I'm started using rblsmtp to blackhole messages from sites listed in a
variety of open-relay and other anti-spam DNS services. In "run":
/usr/local/bin/tcpserver -v -u 82 -g 65534 0 smtp \
/usr/local/bin/rblsmtpd \
-r inputs.orbz.org \
-r outputs.orbs.org \
-r or.orbl.org \
-r relays.ordb.org \
-r dev.null.dk \
-r orbs.dorkslayers.com \
-r orbs.gst-group.co.uk \
-r relays.osirusoft.com \
/var/qmail/bin/qmail-smtpd 2>&1 | \
/var/qmail/bin/splogger qmail-smtpd 2
I've noticed some legitimate list mail disappearing and see some notes
in the logs about other rejections, but I can't get a sense of what's
being rejected.
Is there a way to use rblsmtpd, or some other tool, to mark a message
as potential spam, along with a message like the one it logs like:
rblsmtpd: 24.0.95.144 pid 11121: 451 IP address 24.0.95.144 is an open mail relay
or part of a multistage open relay - See http://www.orbl.org
If it could instead of /dev/nulling these messages simply add an
"X-header" I could have my MUA file them to a "suspicious" mailbox and
see what I'm missing -- at least until I get comfortable enough for it
to blackhole this stuff, sight unseen.
Thanks.
