhile, ISPs who catch their customers spamming could apply surcharges,
fines and labor costs to the spammers credit card. Sure, they'll never
collect, but the spammer won't have credit or a valid credit card to open
a new account elsewhere, and spam again.  In other words, hit em where it
hurts.
... and remeber what the first W stands for in "www"


ciao
Duane

 On Mon, 18 Sep 2000, Ben Beuchler wrote:

 /me digs through the rblsmtpd entries in his log after enabling RSS and
 DUL...
 
 Hmmm... It seems I could have saved a ton of trouble by just blackholing
 all of .jp and .kr!  Heh heh...  Anyone tried that?
 
 Ben
 
 -- 
 Ben Beuchler [EMAIL PROTECTED]
 MAILER-DAEMON (612) 321-9290 x101
 Bitstream Underground   www.bitstream.net
 

Duane L - [EMAIL PROTECTED] -

  

Re: RBL checks and header modification

[Robin S. Socha]

* Michael T Babcock [EMAIL PROTECTED] writes:
 Does anyone have a program that does the checks rblsmtpd does, except
 that it allows the modification of the message header instead of
 blocking the mail?

Procmail, preferably in conjunction with rblcheck:
http://www.procmail.org/jari/pm-tips-body.html
-- 
Robin S. Socha http://socha.net/

Re: RBL/MAPS/DUL etc. without rblsmtpd?

[Petr Novotny]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 30 Aug 2000, at 8:24, John Gonzalez/netMDC admin wrote:

 Am i to understand that rblsmtpd's devlopment has ceased? I think
 DJB's page says some mention of that, and also instructs that the
 functionality has been introduced into tcpserver now.

You're reading it wrong. It says that rblsmtpd became part of
ucspi-tcp package, not of tcpserver. Get the newest ucspi-tcp from 
http://cr.yp.to/ucspi-tcp.html and when you build the programs, 
rblsmtpd gets built, too.

-BEGIN PGP SIGNATURE-
Version: PGP 6.5.2 -- QDPGP 2.61a
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBOa0MpFMwP8g7qbw/EQIeCwCeISpDc9PqtjQ5X7T1yhFm1KziuH4AoLCK
1MRn3AB81jPQ7emD89XZuYj1
=4DGc
-END PGP SIGNATURE-
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
 [Tom Waits]

Re: RBL/MAPS/DUL etc. without rblsmtpd?

[John Gonzalez/netMDC admin]

On Wed, 30 Aug 2000, Petr Novotny wrote:

| -BEGIN PGP SIGNED MESSAGE-
| Hash: SHA1
| 
| On 30 Aug 2000, at 8:24, John Gonzalez/netMDC admin wrote:
| 
|  Am i to understand that rblsmtpd's devlopment has ceased? I think
|  DJB's page says some mention of that, and also instructs that the
|  functionality has been introduced into tcpserver now.
| 
| You're reading it wrong. It says that rblsmtpd became part of
| ucspi-tcp package, not of tcpserver. Get the newest ucspi-tcp from 
| http://cr.yp.to/ucspi-tcp.html and when you build the programs, 
| rblsmtpd gets built, too.

Ah :) no wonder i cant find any information on anything but rblsmtpd
:) I thought perhaps everybody was being lazy and hadnt switched over to
the 'new method' yet :)


-- 
  ___   _  __   _  
__  /___ ___    /__  John Gonzalez/Net.Tech
__  __ \ __ \  __/_  __ `__ \/ __  /_  ___/ MDC Computers/netMDC!
_  / / / `__/ /_  / / / / / / /_/ / / /__ (505)439-0200/fax-437-3052
/_/ /_/\___/\__/ /_/ /_/ /_/\__,_/  \___/ http://www.netmdc.com
[-[system info]---]
  8:30am  up 111 days, 14:33,  3 users,  load average: 0.11, 0.13, 0.13

Re: RBL/MAPS/DUL etc. without rblsmtpd?

