Re: rblsmtpd and 'tagging' emails
On Sun, Aug 12, 2001 at 02:46:02PM -0700, Qmail wrote: Hi Folks, Is there any way to use rblsmtpd to simply set a header in qmail, rather than bouncing emails? Already posted the URL some weeks ago, http://www.lamer.de/maex/creative/software/qmail/ -- * Henning Brauer, [EMAIL PROTECTED], http://www.bsws.de * * Roedingsmarkt 14, 20459 Hamburg, Germany * Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: rblsmtpd and mail-abuse.org's DNS servers
On Thu, 2 Aug 2001, Derek Callaway wrote: Hi, I'm having a problem with my qmail smtpd server becoming unresponsive when rblsmtpd cannot communiate with the RBL nameservers. Has anyone else From the manual page at http://cr.yp.to/ucspi-tcp/rblsmtpd.html: -C: (Default.) Handle RBL lookups in a ``fail-open'' mode. If an RBL lookup fails temporarily, assume that the address is not listed; if an anti-RBL lookup fails temporarily, assume that the address is anti-listed. Unfortunately, a knowledgeable attacker can force an RBL lookup or an anti-RBL lookup to fail temporarily, so that his mail is not blocked. -- Work: It's not just a job, it's an indenture.
Re: rblsmtpd and mail-abuse.org's DNS servers
2) Did you actually pay MAPS for use of their mail-abuse.org servers? They started charging on August 1st so you are not going to have much luck using them to block spam if you aren't paying them. Have you looked at the price list? The price for individual users is $0. If you want to keep using the RBL, RSS, an DUL, they want a written agreement from you, but if you can't afford to pay, they don't demand money. -- John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869 [EMAIL PROTECTED], Village Trustee and Sewer Commissioner, http://iecc.com/johnl, Member, Provisional board, Coalition Against Unsolicited Commercial E-mail
Re: rblsmtpd and mail-abuse.org's DNS servers
I list some alternatives to MAPS's RBLs, along with some other
spam-prevention techniques, here:
http://www.summersault.com/chris/techno/qmail/qmail-antispam.html
http://www.summersault.com/chris/techno/qmail/qmail-antispam.html#resources
Chris
On Thu, 2 Aug 2001, Derek Callaway wrote:
On Thu, 2 Aug 2001, Chin Fang wrote:
Right, I guess I should have said that I already read those pages before I
posted this message. I'm looking for a _free_ workaround to this problem.
TIA
You will need to pay MAPS to use one of its three RBLs, or the combined
RBL+.
Please see http://www.mail-abuse.org/subscription.html and
http://www.mail-abuse.org/feestructure.html
even you are with an educational institution.
Dr. Dan Bernstein himself has given up on MAPS's RBLs:
Please see: http://cr.yp.to/ucspi-tcp/rblsmtpd.html
Regards,
Chin Fang
[EMAIL PROTECTED]
Hi, I'm having a problem with my qmail smtpd server becoming unresponsive
when rblsmtpd cannot communiate with the RBL nameservers. Has anyone else
had this problem? I'd like to blindy accept e-mail if the RBL nameservers
cannot be contacted. Here's how I'm starting the SMTP server:
/usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -u 7791 -g 2108 -v 0 smtp fixcrio
/usr/local/bin/rblsmtpd -t 7 /usr/local/bin/rblsmtpd -t 7 -r dialups.mail-abuse.org
/usr/local/bin/rblsmtpd -t 7 -r 'relays.mail-abuse.org:Open relay problem - see
URL:http://www.mail-abuse.org/cgi-bin/nph-rss?%IP%' /var/qmail/bin/qmail-smtpd 21
| /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t n100 s100
/var/log/smtp
--
//Derek Callaway [EMAIL PROTECTED] * Programmer: CISC, LLC - S@IRC
char *sites[]={http://www.freezersearch.com/index.cfm?aff=dhc;,
http://www.ciscllc.com,http://www.freezemail.com,0}; /*KDR AB 249*/
-- Chris Hardie -
- mailto:[EMAIL PROTECTED] --
http://www.summersault.com/chris/ --
Re: rblsmtpd and mail-abuse.org's DNS servers
You will need to pay MAPS to use one of its three RBLs, or the combined
RBL+.
Please see http://www.mail-abuse.org/subscription.html and
http://www.mail-abuse.org/feestructure.html
even you are with an educational institution.
Dr. Dan Bernstein himself has given up on MAPS's RBLs:
Please see: http://cr.yp.to/ucspi-tcp/rblsmtpd.html
Regards,
Chin Fang
[EMAIL PROTECTED]
Hi, I'm having a problem with my qmail smtpd server becoming unresponsive
when rblsmtpd cannot communiate with the RBL nameservers. Has anyone else
had this problem? I'd like to blindy accept e-mail if the RBL nameservers
cannot be contacted. Here's how I'm starting the SMTP server:
/usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -u 7791 -g 2108 -v 0 smtp fixcrio
/usr/local/bin/rblsmtpd -t 7 /usr/local/bin/rblsmtpd -t 7 -r dialups.mail-abuse.org
/usr/local/bin/rblsmtpd -t 7 -r 'relays.mail-abuse.org:Open relay problem - see
URL:http://www.mail-abuse.org/cgi-bin/nph-rss?%IP%' /var/qmail/bin/qmail-smtpd 21
| /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t n100 s100
/var/log/smtp
--
//Derek Callaway [EMAIL PROTECTED] * Programmer: CISC, LLC - S@IRC
char *sites[]={http://www.freezersearch.com/index.cfm?aff=dhc;,
http://www.ciscllc.com,http://www.freezemail.com,0}; /*KDR AB 249*/
Re: rblsmtpd
On Thu, Aug 02, 2001 at 04:54:02PM +0800, Adrian Ho wrote: On Thu, Aug 02, 2001 at 03:33:53PM +0800, Lars Hansson wrote: Actually, I'd bet it's a DNS problem, not an rblsmtpd one. I'd also bet [snip] Ah yes, right you are. I thought rblsmtpd would look it up directly. Adding the subdomain rbl.unet.net.ph fixed it. -- Lars Hansson Technical Consultant/System Administrator UNET, Inc.Makati City, Philippines e-mail: [EMAIL PROTECTED]
Re: rblsmtpd and mail-abuse.org's DNS servers
On Thu, Aug 02, 2001 at 02:58:08PM -0400, Derek Callaway wrote: /usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -u 7791 -g 2108 -v 0 smtp fixcrio /usr/local/bin/rblsmtpd -t 7 /usr/local/bin/rblsmtpd -t 7 -r dialups.mail-abuse.org /usr/local/bin/rblsmtpd -t 7 -r 'relays.mail-abuse.org:Open relay problem - see URL:http://www.mail-abuse.org/cgi-bin/nph-rss?%IP%' /var/qmail/bin/qmail-smtpd 21 | /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t n100 s100 /var/log/smtp Two quick observations: [1] A single rblsmtpd instance can take multiple -r options, so your command line can be /much/ shorter and more efficiently executed. [2] Are you actually most concerned about quickly accepting mail from /local/ (or known-good) clients? If so, set up your own anti-RBL list and make it the first list to be checked. Read http://cr.yp.to/ucspi-tcp/rblsmtpd.html for more details on both the above. -- Adrian HoTinker, Drifter, Fixer, Bum [EMAIL PROTECTED] ListArchive: http://marc.theaimsgroup.com/?l=qmail Useful URLs: http://cr.yp.to/qmail.html http://www.qmail.org http://www.lifewithqmail.org/ http://qmail.faqts.com/
Re: rblsmtpd
On Thu, Aug 02, 2001 at 03:33:53PM +0800, Lars Hansson wrote: The problem is that rblsmtpd doesnt seem to do any lookup to it at all. Actually, I'd bet it's a DNS problem, not an rblsmtpd one. I'd also bet you made the erroneous assumption that '-a rbl.unet.net.ph' tells rblsmtpd to send TXT queries directly to rbl.unet.net.ph. It does no such thing -- all rblsmtpd queries are done via your DNS resolver, and therefore follow all the normal DNS delegation rules. If running 'dig rbl.unet.net.ph ns' from your qmail server returns 0 records, that's a 50-foot blinking neon sign that your DNS setup needs fixing. -- Adrian HoTinker, Drifter, Fixer, Bum [EMAIL PROTECTED] ListArchive: http://marc.theaimsgroup.com/?l=qmail Useful URLs: http://cr.yp.to/qmail.html http://www.qmail.org http://www.lifewithqmail.org/ http://qmail.faqts.com/
RE: rblsmtpd and mail-abuse.org's DNS servers
Derek,
I see a number of problems with the text you copied in
there, it's very confusing. Here's the questions and issues:
1) On line 2, you're calling rblsmtpd and having it call
rblsmtpd, which then calls rblsmtpd for a third time on
line 3. The first instance doesn't even have arguments so
I have no idea why you're doing that. Combine all of those
into one rblsmtpd with multiple -r arguments for all the
servers to test against.
2) Did you actually pay MAPS for use of their mail-abuse.org
servers? They started charging on August 1st so you are
not going to have much luck using them to block spam if you
aren't paying them.
3) You will need to call rblsmtpd with a -C argument to
allow email through if it can't do the lookups against
the servers you specify. This is the default so having it
or not is okay.
