+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
-<html>
- <head>
- <title>HOWTO - Using DNS Block Lists (DNSBLs)</title>
- </head>
-
- <body bgcolor="#FFFFFF" text="#00005A" link="#FF6600" alink="#FF9933" vlink="#990000">
- <h1>HOWTO - Using DNS Block Lists (DNSBLs)</h1>
-
- <p>The MAPS (Mail Abuse Protection System) RBL (Realtime Blackhole
- List) was the first application of a way of using a DNS list as a
- means of identifying hosts that have been associated with the
- sending of spam mail. A full description of the service and the
- technology and ethics behind it can be found at <a
- href="http://www.mail-abuse.org/rbl/"><tt>http://www.mail-abuse.org/rbl/</tt></a>
- along with more general mail policy information at <a
- href="http://www.mail-abuse.org/"><tt>http://www.mail-abuse.org/</tt></a>.</p>
-
- <p>In the few years since MAPS started operating, other similar
- services although with different aims, procedures and
- reliabilities have been introduced - MAPS itself has a number of
- these (ie MAPS/DUL which maintains lists of dial up modems). At
- this point in time there are many 10s of services with varying
- charters - lists of these can be found at <a
- href="http://relays.osirusoft.com/"><tt>http://relays.osirusoft.com/</tt></a>
- and <a
- href="http://spamblock.outblaze.com/spamchk.html"><tt>http://spamblock.outblaze.com/spamchk.html</tt></a>.
- The services are now normally referred to as a DNS Block List
- (DNSBL), rather than RBLs, however you will find that earlier Exim
- documentation (ie for version 3.x) will use the older term.</p>
-
- <h2>Exim DNSBL Support</h2>
-
- <p>Exim has supported RBL from version 1.80, although the
- flexibility was increased (with a related change configuration
- options) on the release of Exim 3.00. With the release of Exim
- 4.00 the whole basis of policy checks on incoming mail changed
- to be based on a set of Access Control Lists (ACLs) applied at
- various during the incoming mail transaction. For this reason
- the configuration of Exim 4.x and later to use DNSBLs is
- complete different to that used for earlier versions.</p>
-
- <h2>Exim 4.x DNSBL Usage</h2>
-
- <p>In Exim 4.x a DNSBL lookup can be used in any of the incoming SMTP
- ACLs. However it is typical for the lookups to be used in the ACL
- handling <tt>RCPT TO</tt> - this allows policies to accept mail
- for <tt>postmaster</tt> or other special local parts (for
- example so a blocked sender can talk to the local postmaster
- about getting blocks lifted or excluded)</p>
-
- <p>The use of DNSBLs is substantially documented in the main exim
- specification or the 4.x versions, so will not be covered in
- detail here. However a couple of examples can be given</p>
- <pre>
- # Add a warning header if the sending host is in these
- # DNSBLs but acccept the message (or rather leave it for
- # later ACLs to accept/deny
- warn message = X-blacklisted-at: $dnslist_domain
- dnslists = blackholes.mail-abuse.org : \
- dialup.mail-abuse.org
-
-
-
- # Reject messages from senders listed in these DNSBLs
- deny dnslists = blackholes.mail-abuse.org
- </pre>
-
- <p>Documentation on these features can be found in the
- specification section on
- <a href="../exim-html-4.20/doc/html/spec_37.html">
- Access Control Lists</a>.</p>
-
- <h2>Exim 3.x DNSBL Usage</h2>
-
- <p>The exim RBL support allows one or more RBL systems to be
- checked and messages from hosts within each RBL to be either
- rejected or marked by the addition of an extra header
- <tt>X-RBL-Warning:</tt>. It is also possible to have a limited
- number of recipients bypass the RBL reject functions completely,
- thus allowing postmaster (for example) to receive mail even from
- an RBL blocked site.</p>
-
-
- <h3>RBL Configuration Options</h3>
-
- <p>These are fully detailed in the <a
- href="../exim-html-3.20/doc/html/spec.html" target="_top">Exim
- Specification Document</a>. The specific section on RBL is <a
- href="../exim-html-3.20/doc/html/spec_46.html#SEC810">here</a> and
- the rbl directives are documented starting <a
- href="../exim-html-3.20/doc/html/spec_11.html#SEC311">here</a></p>
-
- <p>A typical configuration would be a mail system which rejects
- mail from machines that appear within either the MAPS RBL list or
- the MAPS DUL (Dial-Up List), and also checks hosts in the RSS
- lists but only marking each message has coming via an RBLed host
- rather than rejecting them. Additionally all mail to the local
- postmaster always gets through, even if the host is in the MAPS
- RBL list. You also have a local private set of IPs which relay
- out through this mail server on net 192.168.0.0/24 - these cannot
- be contacted from outside your organisation so RBL is not an
- issue.</p>
-
- <p>The configuration fragment (in the main part of the exim
- configuration file) to do this is:-</p>
-
- <pre>
-# reject messages whose sending host is in MAPS/RBL & MAP/DUL
-# add warning to messages whose sending host is in RSS
-rbl_domains = blackholes.mail-abuse.org/reject : \
- dialups.mail-abuse.org/reject : \
- relays.mail-abuse.org/warn
-# check all hosts other than those on internal network
-rbl_hosts = !192.168.0.0/24:0.0.0.0/0
-# but allow mail to postmaster@my.dom.ain even from rejected host
-recipients_reject_except = postmaster@my.dom.ain
-# change some logging actions (collect more data)
-rbl_log_headers # log headers of accepted RBLed messages
-rbl_log_rcpt_count # log recipient info of accepted RBLed messages
- </pre>
-
- <p>The information to do more complicated manipulations can be
- found in the specification document and is outside the scope of
- this note.</p>
- <hr>
- <address><a href="mailto:Postmaster@exim.org">Nigel Metheringham</a></address>
-<!-- Created: Mon Aug 25 15:46:41 BST 1997 -->
- <h4>$Cambridge$</h4>
- </body>
-</html>