rbldnsd

Build Your Own Spam Blacklist

Hendrik Weimer

2006-11-03

Normal version

For many years e-mail spamming has been increasing exponentially. Although there has been progress on spam filters as well, an individual has hardly any chance to catch up with the spammers' latest tricks. DNS-based blacklists (DNSBLs) containing hosts that are being used to send spam may help to reduce the problem. If you want to come up with your own DNSBL, rbldnsd is a tool that gets you started in a few minutes.

DNSBLs are nothing but special name servers. If a user wants to check whether a hostname or an IP address is listed on a DNSBL, he appends the name of the DNSBL to it and performs a DNS query. The response will depend on whether it is listed. DNSBLs are not limited to fighting e-mail spam but are also commonly used for blocking open proxies.

After installing rbldnsd, you have to spend some time to configure it. A global configuration file defines on which interfaces rbldnsd shall listen, which blacklist shall be used for which zone and other options. Unfortunately the config file syntax is not very intuitive and the examples given not extremely helpful. But after spending some time reading the manpage it is possible to get the system running. If you install it from the source tarball, you will discover that there is not even an installation target in the makefile.

The blacklists themselves are defined in simple text files containing hostnames or IP addresses. Wildcards are supported but not sophisticated pattern via regular expressions or other methods. The latter would be extremely useful to catch dial-up zombies from which about 80% of spam is sent nowadays. Additional comments on the blacklist entries will be returned in a TXT record. However, as rbldnsd only supports UDP answers longer than 512 bytes will be truncated and the comment may get lost.

rbldnsd offers extremely good performance even under heavy fire. Larger blacklists with many entries are no problem, too. The code quality is acceptable for a server potentially exposed to the rest of the net. Fuzz testing did not yield any crashes.

Overall, rbldnsd is a good choice when setting up a DNSBL. It lacks some advanced features, but if unless you have very special requirements you will not miss them.

Got a question on rbldnsd? Post it as a comment!

rbldnsd
Version:0.996a
Homepage:http://www.corpit.ru/mjt/rbldnsd.html
License:GPL
Distributions: [?]■ Debian stable■ Debian unstable
■ Fedora□ Mandriva
□ Suse■ Ubuntu
Pros:
Rating:

78

  • Supports both IP and name based lists
  • Extremely fast
Cons:
  • No pattern matching

Copyright 2006–2008 OS Reviews. This document is available under the terms of the GNU Free Documentation License. See the licensing terms for further details.