Dave
-Original Message-
From: Derek Callaway [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 02, 2001 2:58 PM
To: [EMAIL PROTECTED]
Subject: rblsmtpd and mail-abuse.org's DNS servers
Hi, I'm having a problem with my qmail smtpd server becoming unresponsive
when rblsmtpd cannot communiate with the RBL nameservers. Has anyone else
had this problem? I'd like to blindy accept e-mail if the RBL nameservers
cannot be contacted. Here's how I'm starting the SMTP server:
/usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -u 7791 -g 2108 -v 0 smtp
fixcrio /usr/local/bin/rblsmtpd -t 7 /usr/local/bin/rblsmtpd -t 7 -r
dialups.mail-abuse.org /usr/local/bin/rblsmtpd -t 7 -r
'relays.mail-abuse.org:Open relay problem - see
URL:http://www.mail-abuse.org/cgi-bin/nph-rss?%IP%'
/var/qmail/bin/qmail-smtpd 21 | /usr/local/bin/setuidgid qmaill
/usr/local/bin/multilog t n100 s100 /var/log/smtp
--
//Derek Callaway [EMAIL PROTECTED] * Programmer: CISC, LLC - S@IRC
char *sites[]={http://www.freezersearch.com/index.cfm?aff=dhc;,
http://www.ciscllc.com,http://www.freezemail.com,0}; /*KDR AB 249*/
Re: rblsmtpd and mail-abuse.org's DNS servers
On Thu, 2 Aug 2001, Chin Fang wrote:
Right, I guess I should have said that I already read those pages before I
posted this message. I'm looking for a _free_ workaround to this problem.
TIA
You will need to pay MAPS to use one of its three RBLs, or the combined
RBL+.
Please see http://www.mail-abuse.org/subscription.html and
http://www.mail-abuse.org/feestructure.html
even you are with an educational institution.
Dr. Dan Bernstein himself has given up on MAPS's RBLs:
Please see: http://cr.yp.to/ucspi-tcp/rblsmtpd.html
Regards,
Chin Fang
[EMAIL PROTECTED]
Hi, I'm having a problem with my qmail smtpd server becoming unresponsive
when rblsmtpd cannot communiate with the RBL nameservers. Has anyone else
had this problem? I'd like to blindy accept e-mail if the RBL nameservers
cannot be contacted. Here's how I'm starting the SMTP server:
/usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -u 7791 -g 2108 -v 0 smtp fixcrio
/usr/local/bin/rblsmtpd -t 7 /usr/local/bin/rblsmtpd -t 7 -r dialups.mail-abuse.org
/usr/local/bin/rblsmtpd -t 7 -r 'relays.mail-abuse.org:Open relay problem - see
URL:http://www.mail-abuse.org/cgi-bin/nph-rss?%IP%' /var/qmail/bin/qmail-smtpd 21
| /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t n100 s100
/var/log/smtp
--
//Derek Callaway [EMAIL PROTECTED] * Programmer: CISC, LLC - S@IRC
char *sites[]={http://www.freezersearch.com/index.cfm?aff=dhc;,
http://www.ciscllc.com,http://www.freezemail.com,0}; /*KDR AB 249*/
Re: rblsmtpd and mail-abuse.org's DNS servers
Hi, I'm having a problem with my qmail smtpd server becoming unresponsive when rblsmtpd cannot communiate with the RBL nameservers. http://www.mail-abuse.org/subscription.html Mads
Re: rblsmtpd and mail-abuse.org's DNS servers
On Thu, 2 Aug 2001, Derek Callaway wrote: Right, I guess I should have said that I already read those pages before I posted this message. I'm looking for a _free_ workaround to this problem. TIA There is no workaround. The resolver is going to wait for the connection to time out, thus causing your delay. The workaround is to either find another RBL list source that runs a reliable, free network, or when it does have hiccups, remove them, or suffer through the delays. -- John Gonzalez / [EMAIL PROTECTED] / [EMAIL PROTECTED] Tularosa Communications, Inc. (505) 439-0200 voice / (505) 443-1228 fax http://www.tularosa.net / ASN 11711 / JG6416 [--[ sys info ]---] 1:45pm up 329 days, 19:14, 5 users, load average: 0.07, 0.18, 0.15
RE: rblsmtpd
On my Debian: #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` #exec /usr/local/bin/softlimit -m 200 /usr/local/bin/tcpserver -v -R -l 0 -x /etc/tcp.smtp.cdb -c $MAXSMTPD -u $QMAILDUID -g $NOFILESGID 0 smtp /usr/local/bin/rblsmtpd -r relays.osirusoft.com -r inputs.relays.osirusoft.com -r dev.null.sk -r inputs.orbz.org -r outputs.orbz.org -r relays.ordb.org -r or.orbl.org -r orbs.dorkslayers.com -r ztl.dorkslayers.com /var/qmail/bin/qmail-smtpd 21 On my Redhat ... env - PATH=/var/qmail/bin:/usr/local/bin \ tcpserver -H -R -x /etc/tcp.smtp.cdb -c100 -u503 -g503 0 smtp \ /usr/local/bin/rblsmtpd -r relays.osirusoft.com -r inputs.relays.osirusoft.com -r dev.null.sk -r inputs.orbz.org -r outputs.orbz.org -r relays.ordb.org -r or.orbl.org -r orbs.dorkslayers.com -r ztl.dorkslayers.com \ /var/qmail/bin/qmail-smtpd 21 /dev/null echo smtp ;; Note: My Redhat don't use supervise script. Another problem: my debian who use supervise script log in syslogd and qmail log, why ? How I can log only in my qmail log ? Thanks very much. -Original Message- From: Adrian Ho [mailto:[EMAIL PROTECTED]] Sent: Saturday, July 28, 2001 3:12 AM To: Mailing-List Qmail Subject: Re: rblsmtpd On Fri, Jul 27, 2001 at 11:50:19PM +0200, NDSoftware wrote: [xxx@xxx /home]# rblsmtpd: 129.132.2.199 pid 7941: 451 Open relay. Please see http://orbz.org/?129.132.2.199 rblsmtpd: 129.132.2.199 pid 8799: 451 Open relay. Please see http://orbz.org/?129.132.2.199 Why this warning aren't in the qmail log ? Show us the rblsmtpd startup script (if you're running qmail, probably the qmail-smtpd startup script). It's possible to make a path for rblsmtpd, for what the postmaster can receipt message in blacklist (for help the admin who have a mail server blacklisted). That turns rblsmtpd from an IP-level ACL enforcer to a mail proxy, so it's more like a brand-new program. You're much better off running a proper filtering SMTP proxy for this purpose. -- Adrian HoTinker, Drifter, Fixer, Bum [EMAIL PROTECTED] ListArchive: http://marc.theaimsgroup.com/?l=qmail Useful URLs: http://cr.yp.to/qmail.html http://www.qmail.org http://www.lifewithqmail.org/ http://qmail.faqts.com/
Re: rblsmtpd
On Fri, Jul 27, 2001 at 11:50:19PM +0200, NDSoftware wrote: [xxx@xxx /home]# rblsmtpd: 129.132.2.199 pid 7941: 451 Open relay. Please see http://orbz.org/?129.132.2.199 rblsmtpd: 129.132.2.199 pid 8799: 451 Open relay. Please see http://orbz.org/?129.132.2.199 Why this warning aren't in the qmail log ? Show us the rblsmtpd startup script (if you're running qmail, probably the qmail-smtpd startup script). It's possible to make a path for rblsmtpd, for what the postmaster can receipt message in blacklist (for help the admin who have a mail server blacklisted). That turns rblsmtpd from an IP-level ACL enforcer to a mail proxy, so it's more like a brand-new program. You're much better off running a proper filtering SMTP proxy for this purpose. -- Adrian HoTinker, Drifter, Fixer, Bum [EMAIL PROTECTED] ListArchive: http://marc.theaimsgroup.com/?l=qmail Useful URLs: http://cr.yp.to/qmail.html http://www.qmail.org http://www.lifewithqmail.org/ http://qmail.faqts.com/
Re: rblsmtpd seems to violate RFC1123, 5.2.7
On Thu, Jul 12, 2001 at 11:27:23AM +0200, torben fjerdingstad wrote: rblsmtpd with qmail does not accept mail from a blacklisted IP to postmaster@my-qmail-host, does it? No. That seems to me like as a violation of rfc1123, 5.2.7 which says: Nope. 5.2.7 RCPT Command: RFC-821 Section 4.1.1 A host that supports a receiver-SMTP MUST support the reserved mailbox Postmaster. Note the wording. It says that the receiver-SMTP MUST accept and deliver mail to postmaster@your-qmail-host. It doesn't say that the receiver-SMTP MUST accept such mail /from every possible source/. What you want requires a RBL-aware mail proxy with destination address overrides. rblsmtpd won't do it for you, not without a significant amount of hacking. - Adrian
Re: rblsmtpd seems to violate RFC1123, 5.2.7
rblsmtpd with qmail does not accept mail from a blacklisted IP to postmaster@my-qmail-host, does it? That seems to me like as a violation of rfc1123, 5.2.7 which says: 5.2.7 RCPT Command: RFC-821 Section 4.1.1 A host that supports a receiver-SMTP MUST support the reserved mailbox Postmaster. Well, my postmaster mailbox is supported, but I believe the intention is that it should be able to receive mail. One more desirable candidate for unrbl'ing is abuse@my-qmail-host. Unfortunate situation, isn't it? The reality is that there are far to many places that do not have (or ignore) the postmaster account for even legitimate stuff. The other part of the reality is that rblsmtpd is intended to drop the connection at the earliest sign of trouble. If you are going to all a complete transaction to take place, just so you can look for postmaster recipients, then there is no reason to use rbsmtpd :-/ Life in an imperfect world... -- Roger Walker Tier III Messaging/News Team Internet Applications, National Consumer IP TELUS Corporation 780-493-2471
Re: rblsmtpd logging
"John McCoy, Jr." [EMAIL PROTECTED] writes:
I noticed when I implemented rblsmtpd that several legitimate sites were
being blocked. They were mostly other .edu sites. Is there any way to create
a list of exceptions, hopefully with a wild card so I could allow all .edu
traffic to pass regardless? Or better yet can I get rblsmtpd to just tell me
which sites it has gotten matches on but not actually block the mail. So I
can then encourage sites that should be allowed in to improve their servers,
and make the web a better place for us all. I've already written a script to
pull out those who get blocked from the log file. That was how I discovered
I was blocking people who needed to send us email. I would be happy to share
it.
