DNSRBL Return Codes

Thu, 08 Feb 2007 11:41:03 -0800 

Hi All,
I have been experimenting with using dnsrbl and now have a question which could lead to a possible feature request. 

From the ~control/rbllist man page:

#      baseaddress     action    matchon   Message
#==========================================================================
     sbl.spamhaus.org reject    127.0.0.2 See http://www.spamhaus.org/SBL
      relays.ordb.org addheader 127.0.0.2 See http://www.ordb.org/faq/
        list.dsbl.org addheader 127.0.0.2 See http://dsbl.org/main
       bl.spamcop.net addheader 127.0.0.2 See http://spamcop.net/
      relays.ordb.org reject    any       See http://ordb.org
spamguard.leadmon.net addheader 127.0.0.2 Address is a dialup address.



matchon: any or IP-Address, if a IP-Address is specified the action is 
only taken if the returned address form basedomain is equal to 
IP-Address. With any all returned IP-Address will match.


---


From this I understand that for matchon you have two choices. You 
either have to specify a specific ip address or use "any" to match on 
any returned ip.



The latest trend with big rbl providers like SpamHaus is to create 
combined blacklists that return different ip addresses depending on 
which specific blacklist was matched. The advantage to this is reduced 
turn around time and bandwidth because only one dns lookup is being made.


Here is an example:


The new zen.spamhaus.org list now combines and replaces 
sbl.spamhaus.org, xbl.spamhaus.org and pbl.spamhaus.org.


Here are the current return codes.

Return Codes      Data Source         Contains

127.0.0.2         Spamhaus Block List Direct UBE sources, spam services 
and ROKSO spammers
127.0.0.4|5|6|7|8 Exploits Block List Illegal 3rd party exploits, 
including proxies, worms and trojan exploits
127.0.0.10|11     Policy Block List   Non-MTA IP address ranges set by 
the block owner's outbound mail policy.



The problem with using this combined blackist is that I have to put 
multiple lines in ~control/rbllist for the same blacklist 
(zen.spamhaus.org) if I want to be selective about which reasons I am 
blacklisting a connection. This results in multiple dns lookups and 
unneeded turnaround delays. Using a local dns cache helps but is still 
not optimal.



Is it possible to specify action in rbllist in the 127.0.0.1|5|7|8 
format so that only one lookup is needed to test for a subset of return 
codes?


Regards
Peter















    











					Reply via email to