[Timothy L. Mayo]

You misunderstood the statement.  rblsmtpd is now part of the ucspi-tcp
package.  See: http://cr.yp.to/ucspi-tcp.html

On Wed, 30 Aug 2000, John Gonzalez/netMDC admin wrote:

 Am i to understand that rblsmtpd's devlopment has ceased? I think DJB's
 page says some mention of that, and also instructs that the functionality
 has been introduced into tcpserver now.
 
 LWQ still makes mention of using rblsmtpd, and i'm trying to set this up
 on a new server i'm toying with. Anybody know any good instructions on
 setting these black hole lists up with tcpserver?
 
 -- 
   ___   _  __   _  
 __  /___ ___    /__  John Gonzalez/Net.Tech
 __  __ \ __ \  __/_  __ `__ \/ __  /_  ___/ MDC Computers/netMDC!
 _  / / / `__/ /_  / / / / / / /_/ / / /__ (505)439-0200/fax-437-3052
 /_/ /_/\___/\__/ /_/ /_/ /_/\__,_/  \___/ http://www.netmdc.com
 [-[system info]---]
   8:20am  up 111 days, 14:23,  2 users,  load average: 0.06, 0.10, 0.13
 
 

-
Timothy L. Mayo mailto:[EMAIL PROTECTED]
Senior Systems Administrator
localconnect(sm)
http://www.localconnect.net/

The National Business Network Inc.  http://www.nb.net/
One Monroeville Center, Suite 850
Monroeville, PA  15146
(412) 810- Phone
(412) 810-8886 Fax

Re: RBL list

[Henry Baragar]

Tonino,

The RBL uses DNS, so if your DNS server is local then it is caching copies
of the RBL list locally.

Henry

TAG wrote:

 Hi,

 Is there a way of keeping a local copy of the RBL lists and using those
 instead of trying to get it from the remote site - should this not speed
 things up - I also know that the list is updated all the time - but can
 some of you peoples please comment...

 Thanks

 Tonino


begin:vcard 
n:Baragar;Henry
tel;cell:416-453-5626
tel;work:416-453-5626
x-mozilla-html:TRUE
url:www.instantiated.on.ca
org:Instantiated Software Inc.
adr:;;130 Banff Road;Toronto;Ontario;M4P 2P5;Canada
version:2.1
email;internet:[EMAIL PROTECTED]
title:Principal
fn:Henry Baragar
end:vcard

 S/MIME Cryptographic Signature

Re: RBL list

[TAG]

Henry Baragar wrote:
 
 Tonino,
 
 The RBL uses DNS, so if your DNS server is local then it is caching copies
 of the RBL list locally.
 
 Henry
 
 TAG wrote:
 
  Hi,
 
  Is there a way of keeping a local copy of the RBL lists and using those
  instead of trying to get it from the remote site - should this not speed
  things up - I also know that the list is updated all the time - but can
  some of you peoples please comment...
 
  Thanks
 
  Tonino


ok - thanks then!!

Tonino

Re: RBL list

[Henry Baragar]

Tonino,

I think I spoke too soon (only on my first cup of coffee)... Specific entries
will have been cached if they have been seen before, but not necessarily the
whole list.  However, you can use DNS to get the complete list:  see
http://maps.vix.com/rbl/usage.html.

Henry

 Henry Baragar wrote:
 
  Tonino,
 
  The RBL uses DNS, so if your DNS server is local then it is caching copies
  of the RBL list locally.
 
  Henry
 
  TAG wrote:
 
   Hi,
  
   Is there a way of keeping a local copy of the RBL lists and using those
   instead of trying to get it from the remote site - should this not speed
   things up - I also know that the list is updated all the time - but can
   some of you peoples please comment...
  
   Thanks
  
   Tonino

 ok - thanks then!!