Yes; set the environment variable RBLSMTPD to a null string ("") using
tcpserver (in the cdb file; well, you put it in the source which is
compiled into the cdb file):
209.98.94.1-8:allow,RBLSMTPD=""
--
David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]
SF: http://www.dd-b.net/dd-b/ Minicon: http://www.mnstf.org/minicon/
Photos: http://dd-b.lighthunters.net/
Re: rblsmtpd not recognizing -R flag
On Sat, Mar 03, 2001 at 04:08:17PM -0800, Todd A. Jacobs wrote: And the undocumented -a flag is presumably the A record lookup enabled by the patch for rblsmtpd, right? -a is not undocumented, and your presumption is incorrect. My /var/qmail/supervise/qmail-smtpd/run now looks like: #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 200 \ /usr/local/bin/tcpserver -v -p -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u $QMAILDUID -g $NOFILESGID 0 smtp /usr/local/bin/rblsmtpd \ -rblackholes.mail-abuse.org -rdialups.mail-abuse.org \ -rinput.orbs.org -routput.orbs.org \ -arelays.mail-abuse.org /var/qmail/bin/qmail-smtpd 21 And RSS and ORBS are still failing to block, but RBL and DUL work fine. I don't know about ORBS, but since RSS doesn't provide a TXT record, you use the -r option like this (exactly as I said in my previous message to you): -r 'relays.mail-abuse.org:Open relay problem \ - see URL:http://www.mail-abuse.org/cgi-bin/nph-rss?query=%IP%' Chris
Re: rblsmtpd not recognizing -R flag
On Sat, Mar 03, 2001 at 04:08:17PM -0800, Todd A. Jacobs wrote: I'm trying to run rblsmtd with protection if the lookup fails. According to both the rblsmtpd usage output and the man page, the -R flag should do this. However, tcpserver contains this log fragment: If you're using the latest version of rblsmtpd--the one that comes with ucspi-tcp--there's no -R option. See http://cr.yp.to/ucspi-tcp/rblsmtpd.html Chris
Re: rblsmtpd not recognizing -R flag
On Sat, 3 Mar 2001, Chris Johnson wrote: If you're using the latest version of rblsmtpd--the one that comes with ucspi-tcp--there's no -R option. See http://cr.yp.to/ucspi-tcp/rblsmtpd.html I guess the new syntax didn't make it into the man pages. Thanks for the URL. -- Todd A. Jacobs CodeGnome Consulting, LTD
Re: rblsmtpd
I did note in the earlier mail that rblsmtpd is now in the ucspi-tcp program and has a -a query. The only thing about this is why it says "anti-listed" instead of listed. Perhaps you want to read the docs for rblsmtpd for the meaning of the -a flag. Unpatched rblsmtpd blocks using TXT records. Mate
Re: rblsmtpd
Hello Mate On 29-Jan-01, you wrote: I did note in the earlier mail that rblsmtpd is now in the ucspi-tcp program and has a -a query. The only thing about this is why it says "anti-listed" instead of listed. Perhaps you want to read the docs for rblsmtpd for the meaning of the -a flag. Unpatched rblsmtpd blocks using TXT records. Mate There isn't a man rblsmtpd. what other docs besides DJB's ucspi-tcp (rblsmtmp) http://cr.yp.to/ucspi-tcp/rblsmtpd.html Options: -r base: Use base as an RBL source. An IP address a.b.c.d is listed by that source if d.c.b.a. base has a TXT record. rblsmtpd uses the contents of the TXT record as an error message for the client. -a base: Use base as an anti-RBL source. An IP address a.b.c.d is anti-listed by that source if d.c .b.a.base has an A record. In this case rblsmtpd does not block mail. This is the reference to :- "The only thing about this is why it says "anti-listed" instead of listed." That I made. I am not sure why it says "anti-listed". As in not in the rbl. It seems to be saying that if the IP matches then it's allowed. I'd have thought that if they had changed their rbl listing from txt to A-record, then doing a A-record against it and getting a result would be "listed" and then qmail would deny the connection. Obviously, I'm missing something here, but that section of the ucspi-tcp/rblmstpd is just not clear. Regards...Martin -- "Good taste is better than bad taste, but bad taste is better than no taste." - Arnold Bennett.
Re: rblsmtpd
Hello Peter On 25-Jan-01, you wrote: On Thu, Jan 25, 2001 at 02:06:58PM -0500, Martin Randall wrote: [snip] Whilst I'm hereI noticed that most mail servers connecting have cutomised greetings and endings during the 220, 250 and 221 responses. I searched the docs plus Dave Sills archives but couldn't find anything on this. man qmail-smtpd, look for smtpgreeting. Greetz, Peter. Well there were twp partsto this, the main part the rblsmtpd and the trivial/curious part, which is this. Let me start with the rblsmtpd. Here is a rbl log on another mail server. Sat 2001-01-27 13:39:51: [1164:8057] EHLO mail02.osite.com.br Sat 2001-01-27 13:39:51: [1164:8057] Spam Blocker checking 200.189.209.131 using cache... Sat 2001-01-27 13:39:51: [1164:8057] Spam Blocker checking 200.189.209.131 using 131.209.189.200.dialups.mail-abuse.org... Sat 2001-01-27 13:39:51: [1164:8057] Spam Blocker A-record resolution of [131.209.189.200.dialups.mail-abuse.org] in progress (DNS Server: 216.136.29.250)... Sat 2001-01-27 13:40:01: [1164:8057] Spam Blocker 10 second wait for DNS response exceeded Sat 2001-01-27 13:40:01: [1164:8057] Spam Blocker checking 200.189.209.131 using 131.209.189.200.rbl.maps.vix.com... Sat 2001-01-27 13:40:01: [1164:8057] Spam Blocker A-record resolution of [131.209.189.200.rbl.maps.vix.com] in progress (DNS Server: 216.136.29.250)... Sat 2001-01-27 13:40:02: [1164:8057] Spam Blocker checking 200.189.209.131 using 131.209.189.200.relays.mail-abuse.org... Sat 2001-01-27 13:40:02: [1164:8057] Spam Blocker A-record resolution of [131.209.189.200.relays.mail-abuse.org] in progress (DNS Server: 216.136.29.250)... Sat 2001-01-27 13:40:02: [1164:8057] Spam Blocker D=131.209.189.200.relays.mail-abuse.org TTL=(5) A=[127.0.0.2] Sat 2001-01-27 13:40:02: [1164:8057] 550 mail from 200.189.209.131 refused by RSS, see http://www.mail-abuse.org/rss/ Sat 2001-01-27 13:40:03: [1164:8057] SMTP session abnormally terminated, 26 bytes transferred. Sat 2001-01-27 13:40:03: -- As you can see, it says it is doing A-record resolutions with the relevent abuse locations. I did note in the earlier mail that rblsmtpd is now in the ucspi-tcp program and has a -a query. The only thing about this is why it says "anti-listed" instead of listed. On my second question which was about the 220, 221 etc. codes, Yes, I had already tried putting something in SMTPGREETING. What that gives me is (I've deleted most of the junk for brevity) :- Sat 2001-01-27 13:38:15: [2356:8055] 220 How's it hanging ? ESMTP Sat 2001-01-27 13:38:15: [2356:8055] EHLO chaossolutions.org Sat 2001-01-27 13:38:15: [2356:8055] 250-How's it hanging ? SNIP Sat 2001-01-27 13:38:15: [2356:8055] 221 How's it hanging ? Sat 2001-01-27 13:38:15: [2356:8055] SMTP session successful, 675 bytes transferred. As you can see, it gives the same text string for 220, 221 and 250 ie the smtpgreeting. Wheras, other pople customise the strings which is what I was asking about. Sat 2001-01-27 05:41:30: [2608:7809] 220 smtp2.home.se Novonyx SMTP ready $Revision: 2.74 $ Sat 2001-01-27 05:41:30: [2608:7809] EHLO chaossolutions.org Sat 2001-01-27 05:41:32: [2608:7809] 250-smtp2.home.se Pleased to meet you Sat 2001-01-27 05:41:44: [2608:7809] 221 smtp2.home.se So long, and thanks for all the fish Sat 2001-01-27 05:41:34: [2228:7803] 250 warrior-inbound - Plus.Net, The smarter way to Internet - Sat 2001-01-27 05:41:43: [2228:7803] 250 ok 980592233 qp 27053 Sat 2001-01-27 05:41:43: [2228:7803] QUIT Sat 2001-01-27 05:41:49: [2228:7803] 221 warrior-inbound - Plus.Net, The smarter way to Internet - Sat 2001-01-27 05:41:37: [2444:7858] 250-post.it.helsinki.fi Hello server.chaossolutions.org [216.136.109.158] (may be forged), pleased to meet you. Unless you are a SPAMmer Sat 2001-01-27 05:41:38: [2444:7858] 250 2.1.0 [EMAIL PROTECTED]... Sender looks kinda ok Sat 2001-01-27 05:41:50: [2444:7858] 250 2.0.0 f0RAhmx20818 Message accepted for delivery. Lucky you Sat 2001-01-27 05:41:50: [2444:7858] QUIT Sat 2001-01-27 05:41:51: [2444:7858] 221 2.0.0 post.it.helsinki.fi closing connection. Nice meeting you Anyway, this part I was just curious about. The main bit was/is the rblsmtpd. Please refer back to my original mail if you are confused. Regards...Martin -- Ah, Blackadder. Notice anything...unusual? Yes, sir. It's eleven thirty in the morning, and you're moving about. Is the bed on fire? == George and Edmund : Duel and Duality
Re: rblsmtpd
* Agi Subagio [EMAIL PROTECTED] [010125 03:00]: How to add more rblsmtpd process to check another blacklist resource like "relays.mail-abuse.org", "blackholes.mail-abuse.org" or "dialups.mail-abuse.org"? (lart@socha):(~)$ cat /service/smtp/run #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` exec /usr/local/bin/softlimit -m 200 \ /usr/local/bin/tcpserver -v -p -x tcp.cdb \ -u $QMAILDUID -g $NOFILESGID 0 smtp /usr/local/bin/rblsmtpd \ -rrelays.orbs.org -rrbl.maps.vix.com \ -r blackholes.mail-abuse.org \ -r dialups.mail-abuse.org \ -r 'relays.mail-abuse.org:Open relay problem - see URL:http://www.mail-abuse.org/cgi-bin/nph-rss?%IP%' \ /var/qmail/bin/qmail-smtpd 21
Re: rblsmtpd
On Thu, Jan 25, 2001 at 04:35:58AM -0500, Robin S. Socha wrote: * Agi Subagio [EMAIL PROTECTED] [010125 03:00]: How to add more rblsmtpd process to check another blacklist resource like "relays.mail-abuse.org", "blackholes.mail-abuse.org" or "dialups.mail-abuse.org"? (lart@socha):(~)$ cat /service/smtp/run #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` exec /usr/local/bin/softlimit -m 200 \ /usr/local/bin/tcpserver -v -p -x tcp.cdb \ -u $QMAILDUID -g $NOFILESGID 0 smtp /usr/local/bin/rblsmtpd \ -rrelays.orbs.org -rrbl.maps.vix.com \ -r blackholes.mail-abuse.org \ -r dialups.mail-abuse.org \ -r 'relays.mail-abuse.org:Open relay problem - see URL:http://www.mail-abuse.org/cgi-bin/nph-rss?%IP%' \ I think this last entry requires a patched rbslmptd. You could instead use: -r relays.msci.memphis.edu relays.msci.memphis.edu is a mirror of relays.mail-abuse.org, but it runs Dan's rbldns and gives out the TXT record that rblsmtpd needs. Chris
Re: rblsmtpd
Hello Chris On 25-Jan-01, you wrote: I think this last entry requires a patched rbslmptd. You could instead use: -r relays.msci.memphis.edu relays.msci.memphis.edu is a mirror of relays.mail-abuse.org, but it runs Dan's rbldns and gives out the TXT record that rblsmtpd needs. Chris Funny, I was just about to look at rblsmtpd later today or this evening. Apparently the records changed from txt to ?? last August. I was hoping that as ucspi-tcp had been overhauled and rblsmtpd is now within it, at 0.88 this inter-operability problem had been fixed. What is the status of this problem ? Further, what's the -a option all about ? Whilst I'm hereI noticed that most mail servers connecting have cutomised greetings and endings during the 220, 250 and 221 responses. I searched the docs plus Dave Sills archives but couldn't find anything on this. Just curious... Regards...Martin -- 1) If you have to ask, you're not entitled to know. 2) If you don't like the answer, you shouldn't have asked. == Abbott's Law
Re: rblsmtpd
On Thu, Jan 25, 2001 at 02:06:58PM -0500, Martin Randall wrote: [snip] Whilst I'm hereI noticed that most mail servers connecting have cutomised greetings and endings during the 220, 250 and 221 responses. I searched the docs plus Dave Sills archives but couldn't find anything on this. man qmail-smtpd, look for smtpgreeting. Greetz, Peter.
