rblsmtpd

[NDSoftware]

Hi,
Where i can fin a exemple of a qmail startup-script like in
lifewithqmail.org for http://cr.yp.to/ucspi-tcp/rblsmtpd.html ?

Can you help me to setup it ?
Where i can find a update because the mail-abuse.org need money :(

Thanks for your help.

rblsmtpd

[NDSoftware]

Hello,

In the first time, i'm sorry for the user who have send many virus alert
message with him antivurus program on my domain (ndsoftware.net).

I use for test rblsmtpd.
When i'm logon on my telnet, i get this:

[xxx@xxx /home]# rblsmtpd: 129.132.2.199 pid 7941: 451 Open relay.
Please see http://orbz.org/?129.132.2.199
rblsmtpd: 129.132.2.199 pid 8799: 451 Open relay. Please see
http://orbz.org/?129.132.2.199

Why this warning aren't in the qmail log ?
How I can do this ? The best is to manage a another log with all
blacklist deny.

It's possible to make a path for rblsmtpd, for what the postmaster can
receipt message in blacklist (for help the admin who have a mail server
blacklisted).

Thanks very much.

rblsmtpd

[Lars Hansson]

I have some problems with the "-a" option of rblsmtpd. To be more precise, I cant get 
it to work at all.
I have set up rbldns on one of my servers with the intention of using it as an 
"anti-blocked" list. The rbldns is working,
both dig and dnsq can get A records from rbl.unet.net.ph
The problem is that rblsmtpd doesnt seem to do any lookup to it at all. The only 
requests that shows up in the rbldns log is the ones I make with dig and dnsq. 


# dig @rbl.unet.net.ph 142.205.105.202.rbl.unet.net.ph
; <<>> DiG 8.2 <<>> @rbl.unet.net.ph 142.205.105.202.rbl.unet.net.ph 
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;  142.205.105.202.rbl.unet.net.ph, type = A, class = IN

;; ANSWER SECTION:
142.205.105.202.rbl.unet.net.ph.  34m8s IN A  127.0.0.2

;; Total query time: 3 msec
;; FROM: mail to SERVER: rbl.unet.net.ph  203.65.246.6
;; WHEN: Thu Aug  2 15:25:57 2001
;; MSG SIZE  sent: 49  rcvd: 65


# dnsq a 142.205.105.202.rbl.unet.net.ph rbl.unet.net.ph
1 142.205.105.202.rbl.unet.net.ph:
65 bytes, 1+1+0+0 records, response, authoritative, noerror
query: 1 142.205.105.202.rbl.unet.net.ph
answer: 142.205.105.202.rbl.unet.net.ph 2048 A 127.0.0.2


/service/qmail-smptd/run
#!/bin/sh
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
QMAILQUEUE=`cat /var/qmail/control/queueprogram`;export QMAILQUEUE
exec /usr/local/bin/softlimit -m 600 /usr/local/bin/tcpserver \
-H -R -v -p -x /etc/tcp.smtp.cdb -c $MAXSMTPD -u $QMAILDUID -g $NOFILESGID 0 smtp \
/usr/local/bin/rblsmtpd -b -a rbl.unet.net.ph -r relays.ordb.org -r or.orbl.org 
/var/qmail/bin/qmail-smtpd 2>&1

-- 
Lars Hansson  Technical Consultant/System Administrator
UNET, Inc.Makati City, Philippines
e-mail: [EMAIL PROTECTED]

rblsmtpd

[Paul Farber]

anyway to test the rblsmtp service from ucspi .88?

by default... where do messages get logged (via syslogd?).

Paul Farber
Farber Technology
[EMAIL PROTECTED]
Ph  570-628-5303
Fax 570-628-5545

rblsmtpd

[Aaron Nowalk]

Hi!  I'm in dire need of some help here.  I've been working on getting
rblsmtpd up and running with tcpserver and am having no luck at all.  I've
searched the mailing list back and fourth and still can't find a
thing.  Heres what I got:

tcpserver invocation:
/usr/local/bin/tcpserver -x /usr/local/etc/ip/tcp.smtp.cdb /usr/local/b
in/rblsmtpd -rrelays.radparker.com /var/qmail/bin/qmail-smtpd 2>&1

Nelsons test:
220 I'm not as think as you drunk I am ESMTP
helo linux.crynwr.com
250 I'm not as think as you drunk I am
mail from:<>
250 ok
rcpt to:<[EMAIL PROTECTED]>
250 ok
data  
354 go ahead
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Mon, 10 Jul 2000 19:41:18 -
Message-Id: <[EMAIL PROTECTED]>

Test message
.
250 ok 963257616 qp 2244
quit
Successful termination.  As far as I can tell, the email was delivered.
This may not be what you want.  


