Quoting the original message but my reply will be relevant to a number
of other questions regarding dnsbl lists. ;)
NAT outbound address which you can verify through logging all outbound.
MAPS/RBL services are derived from dns, your nameserver CAN be
configured for it but it is NOT for normal lookups as it is in a SEPERATE
zone. I won't comment on the developer's explanation.
Has NOTHING to do with external or internal dns, the query will go to the
address you enable on the email proxy section. Something like this...
You've configured/enabled dnsbl for rbl.some.thing and 10.10.10.1 sends
you an email, email proxy sends a query to rbl.some.thing in this form
1.10.10.10.rbl.some.thing and if that address gets a reply usually 127.0.0.2
or similiar the email is blocked and logged.
Free, do it yourself. Using an old version of bind as an example (comes with
openbsd 3.1)
add to named.boot
primary blackhole.?.? blackhole
create a standard zone file named blackhole and then add
2.0.0.127 IN A 127.0.0.2
IN TXT "TEST"
blocked.temp IN A 127.0.0.2
IN TXT "Mail refused temporarily by this domain"
blocked.perm IN A 127.0.0.2
IN TXT "Mail refused permanently by this domain"
;
11.196.135.66 IN CNAME blocked.perm ; halfpat.half.com
I use blackhole, can be pretty much anything. Replace the ? marks with your domain.
IP addresses you'd like to block are added in reverse notation ONLY as dnsbl
capable services phrase their request as such.
The above example is compatible with both gnatbox and the built in sendmail rbl
features. There are other methods, fivetensg posts their complete list which IIRC
is compatible with current versions of bind.
I've used a similiar setup quite a few times, the cost savings are noticeable when
compared to an external service, bandwidth costs (I ususally hook a box to a
dedicated nic off the gnatbox). It also decreases the time needed to make a query
as some mua/mta 's will time out if it is excessive. When you get the question 'How
will we ensure that it's not blocking legitimate mail?' you can answer because
someone else doesn't have complete control, I do.
Further information can easily be gleaned from google or sites that offer these types
of services.
Hope this helps
On 14 Oct 2002 14:27:51 -0000, you wrote:
>-----Original Message-----
>From: David Morris [mailto:[EMAIL PROTECTED]]
>Sent: Friday, October 11, 2002 7:02 PM
>To: GnatBox Users Group
>Subject: [gb-users] What IP does SMTP proxy use for RBL queries
>
>I'm strongly considering subscribing to one of the blacklists. For the
>rationally priced services, I need to provide a single IP address from
>which my proxy will query the service.
>
>Since I have multiple aliases, I'm not sure which will be used for the
>query. Will it be the address associated with the email server or the
>NAT
>outbound address, or ???
>
>Thanks,
> Dave Morris
>
>---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
To subscribe to the digest version first unsubscribe, then
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archive of the last 1000 messages:
http://www.mail-archive.com/[email protected]