Re: rblsmtpd
Martin Randall [EMAIL PROTECTED] writes: Whilst I'm hereI noticed that most mail servers connecting have cutomised greetings and endings during the 220, 250 and 221 responses. I searched the docs plus Dave Sills archives but couldn't find anything on this. Naturally qmail provides this essential customization. See the smtpgreeting control file. Ian
Re: RBLSMTPD
Hello Hi, Can anyone please advise me if there is anyway of telling an attacker if you like that they have been blocked via an email or something similiar. I am having the problem that people are getting blocked however it appears the mail goes through but is then not returned. Please Help. The rblsmtpd based for instance on ORBS - this is not good idea. I think - each admin should generate its own "black" list of spam hosts rather than take it from ORBS. This server from I'm writing now (administrated by me) does not support open relay now, since time, when I have begun administrate it, I have installed the newest software - qmail and configure it with tcpserver. The relayclients are carefuly established. Nothing more are not able to relay post by server of mine but I'm existing further time till today on ORBS list as insecure. Why? How about ask Alan Brown? I suppose, that in like my case are more peoples! If any host might support open relay if not, would bee seen without complicated tests. Each can see that my host does not support open relay but my host sitll exists on ORBS list! ORBS and like ORBS lists there are stupid idea, which makes more evil than good. First of all from such as ORBS 'insecure hosts' list" are using all presented on Net hacers, who have directly listing of host, which potentialy can be used to attack. I'm of opinion, that giving such list public is illegal and harmful. I have met such case, that after each test made from ORBS was reported hackers proof to destroy my host, therefore the access for ORBS on my host has been by my on tcpserver blocked: =nl:deny =nz:deny Best Wishes Piotr --- Piotr Kasztelowicz [EMAIL PROTECTED] [http://www.am.torun.pl/~pekasz]
Re: rblsmtpd - notification
On Thu, Dec 28, 2000 at 11:10:37AM +1100, [EMAIL PROTECTED] wrote: question is: Is there anyway of notifying the person who sent the mail to you through the open relay, with a generic message that they were blocked. Say "Your message could not be processed by our server." If anyone could help with this it would be much appreciated. rblsmtpd either rejects the message permanently (5xx code) or temporarily (4xx code). Depending on the option you start rblsmtpd with and assuming a correctly working smtpd on the sending side, the user will either get a immediate failure notice on a 5xx code or a delayed one as soon as the retry interval (typically around a week) of the sending smtpd has expired. See URL:http://cr.yp.to/ucspi-tcp/rblsmtpd.html and especially the section on "Temporary errors" and the "-b -B" switches for more information. Note: a 4xx code is more "social" but may trigger bugs in some smtpds (e.g. Microsoft SMTP) causing them to hammer on your smtpd with retries. See: URL:http://support.microsoft.com/support/kb/articles/Q224/9/83.ASP \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: RBLSMTPD
On Thu, Dec 28, 2000 at 10:12:48AM +0100, Piotr Kasztelowicz wrote: ORBS and like ORBS lists there are stupid idea, which makes more evil than good. First of all from such as ORBS 'insecure hosts' list" are using all presented on Net hacers, who have directly listing of host, which potentialy can be used to attack. I'm of opinion, that giving such list public is illegal and harmful. I have met such case, that after each test made from ORBS was reported hackers proof to destroy my host, therefore the access for ORBS on my host has been by my on tcpserver blocked: This lists are irrelevant for attacks and security through obscurity is no security at all. Hackers will find your server regardless whether you are listed in a RBL list or not. On a freshly setup system with an IP address never assigned before I had - within a week - 4 complete port scans + 6 additional scans for relay open mailservers. Trying to "hide" is useless. Fix your systems. I personally have no mercy for ppl doing lousy system administration and whining when they get hacked. If you can't handle all the hosts in your responsibility use at least some port filters or a firewall or disconnect them by pulling the network plug. \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: RBLSMTPD
On Thu, 28 Dec 2000, Markus Stumpf wrote: This lists are irrelevant for attacks and security through obscurity is no security at all. The peoples, who manages with RBL could inform admin of tested host prior to begin such tests. If test had presented insecurity or open relay possibilities, ORBS admins could have informed me about them first prior to inform all peoples about them to write it on data base. I'd like to pay your attention to this fact, that all cases to connect to my smtp to use it other than for sending or receiving e-mail (for instance to the test without to inform me about them) can be taken as hackers proof itself. Additionaly each case such tests due to more acitivity of hackers. Should I report this without reaction? I were in such case a bad administrator. Hackers will find your server regardless whether you are listed in a RBL list or not. But you can this not excluded, that this listing would have been a good direction for hackers, because it is public on WWW. Trying to "hide" is useless. Fix your systems. I personally have no mercy .. This was already made by me in September, when I have begun manage with this server (I have under my care more servers), but I will not idle to look to logs, where are observed logs from ORBS tests' proofs common with proofs of achieve my server on ftp or telnet. I suppose, that I'm permited to request from ORBS to use my smtp only for provided for it use - email sending or receiving. This same I wish me to stop all tests. I think, I have a rhight to its... Best Wishes Piotr Kasztelowicz --- Piotr Kasztelowicz [EMAIL PROTECTED] [http://www.am.torun.pl/~pekasz]
Re: rblsmtpd conflict with ucspi -tcp
Keep in mind you will get a faster response if you return your queries to [EMAIL PROTECTED] On Thu, Dec 14, 2000 at 04:21:15PM +0800, [EMAIL PROTECTED] wrote: 1.can I install ucspi-unix,not install ucspi-tcp? I am not familiar with "ucspi-unix." 2.After install ucspi-tcp,qmail-1.03+16patches,and daemontools(downloaded from http://em.cn/~bruceg/qmail+patches), I telnet mail-abuse.org,it can't through the ninth test way. what can I do? I tried to telnet into mail-abuse.org and nothing happened. If you are eliciting a test from mail-abuse.org could you be more specific how you are going about testing? PGP signature
Re: rblsmtpd conflict with ucspi -tcp
Alex Pennace [EMAIL PROTECTED] wrote: On Thu, Dec 14, 2000 at 04:21:15PM +0800, [EMAIL PROTECTED] wrote: 1.can I install ucspi-unix,not install ucspi-tcp? I am not familiar with "ucspi-unix." It is an implementation of the ucspi protocol running over Unix domain sockets instead of TCP sockets. It's written by Bruce Guenter; see http://em.ca/~bruceg/ for more. 2.After install ucspi-tcp,qmail-1.03+16patches,and daemontools(downloaded from http://em.cn/~bruceg/qmail+patches), I telnet mail-abuse.org,it can't through the ninth test way. what can I do? To clarify: did you "telnet mail-abuse.org" or "telnet mail-abuse.org 25"? If the former, it has nothing to do with SMTP. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: rblsmtpd conflict with ucspi -tcp
On Thu, Dec 14, 2000 at 03:08:45PM +0800, shaolei wrote: when I install rblsmtpd-0.70-1.i386.rpm it need qmail-smtpd=qmail-smtpd=1.03+patches-7, after I install qmail-smtpd=1.03+patches-16 it need ucspi-tcp=0.86-1 so I install ucspi-tcp and qmail-smtpd but when I tried to install rblsmtpd. it reported conflict with ucspi-tcp what can I do?? Don't install rblsmtpd, it's now a part of ucspi-tcp. PGP signature
Re: rblsmtpd and firewall
On Tue, Nov 28, 2000 at 09:00:04AM -0300, Roberto Samarone Araujo (RSA) wrote: I turned on my firewall and I looked at my logs when I found this message: smtpd: 975401579.539737 tcpserver: fatal: unable to figure out port number for /usr/local/bin/rblsmtpd What's the port number and protocol(TCP or UDP) that rblsmtpd use ? Your startup script is messed up. Post it and someone will tell you how to fix it. Chris
Re: rblsmtpd and firewall
Your startup script is messed up. Post it and someone will tell you how to fix it. Ok ... I put in my qmail.rc this : /usr/local/bin/tcpserver -b 64 -c 64 -x/etc/tcp.smtp.cdb -g 82 -u 82 -t 600 0 /usr/local/bin/rblsmtpd /var/qmail/bin/qmail-smtpd 21 | /var/qmail/bin/splogger smtpd thanks Roberto Samarone Araujo
Re: rblsmtpd and firewall
On Tue, Nov 28, 2000 at 09:37:40AM -0300, Roberto Samarone Araujo (RSA) wrote: /usr/local/bin/tcpserver -b 64 -c 64 -x/etc/tcp.smtp.cdb -g 82 -u 82 -t 600 0 /usr/local/bin/rblsmtpd /var/qmail/bin/qmail-smtpd 21 | /var/qmail/bin/splogger smtpd You're missing the port argument. You need to put "smtp" between "0" and "/usr/local/bin/rblsmtpd." Chris
Re: rblsmtpd emergency