I've tried just about every way I know of starting tcpserver with no luck
whatsoever.  If anyone out there can offer any assistance, I'd greatly
appreciate it!  Tks.  

-Aaron

rblsmtpd

[Slider]

Hi,

Some rather basic questions

How do I set the $RBLSMTPD environment variable in order for rblsmtpd to
block incoming rbl mails?
Does rblsmtpd need it's own daemon or can it be integrated with the smtpd
daemon if so how?

Thanks

AC

rblsmtpd

[Manuel Gisbert]

Anyone ever used DJBs rblsmtp daemon to prevent spam?
Could someone tell me where to insert rblsmtpd in my ../supervise/run
script.
The docs at cr.yp.to are a bit thin, at least for me ;-)

my current run script looks like the following:

exec /usr/local/bin/softlimit -m 400
/usr/local/bin/tcpserver -v -H -R -l mydomain -x /etc/tcp.smtp.cdb -u
$QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/qmail-smtpd 2>&1

Thanx
Manuel

RBLSMTPD

[drew]

Hi,
Can anyone please advise me if there is anyway of telling 
an attacker if you like that they have been blocked via an email or 
something similiar. I am having the problem that people are getting 
blocked however it appears the mail goes through but is then not 
returned. Please Help.

Drew

rblsmtpd

[Agi Subagio]

I run this script (/var/qmail/supervise/qmail-smtpd/run) to run my 
qmail-smtpd :

#!/bin/sh

QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`

exec /usr/local/bin/softlimit -m 200 \
  /usr/local/bin/tcpserver -v -p -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
 -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp rblsmtpd \
  /var/qmail/bin/qmail-smtpd 2>&1

rblsmtpd by default pointed to "rbl.maps.vix.com".
How to add more rblsmtpd process to check another blacklist resource like 
"relays.mail-abuse.org", "blackholes.mail-abuse.org" or 
"dialups.mail-abuse.org"?

rblsmtpd

[Raymond Orchison]

Hi,

I'm running vpopmail on qmail using ucspi-tcp and daemon tools. I want to
implement the rblsmtpd, I've looked at the links from qmail.org but I'm not
sure how or where I am supposed to implement it?

Thank you
Raymond

rblsmtpd...

[Jean Caron]

Hey,

I've recently started using rblsmtpd with /etc/tcp.smtp.cdb listing the
IPs I don't care to receive mail from. Seems to work ok (I don't receive
nearly as much spam as I use to).

There's something I still can't find however. Does rblsmtpd leave a trace
anywhere of the mail it rejects ?

In the doc, there's a line which says; "Meanwhile it prints one line on
descriptor 2 to log its activity."

Ok. Now this is where I start sounding stupid... do I need to redirect
descriptor 2 to a file ? If so, where do I define this ?

Jean

Re: rblsmtpd

[Adrian Ho]

On Fri, Jul 27, 2001 at 11:50:19PM +0200, NDSoftware wrote:
> [xxx@xxx /home]# rblsmtpd: 129.132.2.199 pid 7941: 451 Open relay.
> Please see http://orbz.org/?129.132.2.199
> rblsmtpd: 129.132.2.199 pid 8799: 451 Open relay. Please see
> http://orbz.org/?129.132.2.199
> 
> Why this warning aren't in the qmail log ?

Show us the rblsmtpd startup script (if you're running qmail, probably the
qmail-smtpd startup script).

> It's possible to make a path for rblsmtpd, for what the postmaster can
> receipt message in blacklist (for help the admin who have a mail server
> blacklisted).

That turns rblsmtpd from an IP-level ACL enforcer to a mail proxy, so
it's more like a brand-new program.  You're much better off running a
proper filtering SMTP proxy for this purpose.

-- 
Adrian HoTinker, Drifter, Fixer, Bum   [EMAIL PROTECTED]
ListArchive: <http://marc.theaimsgroup.com/?l=qmail>
Useful URLs: <http://cr.yp.to/qmail.html> <http://www.qmail.org>
 <http://www.lifewithqmail.org/> <http://qmail.faqts.com/>

RE: rblsmtpd

[NDSoftware]

On my Debian:

#!/bin/sh
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
#exec /usr/local/bin/softlimit -m 200 /usr/local/bin/tcpserver -v -R
-l 0 -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" -u "$QMAILDUID" -g
"$NOFILESGID" 0 smtp /usr/local/bin/rblsmtpd -r relays.osirusoft.com -r
inputs.relays.osirusoft.com -r dev.null.sk -r inputs.orbz.org -r
outputs.orbz.org -r relays.ordb.org -r or.orbl.org -r
orbs.dorkslayers.com -r ztl.dorkslayers.com /var/qmail/bin/qmail-smtpd
2>&1

On my Redhat

...
env - PATH="/var/qmail/bin:/usr/local/bin" \
tcpserver -H -R -x /etc/tcp.smtp.cdb -c100 -u503 -g503 0 smtp \
/usr/local/bin/rblsmtpd -r relays.osirusoft.com -r
inputs.relays.osirusoft.com -r dev.null.sk -r inputs.orbz.org -r
outputs.orbz.org -r relays.ordb.org -r or.orbl.org -r
orbs.dorkslayers.com -r ztl.dorkslayers.com \
/var/qmail/bin/qmail-smtpd 2>&1 > /dev/null &
echo "smtp"
;;

Note: My Redhat don't use supervise script.

