What's wrong with my rblsmtpd configuration?

[yuenlok]

This is my /var/qmail/supervise/qmail-smtpd/run file,

#!/bin/sh
QMAILDUID=`/usr/xpg4/bin/id -u qmaild`
NOFILESGID=`/usr/xpg4/bin/id -g qmaild`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`

exec /usr/local/bin/softlimit -m 2000000 /usr/local/bin/tcpserver -v -p -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /usr/local/bin/rblsmtpd -r relays.ordb.org /var/qmail/bin/qmail-smtpd 2>&1

This is my /etc/tcp.smtp file
127.:allow,RELAYCLIENT=""
206.47.63.:allow,RELAYCLIENT=""
206.47.60.:allow,RELAYCLIENT=""
:allow

But in qmail-smtpd log,i don't see rblsmtpd taking any effect, seems all connections are OK, all logs are generated only by tcpserver
if I replace the last line of /etc/tcp.smtp by

:allow,RBLSMTPD="-Checked by RBLSMPTD"

then seems all emails are blocked, every incomming connection was processed by rblsmtpd and logged as
"rblsmtpd: 206.47.0.145 pid 28468: 553 Checked by RBLSMTPD"
the sender will receive a bounce back immediately saying
"Remote server rejected mail for recipient - 553 Checked by RBLSMTPD" even when the recipient is valid."

What's wrong with my configuration? How do I know if rblsmtpd is really working? how can I test it?

Thanks very much for all the help!

 

[thedaver]

Ok, you're in decent shape....

First, text in the RBLSMTP="......." (the dots) PREVENTS the sender from being able to send. This is a blacklisting function. You're inverted its intended use. Use a blank value in the "" to fix this.

Second, your 'run' file uses a 'softlimit' value of 2000000. You should set this closer to 6 or 8MB instead. This setting is a memory limit at which your application space per email may not exceed. You might be crashing on this alone, hard to tell.

Third, many/most of the RBL lists have been taken offline due to DoS attacks byunknown parties - probably spammers. As a result you need to be aware that many of these RBL lists are returning a false positive to block all responses/queries. This was done to encourage users to avoid their services since their operation was compromised. In short, your use of RBL lists is admirable but may not live up to your (possible) expectations.

Best of luck


"Surfinbox Shares" - A fundraising program that builds revenue from dialup Internet users.

http://www.surfinbox.com/shares/

 

[yuenlok]

Thanks for the replay

For the first issue, $RBLSMTPD, it seems a bit clearer to me now. Correct me if I'm wrong:

In /etc/tcp.smtp, if RBLSMTPD is set in a line and NOT empty, then mails defined in this line will be blocked,
if it's set and empty ( RBLSMTPD="&quot then mails won't be blocked

If $RBLSMTPD is NOT set, then rblsmptd process will look up the sender's IP address in the RBL list and if found, the mail will be block.

So the tcp.smtp file looks like this should work fine

127.:allow,RELAYCLIENT=""
206.47.63.:allow,RELAYCLIENT=""
206.47.60.:allow,RELAYCLIENT=""
:allow

But another question comes out, how do I know which IP is blocked by rblsmtpd based on the qmail log?

Second, I appreciate the suggestion and will consider adjusting the "softlimit"

Third, do you mean using RBL lists is not recommended because most of them are providing false answer or they just don't answer the queries? And any other suggestion to better anti spammer?

Thanks again!

 

[thedaver]

First, yes, you have constructed the tcp.smtp to allow the hosts from 127/8, 206.47.53/24 ans 206.47.60/24 to relay through your box.

LET ME CAUTION YOU THAT YOU ARE ALLOWING AT LEAST 508 PUBLIC hosts to relay through your mail server by IP. It's difficult to gauge whether this was your intent, but you're warned.

You should invest some time in researching SpamAssassin to see how it can deal with incoming spam flow. The DNSRBL services are decimated.



"Surfinbox Shares" - A fundraising program that builds revenue from dialup Internet users.

http://www.surfinbox.com/shares/