Hello, On Wed, Aug 16, 2000 at 10:28:48AM -0500, Mate Wierdl wrote: On Wed, Aug 16, 2000 at 09:55:53AM -0500, Ben Beuchler wrote: On Wed, Aug 16, 2000 at 07:08:28AM -0500, Mate Wierdl wrote: but would not it be relatively simple to implement a server software using tcpserver that would just lookup an IP number in a .cdb database of IP numbers, and send an appropriate response? A client might be hmm. I don't understand the question. For ucspi-tcp-0.88, I get from http://cr.yp.to/ucspi-tcp/rblsmtpd.html (slightly wrapped): - cut Options: -r base: Use base as an RBL source. An IP address a.b.c.d is listed by that source if d.c.b.a.base has a TXT record. rblsmtpd uses the contents of the TXT record as an error message for the client. - cut and: - cut You may supply any number of -r and -a options. rblsmtpd tries each source in turn until it finds one that lists or anti-lists $TCPREMOTEIP. It also tries an RBL source of rbl.maps.vix.com if you do not supply any -r options. See http://maps.vix.com/rbl/ for more information about rbl.maps.vix.com. If you want to run your own RBL source or anti-RBL source for rblsmtpd, you can use rbldns from the djbdns package. - cut I didn't try this, but imho this clearly says "-r maps.vix.com gets you the default behaviour of asking Paul Vixie". So, what's the problem? You need to axfr the zone from somewhere and massage that into a cdb the rbldns would probably use. That could be done with a cron job. How much mail you then deny is up to you... But that's one thing every sysadmin has to decide for oneself, do I have a default closed (-c) or open (-C) setup when my rbl servers fail? Best Regards, --Toni++
Re: rblsmtpd lookup timeouts for slow/broken networks
On Tue, Sep 12, 2000 at 07:06:47PM -0500, Chris Hardie wrote: -If rblsmtpd can't talk to the RBL server, what sort of error does it issue to the connecting server? Temporary or permanent? Is it just the default 60 second timeout? From http://cr.yp.to/ucspi-tcp/rblsmtpd.html: There are several error-handling options for RBL lookups: -B: (Default.) Use a 451 error code for IP addresses listed in the RBL. -b: Use a 553 error code for IP addresses listed in the RBL. -C: (Default.) Handle RBL lookups in a ``fail-open'' mode. If an RBL lookup fails temporarily, assume that the address is not listed; if an anti-RBL lookup fails temporarily, assume that the address is anti-listed. Unfortunately, a knowledgeable attacker can force an RBL lookup or an anti-RBL lookup to fail temporarily, so that his mail is not blocked. -c: Handle RBL lookups in a ``fail-closed'' mode. If an RBL lookup fails temporarily, assume that the address is listed (but use a 451 error code even with -b). If an anti-RBL lookup fails temporarily, assume that the address is not anti-listed (but use a 451 error code even if a subsequent RBL lookup succeeds with -b). Unfortunately, this sometimes delays legitimate mail. The default -C seems to cover you in this case. Chris
Re: rblsmtpd
try: /usr/local/bin/tcpserver -v -H -R -l mydomain -x /etc/tcp.smtp.cdb -u \ $QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/rblsmtpd \ /var/qmail/bin/qmail-smtpd 21 and you should be set. -steve On 09/05/00 @ 03:26PM, Manuel Gisbert wrote: Anyone ever used DJBs rblsmtp daemon to prevent spam? Could someone tell me where to insert rblsmtpd in my ../supervise/run script. The docs at cr.yp.to are a bit thin, at least for me ;-) my current run script looks like the following: exec /usr/local/bin/softlimit -m 400 Thanx Manuel
Re: rblsmtpd
Manuel, On Tue, 5 Sep 2000, Manuel Gisbert wrote: Anyone ever used DJBs rblsmtp daemon to prevent spam? Could someone tell me where to insert rblsmtpd in my ../supervise/run script. The docs at cr.yp.to are a bit thin, at least for me ;-) my current run script looks like the following: exec /usr/local/bin/softlimit -m 400 /usr/local/bin/tcpserver -v -H -R -l mydomain -x /etc/tcp.smtp.cdb -u $QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/qmail-smtpd 21 You must insert rblsmtpd call just before qmail-smtpd. See: exec /usr/local/bin/softlimit -m 400 \ /usr/local/bin/tcpserver -v -H -R -l mydomain -x /etc/tcp.smtp.cdb -u \ $QMAILDUID -g $NOFILESGID 0 smtp /path/to/rblsmtpd \ /var/qmail/bin/qmail-smtpd 21 Antonio Dias
Re: rblsmtpd emergency
You're right -- there's no doubt that the TXT record is useful (or was ;-) ). But my point is that the lookups (according to the spec) were to be done on A records, and the TXT records fetched if you wanted that description. This is two lookups, so no qmail person would settle for that (humour). That was the jist of my original coment. - Original Message - From: "Mate Wierdl" [EMAIL PROTECTED] On Thu, Aug 17, 2000 at 06:34:21PM -0400, Michael T. Babcock wrote: The best approach to this is to have rblsmtpd use A records, as it should have from the beginning (that's what you get for optimising solely for speed, not for correctness). But then the TXT record is really useful: it does give a clue to the client how to get out of the mess.
Re: rblsmtpd emergency
- Original Message - From: "Mate Wierdl" [EMAIL PROTECTED] On Wed, Aug 16, 2000 at 09:55:53AM -0500, Ben Beuchler wrote: On Wed, Aug 16, 2000 at 07:08:28AM -0500, Mate Wierdl wrote: That would not allow for the rapid changes necessary in a blackhole list. Imagine you are an ISP with several thousand customers. Through an oversight, your mail server is blacklisted. Would you rather wait for the tens or hundreds of thousands of sysadmins out there administering mail servers to remove you from their blackhole list or just submit it to the maintainer of the list and have it fixed in minute or hours? The fact is a few thousand mail servers running rblsmtpd cannot use relays.mail-abuse.org. So now they all have to apply for a domain so that they can use rbldns. Or they can start patching rblsmtpd to use A records---until relays.mail-abuse.org will change the record structure again. The best approach to this is to have rblsmtpd use A records, as it should have from the beginning (that's what you get for optimising solely for speed, not for correctness).
Re: rblsmtpd emergency
On Thu, Aug 17, 2000 at 06:34:21PM -0400, Michael T. Babcock wrote: The best approach to this is to have rblsmtpd use A records, as it should have from the beginning (that's what you get for optimising solely for speed, not for correctness). But then the TXT record is really useful: it does give a clue to the client how to get out of the mess. Mate
Re: rblsmtpd emergency
On Wed, Aug 16, 2000 at 07:08:28AM -0500, Mate Wierdl wrote: BTWY, I know many people are attached to using DNS for rbl lookups, but would not it be relatively simple to implement a server software using tcpserver that would just lookup an IP number in a .cdb database of IP numbers, and send an appropriate response? A client might be similarly simple to implement using tcpclient. That would not allow for the rapid changes necessary in a blackhole list. Imagine you are an ISP with several thousand customers. Through an oversight, your mail server is blacklisted. Would you rather wait for the tens or hundreds of thousands of sysadmins out there administering mail servers to remove you from their blackhole list or just submit it to the maintainer of the list and have it fixed in minute or hours? Ben -- Ben Beuchler [EMAIL PROTECTED] MAILER-DAEMON (612) 321-9290 x101 Bitstream Underground www.bitstream.net
Re: rblsmtpd emergency
On Wed, Aug 16, 2000 at 09:55:53AM -0500, Ben Beuchler wrote: On Wed, Aug 16, 2000 at 07:08:28AM -0500, Mate Wierdl wrote: BTWY, I know many people are attached to using DNS for rbl lookups, but would not it be relatively simple to implement a server software using tcpserver that would just lookup an IP number in a .cdb database of IP numbers, and send an appropriate response? A client might be similarly simple to implement using tcpclient. That would not allow for the rapid changes necessary in a blackhole list. Imagine you are an ISP with several thousand customers. Through an oversight, your mail server is blacklisted. Would you rather wait for the tens or hundreds of thousands of sysadmins out there administering mail servers to remove you from their blackhole list or just submit it to the maintainer of the list and have it fixed in minute or hours? I do not understand this comment: it seems you are arguing against the very existence of rbldns. And I was asking if rbldns could be implemented in a less restrictive way---without the need for a domain delegation. As a separate but related question, I was also asking if DNS needs to be involved in the first place. The fact is a few thousand mail servers running rblsmtpd cannot use relays.mail-abuse.org. So now they all have to apply for a domain so that they can use rbldns. Or they can start patching rblsmtpd to use A records---until relays.mail-abuse.org will change the record structure again. To address your concern: a reasonable site running rbldns would transfer the zone from relays.mail-abuse.org frequently, so a change at relays.mail-abuse.org would propagate to the mirrors quite quickly. Mate
Re: rblsmtpd and relays.mail-abuse.org
I'm using it too -- but everything seemed fine with the patch so ... - Original Message - From: "Jon Rust" [EMAIL PROTECTED] Odd that this issue has been so quiet. Are there really so few people using rblsmtpd?