Another problem: my debian who use supervise script log in syslogd and
qmail log, why ?
How I can log only in my qmail log ?

Thanks very much.

-Original Message-
From: Adrian Ho [mailto:[EMAIL PROTECTED]] 
Sent: Saturday, July 28, 2001 3:12 AM
To: Mailing-List Qmail
Subject: Re: rblsmtpd


On Fri, Jul 27, 2001 at 11:50:19PM +0200, NDSoftware wrote:
> [xxx@xxx /home]# rblsmtpd: 129.132.2.199 pid 7941: 451 Open relay.
> Please see http://orbz.org/?129.132.2.199
> rblsmtpd: 129.132.2.199 pid 8799: 451 Open relay. Please see
> http://orbz.org/?129.132.2.199
> 
> Why this warning aren't in the qmail log ?

Show us the rblsmtpd startup script (if you're running qmail, probably
the
qmail-smtpd startup script).

> It's possible to make a path for rblsmtpd, for what the postmaster can
> receipt message in blacklist (for help the admin who have a mail
server
> blacklisted).

That turns rblsmtpd from an IP-level ACL enforcer to a mail proxy, so
it's more like a brand-new program.  You're much better off running a
proper filtering SMTP proxy for this purpose.

-- 
Adrian HoTinker, Drifter, Fixer, Bum   [EMAIL PROTECTED]
ListArchive: <http://marc.theaimsgroup.com/?l=qmail>
Useful URLs: <http://cr.yp.to/qmail.html> <http://www.qmail.org>
 <http://www.lifewithqmail.org/> <http://qmail.faqts.com/>

rblsmtpd & log

[NDSoftware]

Hello,

When I work on my qmail server I have:

[xxx@xxx xxx]# rblsmtpd: 207.217.120.123 pid 9848: 451 Open relay.
Please see http://orbz.org/?207.217.120.123

And I can't find this in my log !

My question:
How I can display this message in log and not during session ?

My config file:

/var/qmail/supervise/smtpd/run
#!/bin/sh
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
exec /usr/local/bin/softlimit -m 200 /usr/local/bin/tcpserver -v -R
-l 0 -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" -u "$QMAILDUID" -g
"$NOFILESGID" 0 smtp /usr/local/bin/rblsmtpd -r relays.osirusoft.com -r
inputs.relays.osirusoft.com -r dev.null.sk -r inputs.orbz.org -r
outputs.orbz.org -r relays.ordb.org -r or.orbl.org
/var/qmail/bin/qmail-smtpd 2>&1



A another question:

Why my qmail log in syslog ? How I can log only in qmail log ?

Why in /var/log/qmail:

state
lock
current
@xxx

is empty ? It's normal ?

In /var/log/qmail/smtpd, the log are good...


My log supervise script:

/var/qmail/supervise/qmail-send/log/run:
#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t
/var/log/qmail

/var/qmail/supervise/qmail-smtpd/log/run:
#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t
/var/log/qmail/smtpd


Thanks very much

Re: rblsmtpd

[Adrian Ho]

On Thu, Aug 02, 2001 at 03:33:53PM +0800, Lars Hansson wrote:
> The problem is that rblsmtpd doesnt seem to do any lookup to it at all.

Actually, I'd bet it's a DNS problem, not an rblsmtpd one.  I'd also bet
you made the erroneous assumption that '-a rbl.unet.net.ph' tells
rblsmtpd to send TXT queries directly to rbl.unet.net.ph.

It does no such thing -- all rblsmtpd queries are done via your DNS
resolver, and therefore follow all the normal DNS delegation rules.  If
running 'dig rbl.unet.net.ph ns' from your qmail server returns 0 records,
that's a 50-foot blinking neon sign that your DNS setup needs fixing.

-- 
Adrian HoTinker, Drifter, Fixer, Bum   [EMAIL PROTECTED]
ListArchive: <http://marc.theaimsgroup.com/?l=qmail>
Useful URLs: <http://cr.yp.to/qmail.html> <http://www.qmail.org>
 <http://www.lifewithqmail.org/> <http://qmail.faqts.com/>

Re: rblsmtpd

[Lars Hansson]

On Thu, Aug 02, 2001 at 04:54:02PM +0800, Adrian Ho wrote:
> On Thu, Aug 02, 2001 at 03:33:53PM +0800, Lars Hansson wrote:
> Actually, I'd bet it's a DNS problem, not an rblsmtpd one.  I'd also bet
[snip]

Ah yes, right you are. I thought rblsmtpd would look it up directly.
Adding the subdomain rbl.unet.net.ph fixed it.


