X-Git-Url: https://git.exim.org/exim-website.git/blobdiff_plain/6847214912ac764d1d25f5965913ec4c55934421..8a53f2ed003d0cc2c75967122015d03d1a30d8a3:/howto/rbl.html diff --git a/howto/rbl.html b/howto/rbl.html index 187275a..f5be75b 100644 --- a/howto/rbl.html +++ b/howto/rbl.html @@ -1,40 +1,77 @@ - HOWTO - Using the RBL + HOWTO - Using DNS Block Lists (DNSBLs) -

HOWTO - Using the RBL

+

HOWTO - Using DNS Block Lists (DNSBLs)

The MAPS (Mail Abuse Protection System) RBL (Realtime Blackhole - List) is a means of identifying hosts that have been associated - with the sending of spam mail. A full description of the service - and the technology and ethics behind it can be found at http://maps.vix.com/rbl/ + List) was the first application of a way of using a DNS list as a + means of identifying hosts that have been associated with the + sending of spam mail. A full description of the service and the + technology and ethics behind it can be found at http://www.mail-abuse.org/rbl/ along with more general mail policy information at http://maps.vix.com/.

+ href="http://www.mail-abuse.org/">http://www.mail-abuse.org/.

In the few years since MAPS started operating, other similar services although with different aims, procedures and reliabilities have been introduced - MAPS itself has a number of - these (ie MAPS/DUL which maintains lists of dial up modems), the - other major source is ORBS, - which is a more proactive relay blocking service

+ these (ie MAPS/DUL which maintains lists of dial up modems). At + this point in time there are many 10s of services with varying + charters - lists of these can be found at http://relays.osirusoft.com/ + and http://spamblock.outblaze.com/spamchk.html. + The services are now normally referred to as a DNS Block List + (DNSBL), rather than RBLs, however you will find that earlier Exim + documentation (ie for version 3.x) will use the older term.

-

Exim can use the MAPS RBL and/or any other similarly defined - service (ie you could make your own additional maps as well). To - use exim for this you need to be running version 1.80 or later, - the configuration example in this document are specifically for - version 3.00 and later - the old version of this document, - covering older versions of exim can be found here.

- -

Exim RBL Support

+

Exim DNSBL Support

Exim has supported RBL from version 1.80, although the flexibility was increased (with a related change configuration - options) on the release of Exim 3.00

+ options) on the release of Exim 3.00. With the release of Exim + 4.00 the whole basis of policy checks on incoming mail changed + to be based on a set of Access Control Lists (ACLs) applied at + various during the incoming mail transaction. For this reason + the configuration of Exim 4.x and later to use DNSBLs is + complete different to that used for earlier versions.

+ +

Exim 4.x DNSBL Usage

+ +

In Exim 4.x a DNSBL lookup can be used in any of the incoming SMTP + ACLs. However it is typical for the lookups to be used in the ACL + handling RCPT TO - this allows policies to accept mail + for postmaster or other special local parts (for + example so a blocked sender can talk to the local postmaster + about getting blocks lifted or excluded)

+ +

The use of DNSBLs is substantially documented in the main exim + specification or the 4.x versions, so will not be covered in + detail here. However a couple of examples can be given

+
+  # Add a warning header if the sending host is in these
+  # DNSBLs but acccept the message (or rather leave it for
+  # later ACLs to accept/deny
+  warn message = X-blacklisted-at: $dnslist_domain
+       dnslists = blackholes.mail-abuse.org : \
+                  dialup.mail-abuse.org
+
+
+
+  # Reject messages from senders listed in these DNSBLs
+  deny dnslists = blackholes.mail-abuse.org
+    
+ +

Documentation on these features can be found in the + specification section on + + Access Control Lists.

+ +

Exim 3.x DNSBL Usage

The exim RBL support allows one or more RBL systems to be checked and messages from hosts within each RBL to be either @@ -45,39 +82,42 @@ an RBL blocked site.

-

RBL Configuration Options

+

RBL Configuration Options

These are fully detailed in the Exim + href="../exim-html-3.20/doc/html/spec.html" target="_top">Exim Specification Document. The specific section on RBL is here and + href="../exim-html-3.20/doc/html/spec_46.html#SEC810">here and the rbl directives are documented starting here

+ href="../exim-html-3.20/doc/html/spec_11.html#SEC311">here

A typical configuration would be a mail system which rejects - mail from machines that appear within the MAPS RBL list, and also - checks hosts in the ORBS lists but only marking each message has - coming via an RBLed host rather than rejecting them. Additionally - all mail to the local postmaster always gets through, even if the - host is in the MAPS RBL list. You also have a local private set - of IPs which relay out through this mail server on net - 192.168.0.0/24 - these cannot be contacted from outside your - organisation so RBL is not an issue.

+ mail from machines that appear within either the MAPS RBL list or + the MAPS DUL (Dial-Up List), and also checks hosts in the RSS + lists but only marking each message has coming via an RBLed host + rather than rejecting them. Additionally all mail to the local + postmaster always gets through, even if the host is in the MAPS + RBL list. You also have a local private set of IPs which relay + out through this mail server on net 192.168.0.0/24 - these cannot + be contacted from outside your organisation so RBL is not an + issue.

The configuration fragment (in the main part of the exim configuration file) to do this is:-

-# reject messages whose sending host is in MAPS/RBL
-# add warning to messages whose sending host is in ORBS
-rbl_domains = rbl.maps.vix.com/reject : relays.orbs.org/warn
+# reject messages whose sending host is in MAPS/RBL & MAP/DUL
+# add warning to messages whose sending host is in RSS
+rbl_domains = blackholes.mail-abuse.org/reject : \
+        dialups.mail-abuse.org/reject : \
+        relays.mail-abuse.org/warn
 # check all hosts other than those on internal network
 rbl_hosts = !192.168.0.0/24:0.0.0.0/0
 # but allow mail to postmaster@my.dom.ain even from rejected host
 recipients_reject_except = postmaster@my.dom.ain
 # change some logging actions (collect more data)
-rbl_log_headers 	# log headers of accepted RBLed messages
-rbl_log_rcpt_count	# log recipient info of accepted RBLed messages
+rbl_log_headers  # log headers of accepted RBLed messages
+rbl_log_rcpt_count # log recipient info of accepted RBLed messages
     

The information to do more complicated manipulations can be @@ -86,6 +126,6 @@ rbl_log_rcpt_count # log recipient info of accepted RBLed messages


Nigel Metheringham
-

$Id: rbl.html,v 1.1.1.1 2000/05/22 19:54:43 nigel Exp $

+

$Cambridge$