Re: rblsmtpd and relays.mail-abuse.org
Actually, no. The output from one is automatically sent to the input of the next as they execute each other. The "\"'s are to allow the commands to be on multiple lines. - Original Message - * Robert Sander ([EMAIL PROTECTED]) [11 Aug 2000 04:07]: It seems to me that rblsmtpd can only take one "-r" at a time, as I have version 0.70 that may be a bit old. But they can be ordered in a row, as in rblsmtpd -r rbl.maps.vix.com \ rblsmtpd -r dul.maps.vix.com \ rblsmtpd -r relays.mail-abuse.org ... I believe you meant to write: rblsmtpd -r rbl.maps.vix.com | rblsmtpd -r dul.maps.vix.com | rblsmtpd -r relays.mail-abuse.org ...
Re: rblsmtpd and relays.mail-abuse.org
On Thu, Aug 10, 2000 at 09:33:22AM -0700, Jon Rust wrote: snip /usr/local/bin/rblsmtpd -b -t10\ -r rbl.maps.vix.com \ -r dul.maps.vix.com \ -r relays.mail-abuse.org snip It seems to me that rblsmtpd can only take one "-r" at a time, as I have version 0.70 that may be a bit old. But they can be ordered in a row, as in rblsmtpd -r rbl.maps.vix.com \ rblsmtpd -r dul.maps.vix.com \ rblsmtpd -r relays.mail-abuse.org ... That seems to be fixed with the version of rblsmtpd in ucspi-tcp 0.86 Greetings -- Robert Sander Epigenomics AG www.epigenomics.de Kastanienallee 24 +493024345330 10435 Berlin
Re: rblsmtpd and relays.mail-abuse.org
On Fri, Aug 11, 2000 at 07:13:05AM -0400, Russell P. Sutherland wrote: * Robert Sander ([EMAIL PROTECTED]) [11 Aug 2000 04:07]: It seems to me that rblsmtpd can only take one "-r" at a time, as I have version 0.70 that may be a bit old. But they can be ordered in a row, as in rblsmtpd -r rbl.maps.vix.com \ rblsmtpd -r dul.maps.vix.com \ rblsmtpd -r relays.mail-abuse.org ... I believe you meant to write: rblsmtpd -r rbl.maps.vix.com | rblsmtpd -r dul.maps.vix.com | rblsmtpd -r relays.mail-abuse.org ... That seems to be fixed with the version of rblsmtpd in ucspi-tcp 0.86 Yes. How is this handled in ucspi-tcp-0.88 when you want to use -b for some zones and not for others? Still have to run multiple instances? --Adam
Re: rblsmtpd and relays.mail-abuse.org
On Fri, Aug 11, 2000 at 07:13:05AM -0400, Russell P. Sutherland wrote: * Robert Sander ([EMAIL PROTECTED]) [11 Aug 2000 04:07]: It seems to me that rblsmtpd can only take one "-r" at a time, as I have version 0.70 that may be a bit old. But they can be ordered in a row, as in rblsmtpd -r rbl.maps.vix.com \ rblsmtpd -r dul.maps.vix.com \ rblsmtpd -r relays.mail-abuse.org ... I believe you meant to write: rblsmtpd -r rbl.maps.vix.com | rblsmtpd -r dul.maps.vix.com | rblsmtpd -r relays.mail-abuse.org ... No--his way was correct. Chris
Re: rblsmtpd and relays.mail-abuse.org
Jon Rust [EMAIL PROTECTED] writes on 10 August 2000 at 10:35:18 -0700 Odd that this issue has been so quiet. Are there really so few people using rblsmtpd? Nothing to say. I need to apply the patch and update my config lines, but haven't yet. -- Photos: http://dd-b.lighthunters.net/ Minicon: http://www.mnstf.org/minicon Bookworms: http://ouroboros.demesne.com/ SF: http://www.dd-b.net/dd-b David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]
Re: rblsmtpd and relays.mail-abuse.org
On Thu, Aug 10, 2000 at 12:55:57PM -0400, Hubbard, David wrote: I've been reading more of the archives about this rblsmtpd issue lately and I think what has happened is that the relays.mail-abuse.org DNS no longer has the TXT entries in it that rblsmtpd looks for. Did this spam that got through your server come from a host in the open-relays database or the maps? Does anyone know if the other services, not relays.mail-abuse.org, have made the same change or are going to? If they did, it would prevent rblsmtpd from working with them too correct? Do you think DJB would make a new rblsmtpd release to make it work with these new no-TXT maps DNS servers? Thanks, Dave Correct. I did some research too (should have before posting :-/). rblsmtpd works by rejecting connections from servers with TXT records at the various "RBLs." On Aug 8th, RSS stopped using TXT records entirely. All along there has also been an A record for each listed address, so you can still use that, and in fact, rblcheck uses the A records for its check. I applied the patch at http://www.cqc.com/~pacman/projects/rblsmtpd-rss/ posted by pacman Aug 9th I believe. This patch allows you to tell rblsmtpd to use A records for certain RBLs. It seems to be working just fine. Odd that this issue has been so quiet. Are there really so few people using rblsmtpd? jon
RE: rblsmtpd and relays.mail-abuse.org
I've been reading more of the archives about this rblsmtpd issue lately and I think what has happened is that the relays.mail-abuse.org DNS no longer has the TXT entries in it that rblsmtpd looks for. Did this spam that got through your server come from a host in the open-relays database or the maps? Does anyone know if the other services, not relays.mail-abuse.org, have made the same change or are going to? If they did, it would prevent rblsmtpd from working with them too correct? Do you think DJB would make a new rblsmtpd release to make it work with these new no-TXT maps DNS servers? Thanks, Dave -Original Message- From: Jon Rust To: [EMAIL PROTECTED] Sent: 8/10/00 12:33 PM Subject: rblsmtpd and relays.mail-abuse.org While checking out a spam I received this morning I noticed that rblcheck finds it in the RSS. Hrmf. I run rblsmtpd so I'm not clear on how it got through: snip /usr/local/bin/rblsmtpd -b -t10\ -r rbl.maps.vix.com \ -r dul.maps.vix.com \ -r relays.mail-abuse.org snip According to the RSS it was added yesterday at 1700 PDT. The address is 133.5.173.200 if you want to test for yourself. I vaguely remember someone mentioning a patch for rblsmtpd, but not a whole lot of discussion on why it's not working anymore. Anyone got the low-down? Anyone tried the patch? Thanks, jon
Re: rblsmtpd
See 'man rblsmtpd'. Briefly, you don't set the var normally. If the var is set, but empty, rblsmtpd won't block the mail in any case. If the var is set to an actual value, it will block the mail. You can set the var in your tcp.smtp CDB file like so: 63.88.133.:allow,RBLSMTPD="-Yesmail email is not wanted here" The 'allow' is misleading. It says to allow the TCP connection, but not necessarily to allow the mail. The $RBLSMTPD var being set tells rblsmtpd to reject the mail. HTH, jon On Wed, Aug 02, 2000 at 12:31:21PM +0100, Slider wrote: Hi, Some rather basic questions How do I set the $RBLSMTPD environment variable in order for rblsmtpd to block incoming rbl mails? Does rblsmtpd need it's own daemon or can it be integrated with the smtpd daemon if so how? Thanks AC
Re: rblsmtpd
Jon Rust wrote: See 'man rblsmtpd'. :-) No man page for rblsmtpd, at least on my 6-month old package. Docs are actually on the rblsmtpd download page. [snip.] Some rather basic questions How do I set the $RBLSMTPD environment variable in order for rblsmtpd to block incoming rbl mails? Does rblsmtpd need it's own daemon or can it be integrated with the smtpd daemon if so how?