-- 
Lars Hansson  Technical Consultant/System Administrator
UNET, Inc.Makati City, Philippines
e-mail: [EMAIL PROTECTED]

rblsmtpd error

[Todd A. Jacobs]

A previously-compiled version is on my system. Qmail with rblsmtpd is the
only thing running from inetd, and I'm getting the following errors (a lot
of them):

Jul  2 20:21:31 cyrix inetd[810]: pid 27892: exit status 1

That seems to point to rblsmtpd. When I tried to recompile, thinking
perhaps something in RHL had changed, it refused to compile.

So, aside from the compiling issue, does this error means something was
found in the RBL, or does it mean that the rblsmtpd program is failing?

-- 
Todd A. Jacobs
Senior Network Consultant

Re: rblsmtpd

[Eric Cox]

Aaron Nowalk wrote:
> 
> Hi!  I'm in dire need of some help here.  I've been working on getting
> rblsmtpd up and running with tcpserver and am having no luck at all.  I've
> searched the mailing list back and fourth and still can't find a
> thing.  Heres what I got:
> 
> tcpserver invocation:
> /usr/local/bin/tcpserver -x /usr/local/etc/ip/tcp.smtp.cdb /usr/local/b
> in/rblsmtpd -rrelays.radparker.com /var/qmail/bin/qmail-smtpd 2>&1
>   ^

You may need a space here (where I've marked with ^), at least 
that's the way mine is configured - of course I'm not running 
tcpserver so you may have another problem.

Eric

Re: rblsmtpd

[Aaron Nowalk]

I've tried it both ways.  Doesn't seem to make a difference :(  

-Aaron Nowalk
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
|   Systems Engineer - Stargate Industries, LLC   |
| mailto: [EMAIL PROTECTED]  www.stargate.net |
|  412.316.7827  412.316.7899   |
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  
 Real Internet. Real Easy

On Mon, 10 Jul 2000, Eric Cox wrote:

> 
> 
> Aaron Nowalk wrote:
> > 
> > Hi!  I'm in dire need of some help here.  I've been working on getting
> > rblsmtpd up and running with tcpserver and am having no luck at all.  I've
> > searched the mailing list back and fourth and still can't find a
> > thing.  Heres what I got:
> > 
> > tcpserver invocation:
> > /usr/local/bin/tcpserver -x /usr/local/etc/ip/tcp.smtp.cdb /usr/local/b
> > in/rblsmtpd -rrelays.radparker.com /var/qmail/bin/qmail-smtpd 2>&1
> >   ^
> 
> You may need a space here (where I've marked with ^), at least 
> that's the way mine is configured - of course I'm not running 
> tcpserver so you may have another problem.
> 
> Eric
> 

Re: rblsmtpd

[Aaron Nowalk]

I've been working on this all day again!  Anyone out there have _any_
suggestions?  Once again, heres the info:

/usr/local/bin/tcpserver -u 102 -g 100 -x /usr/local/etc/ip/tcp.smt
p.cdb 0 smtp /usr/local/bin/rblsmtpd -rrelays.radparker.com
/var/qmail/bin/qmail-smtpd 2>&1

I'm running qmail1-03 on a Sparc 5 running Solaris 7.  I'd really
appreciate any help anyone has to offer.  Thanks.  

-Aaron Nowalk
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
|   Systems Engineer - Stargate Industries, LLC   |
| mailto: [EMAIL PROTECTED]  www.stargate.net |
|  412.316.7827  412.316.7899   |
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  
 Real Internet. Real Easy

On Mon, 10 Jul 2000, Eric Cox wrote:

> 
> 
> Aaron Nowalk wrote:
> > 
> > Hi!  I'm in dire need of some help here.  I've been working on getting
> > rblsmtpd up and running with tcpserver and am having no luck at all.  I've
> > searched the mailing list back and fourth and still can't find a
> > thing.  Heres what I got:
> > 
> > tcpserver invocation:
> > /usr/local/bin/tcpserver -x /usr/local/etc/ip/tcp.smtp.cdb /usr/local/b
> > in/rblsmtpd -rrelays.radparker.com /var/qmail/bin/qmail-smtpd 2>&1
> >   ^
> 
> You may need a space here (where I've marked with ^), at least 
> that's the way mine is configured - of course I'm not running 
> tcpserver so you may have another problem.
> 
> Eric
> 

Re: rblsmtpd

[Petr Novotny]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 11 Jul 00, at 14:02, Aaron Nowalk wrote:

> I've been working on this all day again!  Anyone out there have _any_
> suggestions?  Once again, heres the info:
> 
> /usr/local/bin/tcpserver -u 102 -g 100 -x /usr/local/etc/ip/tcp.smt
> p.cdb 0 smtp /usr/local/bin/rblsmtpd -rrelays.radparker.com
> /var/qmail/bin/qmail-smtpd 2>&1

Hi,

1. Is all the stuff on one line?
2. Does rblsmtpd really live in /usr/local/bin?
3. Does "relays.radparker.com" really live? To me it seems it's 
dead.