 Tonino


begin:vcard 
n:Baragar;Henry
tel;cell:416-453-5626
tel;work:416-453-5626
x-mozilla-html:TRUE
url:www.instantiated.on.ca
org:Instantiated Software Inc.
adr:;;130 Banff Road;Toronto;Ontario;M4P 2P5;Canada
version:2.1
email;internet:[EMAIL PROTECTED]
title:Principal
fn:Henry Baragar
end:vcard

 S/MIME Cryptographic Signature

Re: RBL list

[Bruno Wolff III]

On Tue, Jul 18, 2000 at 12:04:59PM +0200,
  TAG [EMAIL PROTECTED] wrote:
 Is there a way of keeping a local copy of the RBL lists and using those
 instead of trying to get it from the remote site - should this not speed
 things up - I also know that the list is updated all the time - but can
 some of you peoples please comment...

To get the RBL list you need to go through some extra steps. The last time
a checked you needed to sign an agreement not to hold MAPS liable for
problems. Also note that when keeping a local copy of the list, you have
to worry about what happens when MAPS takes some set of addresses off
the list.

There are ways to get complete copies of some other RBL styled lists.

You might try looking at the primary web site for each list you are
interested in to see what their policies are.

Re: RBL list

[Chris, the Young One]

On Tue, Jul 18, 2000 at 08:49:48AM -0500, Bruno Wolff III wrote:
! There are ways to get complete copies of some other RBL styled lists.

Indeed. DJB himself said as much on the dns list:
http://marc.theaimsgroup.com/?m=95836494819286

---Chris K.
-- 
 Chris, the Young One |_ but what's a dropped message between friends? 
  Auckland, New Zealand |_ this is UDP, not TCP after all ;) ---John H. 
http://cloud9.hedgee.com/ |_ Robinson, IV  
 PGP: 0xCCC6114E/0x706A6AAD |_ 

Re: RBL list

[Paul Farber]

No, RBL onlt requires that you do that if you want certian levels of
filtering (namely DNS).

uscpi-tcp-88 has RBL built in.. www.qmail.org

Paul Farber
Farber Technology
[EMAIL PROTECTED]
Ph  570-628-5303
Fax 570-628-5545

On Tue, 18 Jul 2000, Bruno Wolff III wrote:

 On Tue, Jul 18, 2000 at 12:04:59PM +0200,
   TAG [EMAIL PROTECTED] wrote:
  Is there a way of keeping a local copy of the RBL lists and using those
  instead of trying to get it from the remote site - should this not speed
  things up - I also know that the list is updated all the time - but can
  some of you peoples please comment...
 
 To get the RBL list you need to go through some extra steps. The last time
 a checked you needed to sign an agreement not to hold MAPS liable for
 problems. Also note that when keeping a local copy of the list, you have
 to worry about what happens when MAPS takes some set of addresses off
 the list.
 
 There are ways to get complete copies of some other RBL styled lists.
 
 You might try looking at the primary web site for each list you are
 interested in to see what their policies are.
 

Re: RBL list

[Bruno Wolff III]

On Tue, Jul 18, 2000 at 10:44:49AM -0400,
  Paul Farber [EMAIL PROTECTED] wrote:
 No, RBL onlt requires that you do that if you want certian levels of
 filtering (namely DNS).
 
 uscpi-tcp-88 has RBL built in.. www.qmail.org

But this program does a remote lookup each time. The original question
asked about getting a complete copy of the database to speed up lookups.

Re: RBL list

[Paul Farber]

The part I was zeroing in on was that you needed to sign a waiver to use
the RBL.  That is incorrect.  You need to sign a waiver if you get the
zone file via DNS zone transfers.

I'm using RBL now and didn't sign a thing but I don't use the zone
file.

Paul Farber
Farber Technology
[EMAIL PROTECTED]
Ph  570-628-5303
Fax 570-628-5545

On Tue, 18 Jul 2000, Bruno Wolff III wrote:

 On Tue, Jul 18, 2000 at 10:44:49AM -0400,
   Paul Farber [EMAIL PROTECTED] wrote:
  No, RBL onlt requires that you do that if you want certian levels of
  filtering (namely DNS).
  
  uscpi-tcp-88 has RBL built in.. www.qmail.org
 
 But this program does a remote lookup each time. The original question
 asked about getting a complete copy of the database to speed up lookups.
 