Re: rblsmtpd and not bouncing
On Tue, Jul 25, 2000 at 05:27:28PM -0400, Michael T. Babcock wrote: I would like to offer an option similar to pobox.com's [spam: 84%] "Subject:" munging for incoming messages from RBL or RSS listed sites. Instead of actually bouncing the message as RBLSMTPD does, allow the message but add [spam - rbl] or [spam - rss] or the like to the Subject: field of the messages in question. I'm wondering if anyone else has done this before I go making a completely modified version of rblsmtpd to do so. I think the way to go is SpamBouncer (http://www.spambouncer.org/), procmail -m and the qmail-queue patch (Let spambouncer look at all incoming messages.) rblsmtpd basically runs INSTEAD of smtpd, and denies accepting the message. Okay, s/the way/one way/. -Johan -- Johan Almqvist
Re: rblsmtpd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11 Jul 00, at 15:24, Aaron Nowalk wrote: So that appears to work. Now, heres with the -r option: root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r maps.vix.com echo whoops whoops So with the -r option, it looks like it goes through. That's because "maps.vix.com" is no RBL zone. You want dul.maps.vix.com or rbl.maps.vix.com. -BEGIN PGP SIGNATURE- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBOWwCglMwP8g7qbw/EQJQ6wCfVXEsAKlgVQnexzrqV0tuyMQKUPoAn2Ah EPFbDBUuOaq/oJ4okPuNUdSJ =Mm0W -END PGP SIGNATURE- -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz PGP key ID: 0x3BA9BC3F -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]
Re: rblsmtpd
On Tue, 11 Jul 2000, Eric Cox wrote: Aaron Nowalk wrote: On Tue, 11 Jul 2000, Peter Green wrote: also sprach amnowalk: root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r maps.vix.com echo whoops whoops The zone is ``rbl.maps.vix.com'', NOT simply ``maps.vix.com''. :) Tried that with no luck. Its still getting through. ARGH! Once again, any suggestions?!? You said you tried env TCPREMOTEIP=127.0.0.2 rblsmtpd echo "got thru" but have you specifically tried env TCPREMOTEIP=127.0.0.2 rblsmtpd -r rbl.maps.vix.com echo "got thru" and got the "blackholed" notice? Yep. :( root@x:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r rbl.maps.vix.com echo "got thru" rblsmtpd: 127.0.0.2 pid 9212: 451 Blackholed - see URL:http://mail-abuse.org/cgi-bin/lookup?127.0.0.2 220 rblsmtpd.local quit 221 rblsmtpd.local Eric
Re: rblsmtpd
Scratch that last one. Got it working. Had to specify the IP address in the tcpserver command line. Instead of: /usr/local/bin/tcpserver -u 102 -g 100 -x /usr/local/etc/ip/tcp.smtp.cdb smtp 0 I had replace '0' with the IP of my machine. Alls good now. Thanks everyone, for your help! -Aaron Nowalk =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | Systems Engineer - Stargate Industries, LLC | | mailto: [EMAIL PROTECTED] www.stargate.net | | 412.316.7827 voice 412.316.7899 facsimile | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Real Internet. Real Easy On Wed, 12 Jul 2000, Aaron Nowalk wrote: On Tue, 11 Jul 2000, Eric Cox wrote: Aaron Nowalk wrote: On Tue, 11 Jul 2000, Peter Green wrote: also sprach amnowalk: root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r maps.vix.com echo whoops whoops The zone is ``rbl.maps.vix.com'', NOT simply ``maps.vix.com''. :) Tried that with no luck. Its still getting through. ARGH! Once again, any suggestions?!? You said you tried env TCPREMOTEIP=127.0.0.2 rblsmtpd echo "got thru" but have you specifically tried env TCPREMOTEIP=127.0.0.2 rblsmtpd -r rbl.maps.vix.com echo "got thru" and got the "blackholed" notice? Yep. :( root@x:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r rbl.maps.vix.com echo "got thru" rblsmtpd: 127.0.0.2 pid 9212: 451 Blackholed - see URL:http://mail-abuse.org/cgi-bin/lookup?127.0.0.2 220 rblsmtpd.local quit 221 rblsmtpd.local Eric
Re: rblsmtpd
I've tried it both ways. Doesn't seem to make a difference :( -Aaron Nowalk =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | Systems Engineer - Stargate Industries, LLC | | mailto: [EMAIL PROTECTED] www.stargate.net | | 412.316.7827 voice 412.316.7899 facsimile | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Real Internet. Real Easy On Mon, 10 Jul 2000, Eric Cox wrote: Aaron Nowalk wrote: Hi! I'm in dire need of some help here. I've been working on getting rblsmtpd up and running with tcpserver and am having no luck at all. I've searched the mailing list back and fourth and still can't find a thing. Heres what I got: tcpserver invocation: /usr/local/bin/tcpserver -x /usr/local/etc/ip/tcp.smtp.cdb /usr/local/b in/rblsmtpd -rrelays.radparker.com /var/qmail/bin/qmail-smtpd 21 ^ You may need a space here (where I've marked with ^), at least that's the way mine is configured - of course I'm not running tcpserver so you may have another problem. Eric
Re: rblsmtpd
I've been working on this all day again! Anyone out there have _any_ suggestions? Once again, heres the info: /usr/local/bin/tcpserver -u 102 -g 100 -x /usr/local/etc/ip/tcp.smt p.cdb 0 smtp /usr/local/bin/rblsmtpd -rrelays.radparker.com /var/qmail/bin/qmail-smtpd 21 I'm running qmail1-03 on a Sparc 5 running Solaris 7. I'd really appreciate any help anyone has to offer. Thanks. -Aaron Nowalk =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | Systems Engineer - Stargate Industries, LLC | | mailto: [EMAIL PROTECTED] www.stargate.net | | 412.316.7827 voice 412.316.7899 facsimile | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Real Internet. Real Easy On Mon, 10 Jul 2000, Eric Cox wrote: Aaron Nowalk wrote: Hi! I'm in dire need of some help here. I've been working on getting rblsmtpd up and running with tcpserver and am having no luck at all. I've searched the mailing list back and fourth and still can't find a thing. Heres what I got: tcpserver invocation: /usr/local/bin/tcpserver -x /usr/local/etc/ip/tcp.smtp.cdb /usr/local/b in/rblsmtpd -rrelays.radparker.com /var/qmail/bin/qmail-smtpd 21 ^ You may need a space here (where I've marked with ^), at least that's the way mine is configured - of course I'm not running tcpserver so you may have another problem. Eric
Re: rblsmtpd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11 Jul 00, at 14:02, Aaron Nowalk wrote: I've been working on this all day again! Anyone out there have _any_ suggestions? Once again, heres the info: /usr/local/bin/tcpserver -u 102 -g 100 -x /usr/local/etc/ip/tcp.smt p.cdb 0 smtp /usr/local/bin/rblsmtpd -rrelays.radparker.com /var/qmail/bin/qmail-smtpd 21 Hi, 1. Is all the stuff on one line? 2. Does rblsmtpd really live in /usr/local/bin? 3. Does "relays.radparker.com" really live? To me it seems it's dead. You may test your rblsmtpd like this: env TCPREMOTEIP=127.0.0.2 rblsmtpd -r relays.radparker.com echo hello (all on one line) and see what happens. You may also test with different IPs. I'm running qmail1-03 on a Sparc 5 running Solaris 7. I'd really appreciate any help anyone has to offer. Thanks. -Aaron Nowalk =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | Systems Engineer - Stargate Industries, LLC | | mailto: [EMAIL PROTECTED] www.stargate.net | | 412.316.7827 voice 412.316.7899 facsimile | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Real Internet. Real Easy On Mon, 10 Jul 2000, Eric Cox wrote: Aaron Nowalk wrote: Hi! I'm in dire need of some help here. I've been working on getting rblsmtpd up and running with tcpserver and am having no luck at all. I've searched the mailing list back and fourth and still can't find a thing. Heres what I got: tcpserver invocation: /usr/local/bin/tcpserver -x /usr/local/etc/ip/tcp.smtp.cdb /usr/local/b in/rblsmtpd -rrelays.radparker.com /var/qmail/bin/qmail-smtpd 21 ^ You may need a space here (where I've marked with ^), at least that's the way mine is configured - of course I'm not running tcpserver so you may have another problem. Eric -BEGIN PGP SIGNATURE- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBOWtXalMwP8g7qbw/EQInAQCgpYdjpliOwHiYpE4SUO8/INFgTqMAn2u5 W+/FGY5CXjfLlu4ibrJs7bGL =FRIk -END PGP SIGNATURE- -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz PGP key ID: 0x3BA9BC3F -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]
Re: rblsmtpd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11 Jul 00, at 14:31, Aaron Nowalk wrote: 3. Does "relays.radparker.com" really live? To me it seems it's dead. I can ping it and I've tried changing the hostname to maps.vix.com in the tcpserver rc script. Well yes, it pings, but does it serve out any meaningful information? (Let me remind you that "no record" means "host is OK"; it the zone is empty, no machine will be considered spam- source.) You may test your rblsmtpd like this: env TCPREMOTEIP=127.0.0.2 rblsmtpd -r relays.radparker.com echo hello (all on one line) and see what happens. You may also test with different IPs. I tried and I always get "hello." I'm really stumped! What if you try without the -r parameter? env TCPREMOTEIP=127.0.0.2 rblsmtpd echo whoops It doesn't get through on my comp. -BEGIN PGP SIGNATURE- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBOWtccVMwP8g7qbw/EQIOswCeJt4iatiKpxNdzxHKsMl7r1VQLMcAn2tL uLOFdORnR/dNfuJCES3/Re/9 =5OoL -END PGP SIGNATURE- -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz PGP key ID: 0x3BA9BC3F -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]