You may test your rblsmtpd like this:
env TCPREMOTEIP=127.0.0.2 rblsmtpd -r relays.radparker.com 
echo hello
(all on one line) and see what happens. You may also test with 
different IPs.
> 
> I'm running qmail1-03 on a Sparc 5 running Solaris 7.  I'd really
> appreciate any help anyone has to offer.  Thanks.  
> 
> -Aaron Nowalk
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> |   Systems Engineer - Stargate Industries, LLC   |
> | mailto: [EMAIL PROTECTED]  www.stargate.net |
> |  412.316.7827  412.316.7899   |
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  
>  Real Internet. Real Easy
> 
> On Mon, 10 Jul 2000, Eric Cox wrote:
> 
> > 
> > 
> > Aaron Nowalk wrote:
> > > 
> > > Hi!  I'm in dire need of some help here.  I've been working on
> > > getting rblsmtpd up and running with tcpserver and am having no
> > > luck at all.  I've searched the mailing list back and fourth and
> > > still can't find a thing.  Heres what I got:
> > > 
> > > tcpserver invocation:
> > > /usr/local/bin/tcpserver -x /usr/local/etc/ip/tcp.smtp.cdb
> > > /usr/local/b in/rblsmtpd -rrelays.radparker.com
> > > /var/qmail/bin/qmail-smtpd 2>&1
> > >   ^
> > 
> > You may need a space here (where I've marked with ^), at least
> > that's the way mine is configured - of course I'm not running
> > tcpserver so you may have another problem.
> > 
> > Eric
> > 
> 
> 



-BEGIN PGP SIGNATURE-
Version: PGP 6.0.2 -- QDPGP 2.60 
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBOWtXalMwP8g7qbw/EQInAQCgpYdjpliOwHiYpE4SUO8/INFgTqMAn2u5
W+/FGY5CXjfLlu4ibrJs7bGL
=FRIk
-END PGP SIGNATURE-
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
 [Tom Waits]

Re: rblsmtpd

[Aaron Nowalk]

Hi.  Thanks for responding!  I'll answer your questions one at a time:

> Hi,
> 
> 1. Is all the stuff on one line?
Yes.  

> 2. Does rblsmtpd really live in /usr/local/bin?
Yes.  

> 3. Does "relays.radparker.com" really live? To me it seems it's 
> dead.
I can ping it and I've tried changing the hostname to maps.vix.com in the
tcpserver rc script.  

> 
> You may test your rblsmtpd like this:
> env TCPREMOTEIP=127.0.0.2 rblsmtpd -r relays.radparker.com 
> echo hello
> (all on one line) and see what happens. You may also test with 
> different IPs.

I tried and I always get "hello."  I'm really stumped!  

> > 
> > I'm running qmail1-03 on a Sparc 5 running Solaris 7.  I'd really
> > appreciate any help anyone has to offer.  Thanks.  
> > 
> > -Aaron Nowalk
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> > |   Systems Engineer - Stargate Industries, LLC   |
> > | mailto: [EMAIL PROTECTED]  www.stargate.net |
> > |  412.316.7827  412.316.7899   |
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  
> >  Real Internet. Real Easy
> > 
> > On Mon, 10 Jul 2000, Eric Cox wrote:
> > 
> > > 
> > > 
> > > Aaron Nowalk wrote:
> > > > 
> > > > Hi!  I'm in dire need of some help here.  I've been working on
> > > > getting rblsmtpd up and running with tcpserver and am having no
> > > > luck at all.  I've searched the mailing list back and fourth and
> > > > still can't find a thing.  Heres what I got:
> > > > 
> > > > tcpserver invocation:
> > > > /usr/local/bin/tcpserver -x /usr/local/etc/ip/tcp.smtp.cdb
> > > > /usr/local/b in/rblsmtpd -rrelays.radparker.com
> > > > /var/qmail/bin/qmail-smtpd 2>&1
> > > >   ^
> > > 
> > > You may need a space here (where I've marked with ^), at least
> > > that's the way mine is configured - of course I'm not running
> > > tcpserver so you may have another problem.
> > > 
> > > Eric
> > > 
> > 
> > 
> 
> 
> 
> -BEGIN PGP SIGNATURE-
> Version: PGP 6.0.2 -- QDPGP 2.60 
> Comment: http://community.wow.net/grt/qdpgp.html
> 
> iQA/AwUBOWtXalMwP8g7qbw/EQInAQCgpYdjpliOwHiYpE4SUO8/INFgTqMAn2u5
> W+/FGY5CXjfLlu4ibrJs7bGL
> =FRIk
> -END PGP SIGNATURE-
> --
> Petr Novotny, ANTEK CS
> [EMAIL PROTECTED]
> http://www.antek.cz
> PGP key ID: 0x3BA9BC3F
> -- Don't you know there ain't no devil there's just God when he's drunk.
>  [Tom Waits]
> 