Re: RBL list

[Michael T. Babcock]

If you use a caching nameserver, frequent domains will automatically be
cached for a given amount of time.   If you read the entire website for the
RBL (or other related lists) you'll find that they have subscription options
... basically you'd set yourself up as a slave server that downloads the
list.  This isn't really practical in my experience because it is a large
amount of bandwidth to download the lists periodically ...

TAG wrote:

 Is there a way of keeping a local copy of the RBL lists and using those
 instead of trying to get it from the remote site - should this not speed
 things up - I also know that the list is updated all the time - but can
 some of you peoples please comment...

Re: RBL

[David Dyer-Bennet]

Noah Sutherland [EMAIL PROTECTED] writes on 11 November 1999 at 14:43:25 -0800
  I am trying to set up the RBL for the first time. It just is *not*
  working. OK, first, here is the recommended startup line from the web
  site:
  tcpserver 0 25 tcpcontrol /etc/smtp.cdb /usr/local/bin/smtplog qmail-smtpd
  21 | logger -p mail.notice 
  
  Since I'm running ucspi 0.84, I believe I shouldn't use tcpcontrol
  (correct?) so here is my current startup line:
  /usr/local/bin/tcpserver -c100 -u502 -g501 -x/etc/tcp.smtp.cdb 0 25
  /var/qmail/bin/smtplog /var/qmail/bin/qmail-smtpd 21 | logger -p
  mail.notice 

What method of RBL are you trying to use?  The standard qmail method
requires running rblsmtpd, which I don't see you doing.  There were
some old patches to integrate the functionality into qmail; were you
using those instead?

Anyway, here's what I do (sorry for the complexity; it doesn't need to
be this messy, but I'm afraid if I fake it I'll get something wrong):

rblzones="rbl.maps.vix.com relays.mail-abuse.org dul.maps.vix.com"
rblprog="/usr/bin/rblsmtpd"
rblcmd=""
for zn in $rblzones ; do
rblcmd="$rblcmd $rblprog -b -r $zn"
done

(this produces an rblcmd that looks something like "/usr/bin/rblsmtpd
-b -r dul.maps.vix.com /usr/bin/rblsmtpd -b -r relays.mail-abuse.org
/usr/bin/rbmsmtpd -b -r rbl.maps.fix.com", but with no line breaks in it)

/usr/local/bin/supervise /var/run/tcpserver-qmail /usr/local/bin/tcpserver -v -pR 
-c50 -u70 -g70 -x/etc/tcp.smtp.cdb 0 smtp $rblcmd /var/qmail/bin/qmail-smtpd 21 | 
/var/qmail/bin/splogger smtpd 2 

What this ends up being is a big stack of programs which do their
thing, and then exec other programs to do another thing.  The last one
invoked is the actual qmail-smtpd.

Here's what my tcp.smtp looks like:

# tcpcontrol(8) rules for qmail smtp daemon
#
# In general, anywhere I want to allow relaying from, I probably want
# to ignore spamblocks too.

# Allow relaying from my own addresses -- at gofast
206.147.220.161-165:allow,RELAYCLIENT="",RBLSMTPD=""
#
# Blaisdell poly USWest static address
63.224.10.78:allow,RELAYCLIENT="",RBLSMTPD=""
#
# Lydy at work (All of MultiLogic, really used just by Lydy)
206.144.140.:allow,RELAYCLIENT="",RBLSMTPD=""
#
# Finally, allow anything else, but without relaying
# (Domains to refuse entirely would go above this)
:allow

And this has to be compiled into a cdb with a command like
tcprules tcp.smtp.cdb ddbfoobar  tcp.smtp
-- 
David Dyer-Bennet / Join the 20th century before it's too late! / [EMAIL PROTECTED]
http://dd-b.lighthunters.net/ (photos) Minicon: http://www.mnstf.org/minicon
http://www.dd-b.net/dd-b (sf) http://ouroboros.demesne.com/ Ouroboros Bookworms

Re: RBL

[Noah Sutherland]

On Fri, 12 Nov 1999, David Dyer-Bennet wrote:

 What method of RBL are you trying to use?  The standard qmail method
 requires running rblsmtpd, which I don't see you doing.  There were
 some old patches to integrate the functionality into qmail; were you
 using those instead?

