Jeremy Kitchen wrote:
On Monday 05 July 2004 08:44 pm, Eduardo M. Bragatto wrote:What happens in the case that more than one RBL has the same blocked
address? Which one actually blocks the smtp session? The one that
answers first, or rblsmtpd waits until one to respond, before asking to
another one? In that case, it askes in the same order that the
parameters are given?
the first one. If rblsmtpd finds a match, it doesn't bother wasting any more bandwith on the fool, and sends them a nice FU :)
So, in that case, I may think that the first list given is more effective than others, since it will always be checked first and because of that, may blocks more than others...
Is it right? I'm asking it because, like Simon (who started this thread), I also noticied more lists blocking than others...
here's my call to the rbl's. i prefer to give some info in the 'FU' response, to at least give them a clue where to start. we dropped spamcop a while back, as they were listing some sites that - while they may at times be sources of spam - are not in the main spam sites - such as tropica. we had a number of customer complaints from people who were subscribed to legitimate mailing lists through tropica, when spamcop did a blanket blacklist of their address space. uncool.
anyway, here's what we use:
/usr/local/bin/rblsmtpd -C \ -a whitelist.example.com \ -r "sbl-xbl.spamhaus.org:\ Probable spam connection rejected. Details at http://www.spamhaus.org" \ -r "list.dsbl.org:\ Probable spam connection rejected. Details at http://www.dsbl.org" \ -r "relays.ordb.org:\ Probable spam connection rejected. Details at http://www.ordb.org/faq" \ -t10 \ /var/qmail/bin/qmail-smtpd 2>&1
the whitelist call is to put in some custom rules by customer request, though ultimately it's simpler to just list them in /service/smtpd/tcp. the '-t10' ensures that if one of the rbls isn't answering, it doesn't hang up smtp connections for a long time waiting.
Paul Theodoropoulos http://www.anastrophe.com http://www.smileglobal.com