Re: rblsmtpd

[Petr Novotny]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 11 Jul 00, at 14:31, Aaron Nowalk wrote:
> > 3. Does "relays.radparker.com" really live? To me it seems it's 
> > dead.
> I can ping it and I've tried changing the hostname to
> maps.vix.com in the tcpserver rc script.  

Well yes, it pings, but does it serve out any meaningful 
information? (Let me remind you that "no record" means "host is 
OK"; it the zone is empty, no machine will be considered spam-
source.)

> > You may test your rblsmtpd like this:
> > env TCPREMOTEIP=127.0.0.2 rblsmtpd -r relays.radparker.com 
> > echo hello
> > (all on one line) and see what happens. You may also test with
> > different IPs.
> 
> I tried and I always get "hello."  I'm really stumped!  

What if you try without the -r parameter?
env TCPREMOTEIP=127.0.0.2 rblsmtpd echo whoops

It doesn't get through on my comp.

-BEGIN PGP SIGNATURE-
Version: PGP 6.0.2 -- QDPGP 2.60 
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBOWtccVMwP8g7qbw/EQIOswCeJt4iatiKpxNdzxHKsMl7r1VQLMcAn2tL
uLOFdORnR/dNfuJCES3/Re/9
=5OoL
-END PGP SIGNATURE-
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
 [Tom Waits]

Re: rblsmtpd

[Aaron Nowalk]

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> On 11 Jul 00, at 14:31, Aaron Nowalk wrote:
> > > 3. Does "relays.radparker.com" really live? To me it seems it's 
> > > dead.
> > I can ping it and I've tried changing the hostname to
> > maps.vix.com in the tcpserver rc script.  
> 
> Well yes, it pings, but does it serve out any meaningful 
> information? (Let me remind you that "no record" means "host is 
> OK"; it the zone is empty, no machine will be considered spam-
> source.)

Heres what I get when I try it without any options from the command line:

root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd echo whoops
rblsmtpd: pid 6387: 451 Blackholed - see
http://mail-abuse.org/cgi-bin/lookup?127.0.0.2>
220 rblsmtpd.local
quit
221 rblsmtpd.local

So that appears to work.  Now, heres with the -r option:

root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r
maps.vix.com echo whoops
whoops

So with the -r option, it looks like it goes through.  I tried removing
the -r option from my tcpserver startup script and it doesn't seem to
help.  Still getting Nelsons friendly "UH OH!  Your RBL blocker isn't
working!!!"  

> 
> > > You may test your rblsmtpd like this:
> > > env TCPREMOTEIP=127.0.0.2 rblsmtpd -r relays.radparker.com 
> > > echo hello
> > > (all on one line) and see what happens. You may also test with
> > > different IPs.
> > 
> > I tried and I always get "hello."  I'm really stumped!  
> 
> What if you try without the -r parameter?
> env TCPREMOTEIP=127.0.0.2 rblsmtpd echo whoops
> 
> It doesn't get through on my comp.
> 
> -BEGIN PGP SIGNATURE-
> Version: PGP 6.0.2 -- QDPGP 2.60 
> Comment: http://community.wow.net/grt/qdpgp.html
> 
> iQA/AwUBOWtccVMwP8g7qbw/EQIOswCeJt4iatiKpxNdzxHKsMl7r1VQLMcAn2tL
> uLOFdORnR/dNfuJCES3/Re/9
> =5OoL
> -END PGP SIGNATURE-
> --
> Petr Novotny, ANTEK CS
> [EMAIL PROTECTED]
> http://www.antek.cz
> PGP key ID: 0x3BA9BC3F
> -- Don't you know there ain't no devil there's just God when he's drunk.
>  [Tom Waits]
> 

Re: rblsmtpd

[Peter Green]

also sprach amnowalk:
> Heres what I get when I try it without any options from the command line:
> 
> root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd echo whoops
> rblsmtpd: pid 6387: 451 Blackholed - see
> http://mail-abuse.org/cgi-bin/lookup?127.0.0.2>
> 220 rblsmtpd.local
> quit
> 221 rblsmtpd.local
> 
> So that appears to work.  Now, heres with the -r option:

Good.