I was trying the patches. That's what I get for going to the qmail web
page and searching for rbl. ;)

Thanks. I think I have it working now.

Sincerely,
Noah Sutherland   System Administrator - Internet On-Ramp
[EMAIL PROTECTED]

To get my PGP public key, please email to [EMAIL PROTECTED]
or you can get it at BAL's public key server at http://pgp.ai.mit.edu/

Re: RBL, DUL, Shubs, woohoo

[Evan Champion]

Hi Doug,

 What is the *best* means to use the RBL, DUL, Shubs, and others, with
 qmail-smtpd and be able to allow our dialups to relay?

tcpserver/tcprules will take care of the selective relaying, and rblsmtpd
(available from ftp://koobera.math.uic.edu/pub/software/) will handle RBL
for you

Evan

Re: RBL-Stats v1.0 Released

[Scott D. Yelich]

 hey all, here is a quickie little program i wrote to see exactly what
 rblsmtp is doing for you, here is an example of the output:

 #!/bin/sh
 echo "RBL-Stats v1.0 by xs [EMAIL PROTECTED]"
 echo ""
 echo "checking your logfile, this'll take a few."
 cat $1|grep rblsmtp  ~/.rbltmp.bak
 echo "Since `head -1 ~/.rbltmp.bak|awk '{print $1" "$2" "$3}`"
 echo "RBL has blocked `grep "com/cgi" ~/.rbltmp.bak|wc -l` connections."
 echo "DUL has blocked `grep "com/dul" ~/.rbltmp.bak|wc -l` connections."
 echo "DSSL has blocked `grep dssl ~/.rbltmp.bak|wc -l` connections."
 echo "ORBS has blocked `grep orbs.org ~/.rbltmp.bak|wc -l` connections."
 echo ""
 echo "For a total of `grep rblsmtp ~/.rbltmp.bak|wc -l` connections
 blocked."
 echo "Great Hunt."
 rm ~/.rbltmp.bak
 #EOF

Has anyone managed to get this to run?
My /bin/sh doesn't do ~ expansion
and the awk line appears tohave syntax errors with either the "
or the ` or both.

Scott

Re: RBL-Stats v1.0 Released

[Pavel V. Piankov]

Hi,
it looks like you have a very special Unix tho (:
the scriptie worked fine for me.

On Wed, Mar 24, 1999 at 12:48:25AM -0700, Scott D. Yelich wrote:
 Has anyone managed to get this to run?
 My /bin/sh doesn't do ~ expansion
 and the awk line appears tohave syntax errors with either the "
 or the ` or both.

Pashah
-- 
http://www.spb.sitek.net/~pashah/public-key-0x97739141.pgp

Re: RBL(s)

[Tim Tsai]

On Tue, Mar 23, 1999 at 07:55:05PM -0500, xs wrote:
 as anyone had the pleasure of dealing with some of the (excuse the
 language) ass pirates that refuse to fix their MTA(s) or work to get their
 sites taken out of the ORBS, RBL, DSSL, or DUL databases?

  We haven't had these types of complaints yet, as we only use RBL and
DUL on a site basis currently.  I do use ORBS on my personal account in
an advisory basis (mail goes to a separate folder not bounced) but I
don't think I can enable it for our site.  gte.net (which one of my
friends use) and a few competitor ISP's are in ORBS and I don't want to
lose e-mail coming from them.

  I catch most of the SPAM using a procmail receipe by simplying looking
for e-mail not specifically addressed to me (or any of my known aliases).
ORBS comes second.  We hardly ever see RBL or DUL rejects, but I guess
we're not a big enough site yet.

  Tim

Re: RBL-Stats v1.0 Released

[Anand Buddhdev]

On Wed, Mar 24, 1999 at 12:48:25AM -0700, Scott D. Yelich wrote:

  blocked."
  echo "Great Hunt."
  rm ~/.rbltmp.bak
  #EOF
 
 Has anyone managed to get this to run?
 My /bin/sh doesn't do ~ expansion
 and the awk line appears tohave syntax errors with either the "
 or the ` or both.