Re: rblsmtpd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11 Jul 00, at 14:31, Aaron Nowalk wrote: 3. Does "relays.radparker.com" really live? To me it seems it's dead. I can ping it and I've tried changing the hostname to maps.vix.com in the tcpserver rc script. Well yes, it pings, but does it serve out any meaningful information? (Let me remind you that "no record" means "host is OK"; it the zone is empty, no machine will be considered spam- source.) Heres what I get when I try it without any options from the command line: root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd echo whoops rblsmtpd: pid 6387: 451 Blackholed - see URL:http://mail-abuse.org/cgi-bin/lookup?127.0.0.2 220 rblsmtpd.local quit 221 rblsmtpd.local So that appears to work. Now, heres with the -r option: root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r maps.vix.com echo whoops whoops So with the -r option, it looks like it goes through. I tried removing the -r option from my tcpserver startup script and it doesn't seem to help. Still getting Nelsons friendly "UH OH! Your RBL blocker isn't working!!!" You may test your rblsmtpd like this: env TCPREMOTEIP=127.0.0.2 rblsmtpd -r relays.radparker.com echo hello (all on one line) and see what happens. You may also test with different IPs. I tried and I always get "hello." I'm really stumped! What if you try without the -r parameter? env TCPREMOTEIP=127.0.0.2 rblsmtpd echo whoops It doesn't get through on my comp. -BEGIN PGP SIGNATURE- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBOWtccVMwP8g7qbw/EQIOswCeJt4iatiKpxNdzxHKsMl7r1VQLMcAn2tL uLOFdORnR/dNfuJCES3/Re/9 =5OoL -END PGP SIGNATURE- -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz PGP key ID: 0x3BA9BC3F -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]
Re: rblsmtpd
also sprach amnowalk: Heres what I get when I try it without any options from the command line: root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd echo whoops rblsmtpd: pid 6387: 451 Blackholed - see URL:http://mail-abuse.org/cgi-bin/lookup?127.0.0.2 220 rblsmtpd.local quit 221 rblsmtpd.local So that appears to work. Now, heres with the -r option: Good. root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r maps.vix.com echo whoops whoops The zone is ``rbl.maps.vix.com'', NOT simply ``maps.vix.com''. :) /pg -- Peter Green : Gospel Communications Network, SysAdmin : [EMAIL PROTECTED] --- Although the Perl Slogan is There's More Than One Way to Do It, I hesitate to make 10 ways to do something. :-) --- Larry Wall in [EMAIL PROTECTED]
Re: rblsmtpd
On Tue, 11 Jul 2000, Peter Green wrote: also sprach amnowalk: Heres what I get when I try it without any options from the command line: root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd echo whoops rblsmtpd: pid 6387: 451 Blackholed - see URL:http://mail-abuse.org/cgi-bin/lookup?127.0.0.2 220 rblsmtpd.local quit 221 rblsmtpd.local So that appears to work. Now, heres with the -r option: Good. root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r maps.vix.com echo whoops whoops The zone is ``rbl.maps.vix.com'', NOT simply ``maps.vix.com''. :) Tried that with no luck. Its still getting through. ARGH! Once again, any suggestions?!? /usr/local/bin/tcpserver -u 102 -g 100 -x /usr/local/etc/ip/tcp.smtp .cdb 0 smtp /usr/local/bin/rblsmtpd -r rbl.maps.vix.com /var/qmail/bin/qmail-smt pd 2 1 |\ /pg -- Peter Green : Gospel Communications Network, SysAdmin : [EMAIL PROTECTED] --- Although the Perl Slogan is There's More Than One Way to Do It, I hesitate to make 10 ways to do something. :-) --- Larry Wall in [EMAIL PROTECTED]
Re: rblsmtpd
Aaron Nowalk wrote: On Tue, 11 Jul 2000, Peter Green wrote: also sprach amnowalk: root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r maps.vix.com echo whoops whoops The zone is ``rbl.maps.vix.com'', NOT simply ``maps.vix.com''. :) Tried that with no luck. Its still getting through. ARGH! Once again, any suggestions?!? You said you tried env TCPREMOTEIP=127.0.0.2 rblsmtpd echo "got thru" but have you specifically tried env TCPREMOTEIP=127.0.0.2 rblsmtpd -r rbl.maps.vix.com echo "got thru" and got the "blackholed" notice? Eric
Re: rblsmtpd
Aaron Nowalk wrote: Hi! I'm in dire need of some help here. I've been working on getting rblsmtpd up and running with tcpserver and am having no luck at all. I've searched the mailing list back and fourth and still can't find a thing. Heres what I got: tcpserver invocation: /usr/local/bin/tcpserver -x /usr/local/etc/ip/tcp.smtp.cdb /usr/local/b in/rblsmtpd -rrelays.radparker.com /var/qmail/bin/qmail-smtpd 21 ^ You may need a space here (where I've marked with ^), at least that's the way mine is configured - of course I'm not running tcpserver so you may have another problem. Eric
Re: rblsmtpd + multiple listings
Mark E. Drummond writes: I am a bit confused ... I am looking at Aaron Nabil's patch to allow rblsmtpd to use multiple listing services ... but does rblsmtpd not already support multiple services? Of course it does, I'm using the rbl and relays.mail-abuse right now. Why the patch? rblsmtpd lets you invoke multiple instances of itself. Aaron's patch allows you to avoid an extra exec() of the same program. -- -russ nelson [EMAIL PROTECTED] http://russnelson.com Crynwr sells support for free software | PGPok | "Ask not what your country 521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | do for you..." -Perry M.
Re: rblsmtpd + multiple listings
On Mon, Mar 06, 2000 at 09:39:41AM -0500, Russell Nelson wrote: rblsmtpd lets you invoke multiple instances of itself. Aaron's patch allows you to avoid an extra exec() of the same program. Ah! I see. I guess I'll keep an eye on the load and see what happens as I add other listings. My MX is currently pretty lightly taxed ... a dual Sun E250 with 1GB of RAM running qmail+scan4virus(one virus scanner only)+rbl+relays and currently only handling incoming mail for ~2300 people. Load is always 0.3. -- __ Mark Drummond|ICQ#19153754|mailto:[EMAIL PROTECTED] Gang Warily|http://signals.rmc.ca/ Kingston Linux Users Group|http://signals.rmc.ca/klug/
Re: rblsmtpd patched for multiple lookups
The patch is now in production use on my mail system and nothing has exploded yet. http://www.spiritone.com/~nabil/multirbls.diff nabil writes... Since I didn't see any in the mailing list archives, here are some diffs to patch rblsmtpd to support multiple RBL's. Caveat is that I've only been using these for speed testing different RBL schemes, but it does seem to work as intended. You can test it with something like... -- Aaron Nabil
Re: rblsmtpd error redirection?
On Mon, May 03, 1999 at 05:12:28PM -0500, Barton wrote: Hi, I am running rblsmtpd under tcpserver, and I would like the error messages to be saved to a log file instead of being directed to stderr. Is there a way that I can do this? Pipe the output to splogger or cyclog (which comes with the daemontools package). Chris
Re: rblsmtpd just defers to my mx backup, so I get the spam :-(
On Mon, 29 Mar 1999, Peter Gradwell wrote: [snip] Given that rblsmtpd only ever defer's mail, and it doesn't actually reject it (to give sys admins time to fix their broken systems) is it likely that the spam is going to reach me via my relay every time? If so, would it be possible to have rblsmtpd actually bounce the mail for people on the dul list? At least in version 0.70, -b will do what you want, as documented in 'man rblsmtpd'. It seems you can't win really :-( peter. -- peter at gradwell dot com; online @ http://www.gradwell.com/ "To look back all the time is boring. Excitement lies in tomorrow" -- "Life is much too important to be taken seriously." Thomas Erskine[EMAIL PROTECTED](613) 998-2836
Re: rblsmtpd just defers to my mx backup, so I get the spam :-(
From: Peter Gradwell [EMAIL PROTECTED] : If so, would it be possible to have rblsmtpd actually bounce the mail : for people on the dul list? : : It seems you can't win really :-( Using -b on the command line will tell rblsmtpd to use a permanent error code (553) instead of a temporary one. --Adam
Re: rblsmtpd not blocking
You cannot specify two separate -r parameters to 1 instance of rblsmtpd. You must run two separate rblsmtpd instances. The first one runs the second. On Wed, 10 Mar 1999, torben fjerdingstad wrote: I have verified that orbs's host are not blocked with my setup. I dont see what's wrong. What exactly should I do? Also: Can I get denials logged? Here is my complete startup script (AIX-4.2.1): /usr/local/bin/supervise /usr/local/qmail/supervise/qmail-send env - \ PATH="/usr/local/qmail/bin:$PATH" \ TZ=MET-1METDST,M3.5.0,M10.5.0 \ qmail-start ./Mailbox /usr/local/bin/accustamp|/usr/local/bin/setuser qm aill \ /usr/local/bin/cyclog -s14000 -n2 /var/adm/maillog qmail /usr/local/bin/supervise /usr/local/qmail/supervise/tcpserver env - \ PATH="/usr/local/bin:$PATH" TZ=MET-1METDST,M3.5.0,M10.5.0 \ tcpserver -x /usr/local/etc/tcp.smtp.cdb \ -v -p -t 5 -c 400 -b 40 -u 203 -g 200 0 \ smtp /usr/local/bin/smtplog \ /usr/local/bin/rblsmtpd -rrelays.orbs.org -rrbl.maps.vix.com \ This should be 2 rblsmtpd calls: /usr/local/bin/rblsmtpd -r relays.orbs.org \ /usr/local/bin/rblsmtpd \ (The -r rbl.maps.vix.com is not needed.) /usr/local/qmail/bin/qmail-smtpd 21 \ | /usr/local/bin/accustamp \ | /usr/local/bin/cyclog -s14000 -n2 /var/adm/smtpd smtpd 3 -- Med venlig hilsen / Regards Netdriftgruppen / Network Management Group UNI-C Tlf./Phone +45 35 87 89 41Mail: UNI-C Fax. +45 35 87 89 90 Bygning 304 E-mail: [EMAIL PROTECTED] DK-2800 Lyngby - Timothy L. Mayo mailto:[EMAIL PROTECTED] Senior Systems Administrator localconnect(sm) http://www.localconnect.net/ The National Business Network Inc. http://www.nb.net/ One Monroeville Center, Suite 850 Monroeville, PA 15146 (412) 810- Phone (412) 810-8886 Fax
Re: rblsmtpd not blocking
On Wed, Mar 10, 1999 at 11:00:04AM -0500, Timothy L. Mayo wrote: You cannot specify two separate -r parameters to 1 instance of rblsmtpd. You must run two separate rblsmtpd instances. The first one runs the second. Clumsy. But it works now, with two instances of rblsmtpd. Thanks to all. On Wed, 10 Mar 1999, torben fjerdingstad wrote: I have verified that orbs's host are not blocked with my setup. I dont see what's wrong. What exactly should I do? Also: Can I get denials logged? Here is my complete startup script (AIX-4.2.1): [ cut ] /usr/local/bin/rblsmtpd -rrelays.orbs.org -rrbl.maps.vix.com \ This should be 2 rblsmtpd calls: /usr/local/bin/rblsmtpd -r relays.orbs.org \ /usr/local/bin/rblsmtpd \ (The -r rbl.maps.vix.com is not needed.) /usr/local/qmail/bin/qmail-smtpd 21 \ | /usr/local/bin/accustamp \ | /usr/local/bin/cyclog -s14000 -n2 /var/adm/smtpd smtpd 3 - Timothy L. Mayo mailto:[EMAIL PROTECTED] Senior Systems Administrator localconnect(sm) http://www.localconnect.net/ -- Med venlig hilsen / Regards Netdriftgruppen / Network Management Group UNI-C Tlf./Phone +45 35 87 89 41Mail: UNI-C Fax. +45 35 87 89 90 Bygning 304 E-mail: [EMAIL PROTECTED] DK-2800 Lyngby