> root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r
> maps.vix.com echo whoops
> whoops

The zone is ``rbl.maps.vix.com'', NOT simply ``maps.vix.com''. :)

/pg
-- 
Peter Green : Gospel Communications Network, SysAdmin : [EMAIL PROTECTED]
---
Although the Perl Slogan is There's More Than One Way to Do It, I hesitate
to make 10 ways to do something. :-)
--- Larry Wall in <[EMAIL PROTECTED]>

Re: rblsmtpd

[Aaron Nowalk]

On Tue, 11 Jul 2000, Peter Green wrote:

> also sprach amnowalk:
> > Heres what I get when I try it without any options from the command line:
> > 
> > root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd echo whoops
> > rblsmtpd: pid 6387: 451 Blackholed - see
> > http://mail-abuse.org/cgi-bin/lookup?127.0.0.2>
> > 220 rblsmtpd.local
> > quit
> > 221 rblsmtpd.local
> > 
> > So that appears to work.  Now, heres with the -r option:
> 
> Good.
> 
> > root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r
> > maps.vix.com echo whoops
> > whoops
> 
> The zone is ``rbl.maps.vix.com'', NOT simply ``maps.vix.com''. :)
> 

Tried that with no luck.  Its still getting through.  ARGH!  Once again,
any suggestions?!?  

/usr/local/bin/tcpserver -u 102 -g 100 -x /usr/local/etc/ip/tcp.smtp
.cdb 0 smtp /usr/local/bin/rblsmtpd -r rbl.maps.vix.com
/var/qmail/bin/qmail-smt
pd 2>&  1 |\

> /pg
> -- 
> Peter Green : Gospel Communications Network, SysAdmin : [EMAIL PROTECTED]
> ---
> Although the Perl Slogan is There's More Than One Way to Do It, I hesitate
> to make 10 ways to do something. :-)
> --- Larry Wall in <[EMAIL PROTECTED]>
> 
> 

Re: rblsmtpd

[Eric Cox]

Aaron Nowalk wrote:
> 
> On Tue, 11 Jul 2000, Peter Green wrote:
> 
> > also sprach amnowalk:
> > > root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r
> > > maps.vix.com echo whoops
> > > whoops
> >
> > The zone is ``rbl.maps.vix.com'', NOT simply ``maps.vix.com''. :)
> >
> 
> Tried that with no luck.  Its still getting through.  ARGH!  Once again,
> any suggestions?!?

You said you tried 

env TCPREMOTEIP=127.0.0.2 rblsmtpd echo "got thru"


but have you specifically tried

env TCPREMOTEIP=127.0.0.2 rblsmtpd -r rbl.maps.vix.com echo "got thru"

and got the "blackholed" notice?

Eric

Re: rblsmtpd

[Petr Novotny]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 11 Jul 00, at 15:24, Aaron Nowalk wrote:

> So that appears to work.  Now, heres with the -r option:
> 
> root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r
> maps.vix.com echo whoops whoops
> 
> So with the -r option, it looks like it goes through.

That's because "maps.vix.com" is no RBL zone. You want 
dul.maps.vix.com or rbl.maps.vix.com.

-BEGIN PGP SIGNATURE-
Version: PGP 6.0.2 -- QDPGP 2.60 
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBOWwCglMwP8g7qbw/EQJQ6wCfVXEsAKlgVQnexzrqV0tuyMQKUPoAn2Ah
EPFbDBUuOaq/oJ4okPuNUdSJ
=Mm0W
-END PGP SIGNATURE-
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
 [Tom Waits]

Re: rblsmtpd

[Aaron Nowalk]

On Tue, 11 Jul 2000, Eric Cox wrote:

> 
> 
> Aaron Nowalk wrote:
> > 
> > On Tue, 11 Jul 2000, Peter Green wrote:
> > 
> > > also sprach amnowalk:
> > > > root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r
> > > > maps.vix.com echo whoops
> > > > whoops
> > >
> > > The zone is ``rbl.maps.vix.com'', NOT simply ``maps.vix.com''. :)
> > >
> > 
> > Tried that with no luck.  Its still getting through.  ARGH!  Once again,
> > any suggestions?!?
> 
> You said you tried 
> 
> env TCPREMOTEIP=127.0.0.2 rblsmtpd echo "got thru"
> 
> 
> but have you specifically tried
> 
> env TCPREMOTEIP=127.0.0.2 rblsmtpd -r rbl.maps.vix.com echo "got thru"
> 
> and got the "blackholed" notice?
> 

Yep.  :(  

root@x:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r
rbl.maps.vix.com echo "got thru"
rblsmtpd: 127.0.0.2 pid 9212: 451 Blackholed - see
http://mail-abuse.org/cgi-bin/lookup?127.0.0.2>
220 rblsmtpd.local
quit
221 rblsmtpd.local


> Eric
> 

Re: rblsmtpd

[Aaron Nowalk]

Scratch that last one.  Got it working.  Had to specify the IP address in
the tcpserver command line.  Instead of:

/usr/local/bin/tcpserver -u 102 -g 100 -x /usr/local/etc/ip/tcp.smtp.cdb
smtp 0

I had replace '0' with the IP of my machine.  Alls good now.  Thanks
everyone, for your help!  

