Luca Morettoni
Versione Italiana
qmail-rblchk
qmail-rblchk filter all incoming mail and check if it comes from RBL listed IPs.
Support this project:
Installation
Download the package at
qmail-rblchk-2.4.1.tar.gz (Perugia, Italy)
qmail-rblchk-2.4.1.tar.gz (Cleveland, Ohio, USA) -->
Compile it with:
tar -xfz qmail-rblchk-[version].tar.gz
cd qmail-rblchk
make setup check
Edit conf-* files to set compile and install options.
If you use FreeBSD you can install qmail-rblchk
with his port:
cd /usr/ports/mail/qmail-rblchk
make install clean
Use
|qmail-rblchk [options] [/dir/]
qmail-rblchk is for use in .qmail to check the IP address from the Received: from lines.
It has the same function as rblsmtpd,
but the messages are checked at local delivery time, with this you can check the content
of the message simply redirecting it to another mailbox or address.
If a directory is given with dir all spam message are delivered to that directory
if it exist and is in Maildir format.
Directory name must start with a / or . (dot) and end with a /.
General options
- -h: show a sort program description;
- -s: add "X-Spam" header into the incoming mail (work only with delivery in dir/);
- -i NUM: ignore first NUM IPs found in the header;
- -x IP: do not check IP, try to find other address in header (you can ignore max 16 IPs);
- -m: check all IPs that find in mail header (default check only the first);
- -v: debug mode, make output more verbose;
- -p: don't check private IP classes:
- 127.0.0.0 - 127.255.255.255
- 10.0.0.0 - 10.255.255.255
- 172.16.0.0 - 172.31.255.255
- 192.168.0.0 - 192.168.255.255
- -q: quiet mode;
- -l LOG: redirect to file LOG program messages;
- -L DATA: write blocked IP address tu file DATA (you can use the
DATA file to build your RBL list, see example below);
- -c: turn on the condredirect compatibility mode for exit code.
Control options
- -r addr: request if a TXT record exist into addr;
- -R addr: request if a TXT record not exist into addr;
- -a addr: request if a A record not exist into addr;
- -A addr: request if a A record exist into addr;
- -C addr: request if a A or TXT record exist into addr,
if true the mail is not SPAM and the program exit;
- -X cdb: check if the sender IP is listed in cdb file, see
tcprules or EXAMPLES
section for the format
It's possible to use up to 32 control options to specify more RBL server; those are checked until
the first of them answere true and the mail will be tagged as a "spam" (unless you use -C
option).
If a mail come from a.b.c.d IP, the request that the program send to DNS server is:
d.c.b.a.addr where addr is the parameter that come after -r,
-R, -a or -A options.
Exit code
The exit code of program depends on use of -c option or delivery dir:
Message | Standard | with -c | with dir |
Normal | 0 | 1 | 0 |
Spam | 100 | 0 | 99 |
Problem | 111 | 111 | 111 |
Examples
This are some example of qmail-rblchk use, please read carefully dot-qmail(5),
qmail-command(8) and condredirect(1)
man pages to prevent lost of mail.
We check bl.spamcop.net and dialups.mail-abuse.org RBL list.
If the mail is spam the delivery fail and the sender will receive a bounce message.
# we discard all suspected mail
| qmail-rblchk -r bl.spamcop.net -r dialups.mail-abuse.org
We delivery all mail that comeis from RBL listed IPs to our spam Maildir.
# save spam-suspected mail in another Maildir
| qmail-rblchk -r bl.spamcop.net -r dialups.mail-abuse.org ../spam/
Same as above, but all spam message are delivered to me-spam address with condredirect
# save spam-suspected mail in another box
| condredirect me-spam qmail-rblchk -c -r bl.spamcop.net -r dialups.mail-abuse.org
Into contrib directory you can find a script (spam-report.sh) that
send to you some stats about qmail-rblchk filtering actions.
You must run qmail-rblchk with -l option (to have the logs),
after check the paths into the script and run it into crontab like this:
0 0 * * * spam-report.sh email_addr NUM
at 00:00 you receive at email_addr a mail like this (the script preserve
and gzip NUM old log files):
Date: 23 Jan 2006 00:00:03 -0000
From: luca@home.morettoni.local
To: luca@home.morettoni.local
Subject: qmail-rblchk report
qmail-rblchk report
===================
Messages:
total: 137
good: 76 (55.500%)
spam: 61 (44.500%)
Check:
DNS query: 306
over cdb: 122
RBL list usage:
list #1 hits: 11
list #2 hits: 32
list #3 hits: 16
cdb usage:
allowed IPs: 5
blocked IPs: 7
--
qmail-rblchk 2.4.1 - Luca Morettoni <luca@morettoni.net>
See more at morettoni.net
If you want to use a cdb file with the -X option, create a
rule file like that:
# allow mails from local network
192.168.0.:allow
# some spammer IPs
10.0.0.1:deny
1.2.3.4:deny
create the CDB file with:
tcprules rule.cdb rule.tmp < rule
and use in your .qmail file with:
| qmail-rblchk -X ./rule.cdb -r sbl-xbl.spamhaus.org ../spam/
if the IP is found in rule.cdb qmail-rblchk follow the rule in the
file:
- allow the message is good;
- deny the message is spam
if the IP is not listed qmail-rblchk continue with normal RBL checking.
You can insert into the CDB file a default rule (:allow or :deny), to
block or accept all other IPs.
Build your list
If you use the -L option you can build your private RBL list, remember
that qmail-rblchk only appends blocked IP to the file, filter it with
uniq before use. You can build your data file for
rbldns with the script contrib/rbllist.sh.
With the utility getsenderip you can take the sender IP and append it to
a text file, the syntax is:
getsenderip [-s num] out
where out is the file where IPs are stored, with the -s option
you can skip first num IPs in the header of the mail.
The script contrib/dot-qmail-storeip is an example of use into your
.qmail file: you can use into a .qmail-spam to add other IPs to
your private spammer list, and a .qmail-friends for the good IPs (use
a different output file for the two system!!).
NOTE: The example script skip first IP, usually is your IP and is not usefull
to add it to the lists! The EXT2 variable was used to allow a more extensible
usage, if you use the example into a .qmail-spam-default, you can
send spam mails to spam-3@yourdom.tld and the script skip first 3 IPs.
Thanks
- Joerg Backschues <jbks AT tca-os DOT de> for the English page check and testing on 300.000 users and 500.000 mails system! (results);
- Brian T Glenn <glenn AT delink DOT net> for some option suggestions and for the disk space at USA mirror;
- Emanuel Haupt <haupt AT critical DOT ch> for the FreeBSD port and manpage hints;
- Emanuel's wife for the manpage correction;
- Everybody download, check, debug and use the package!
gipoco.com
is neither affiliated with the authors of this page or responsible
for its contents. This is a safe-cache copy of the original web site.
gipoco.com
is neither affiliated with the authors of this page nor responsible
for its contents. This is a safe-cache copy of the original web site.