Traditional bourne shells did not do tilde expansion. The newer sh that
comes with OS's like FreeBSD will do tilde expansion. It's best to use csh
for tilde expansion to maintain portability, or to explicitly use bash.

-- 
System Administrator
See complete headers for address, homepage and phone numbers

Re: RBL-Stats v1.0 Released

[ddb]

Pavel V. Piankov [EMAIL PROTECTED] writes on 24 March 1999 at 14:43:47 +0300
  
  Hi,
  it looks like you have a very special Unix tho (:
  the scriptie worked fine for me.
  
  On Wed, Mar 24, 1999 at 12:48:25AM -0700, Scott D. Yelich wrote:
   Has anyone managed to get this to run?
   My /bin/sh doesn't do ~ expansion
   and the awk line appears tohave syntax errors with either the "
   or the ` or both.

The real Bourne shell does not do ~ expansion.  Bash DOES do ~
expansion.  Bash is commonly found as /bin/sh on Linux boxes, and I
hear on *BSD as well.  So actually, the person writing the script had
the unusual Unix.
-- 
David Dyer-Bennet  [EMAIL PROTECTED]
http://www.ddb.com/~ddb (photos, sf) Minicon: http://www.mnstf.org/minicon
http://ouroboros.demesne.com/ The Ouroboros Bookworms
Join the 20th century before it's too late!

Re: RBL(s)

[craig]

anyway, thats what the BS in ORBS stands for, Behavor
modification System.

I had an experience like this.  I moved my email activity over to my
own LAN, using qmail, from my newly upgraded account with a "real" ISP,
using sendmail and fetchmail to do the ISP-related activity (via PPP
dial-up on my modem, etc.).  That was a few months ago.

A month or so ago, my outgoing emails started getting rejected by a
set of mailing lists that are pretty much crucial to my daily work.
(These lists had been moved to a new machine specifically to allow
the host to accommodate existing customers, who might be on ORBS-listed
sites, while hosting these particular lists via qmail+ezmlm.  I could
actually get email through via the old list addresses, which were
being maintained as forwarding addresses for a limited time.)

Turned out, my "real" ISP was ORBS-listed.  I verified this myself
(hey, the bounce messages explained how to do it, pretty cool).

So, I contacted my ISP.

Their first few responses were along the lines of "ORBS is stupid, it
lists sites that aren't really open relays, pretty much everyone knows
this, so nobody should use ORBS listing alone just to block a site".

Having reviewed the material at the ORBS site, and not having enough
of a clue to really know who or what to trust, I told them, a couple
of times, that "well, it looks like your claim at least *was* right
at one time, but these days ORBS claims to be new, improved, and have
its act together, and the people maintaining these particular lists
are probably not entirely clueless -- consider reviewing ORBS and/or
contacting the postmaster at the mailing-list site, to learn about
whether ORBS might really have a point about your email relay".

A few days later, the problem was resolved: my ISP's site was delisted
at ORBS.

So, the problem (with ORBS, in this case) isn't necessarily a clueless
sysadmin, though it might be with a sysadmin who is so experienced
he remembers when ORBS was a bad thing.  At least for me, it was
worth taking the time to patiently suggest that, perhaps, despite the
same old name, the new version was better.

Of course, the above lesson probably won't help when dealing with
people who think their relays must remain open, except in the sense
that, perhaps even with them, patient suggestions beat "you're a
clueless incompetent" on occasion.  :)

tq vm, (burley)

Re: RBL-Stats v1.0 Released

[Robin Bowes]

Joel Eriksson wrote:
 
 Have you ever heard about symlink-in-tmp problems?.. That is a classic mistake.

Erm, I haven't.  Where would I read about such things, and other
"classic" mistakes?

R.
-- 
Two rules to success in life: 
  1. Don't tell people everything you know.
 -- Sassan Tat