-Aaron Nowalk
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
|   Systems Engineer - Stargate Industries, LLC   |
| mailto: [EMAIL PROTECTED]  www.stargate.net |
|  412.316.7827  412.316.7899   |
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  
 Real Internet. Real Easy

On Wed, 12 Jul 2000, Aaron Nowalk wrote:

> On Tue, 11 Jul 2000, Eric Cox wrote:
> 
> > 
> > 
> > Aaron Nowalk wrote:
> > > 
> > > On Tue, 11 Jul 2000, Peter Green wrote:
> > > 
> > > > also sprach amnowalk:
> > > > > root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r
> > > > > maps.vix.com echo whoops
> > > > > whoops
> > > >
> > > > The zone is ``rbl.maps.vix.com'', NOT simply ``maps.vix.com''. :)
> > > >
> > > 
> > > Tried that with no luck.  Its still getting through.  ARGH!  Once again,
> > > any suggestions?!?
> > 
> > You said you tried 
> > 
> > env TCPREMOTEIP=127.0.0.2 rblsmtpd echo "got thru"
> > 
> > 
> > but have you specifically tried
> > 
> > env TCPREMOTEIP=127.0.0.2 rblsmtpd -r rbl.maps.vix.com echo "got thru"
> > 
> > and got the "blackholed" notice?
> > 
> 
> Yep.  :(  
> 
> root@x:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r
> rbl.maps.vix.com echo "got thru"
> rblsmtpd: 127.0.0.2 pid 9212: 451 Blackholed - see
> http://mail-abuse.org/cgi-bin/lookup?127.0.0.2>
> 220 rblsmtpd.local
> quit
> 221 rblsmtpd.local
> 
> 
> > Eric
> > 
> 
> 

rblsmtpd-0.70

[alex]

Hi,

I want to use rblsmtpd-0.70 with tcp-server. can you tell me how I
make rblsmtpd-0.70 running with qmail ??

Rgds,
Al.

Re: rblsmtpd

[Paul Farber]

www.qmail.org

download ucspi-tcp-0.88 its included in the package... docs are also on
the site.

Paul Farber
Farber Technology
[EMAIL PROTECTED]
Ph  570-628-5303
Fax 570-628-5545

On Wed, 2 Aug 2000, Slider wrote:

> 
> Hi,
> 
> Some rather basic questions
> 
> How do I set the $RBLSMTPD environment variable in order for rblsmtpd to
> block incoming rbl mails?
> Does rblsmtpd need it's own daemon or can it be integrated with the smtpd
> daemon if so how?
> 
> Thanks
> 
> AC
> 
> 

Re: rblsmtpd

[Jon Rust]

See 'man rblsmtpd'. Briefly, you don't set the var normally. If the var
is set, but empty, rblsmtpd won't block the mail in any case. If the var
is set to an actual value, it will block the mail. You can set the var
in your tcp.smtp CDB file like so:

  63.88.133.:allow,RBLSMTPD="-Yesmail email is not wanted here"

The 'allow' is misleading. It says to allow the TCP connection, but not
necessarily to allow the mail. The $RBLSMTPD var being set
tells rblsmtpd to reject the mail.

HTH,
jon

On Wed, Aug 02, 2000 at 12:31:21PM +0100, Slider wrote:
> 
> Hi,
> 
> Some rather basic questions
> 
> How do I set the $RBLSMTPD environment variable in order for rblsmtpd to
> block incoming rbl mails?
> Does rblsmtpd need it's own daemon or can it be integrated with the smtpd
> daemon if so how?
> 
> Thanks
> 
> AC
> 

Re: rblsmtpd

[Eric Cox]

Jon Rust wrote:
> 
> See 'man rblsmtpd'.

:-)   No man page for rblsmtpd, at least on my 6-month old package.
Docs are actually on the rblsmtpd download page.

[snip.]

> > Some rather basic questions
> >
> > How do I set the $RBLSMTPD environment variable in order for rblsmtpd to
> > block incoming rbl mails?
> > Does rblsmtpd need it's own daemon or can it be integrated with the smtpd
> > daemon if so how?

rblsmtpd emergency

[Mate Wierdl]

Thx for Chris J. for explaining why rblsmtpd stopped working with
relays.mail-abuse.org.  

Such emergencies I think just really show the necessity to simplify
"rbl" lookups. Namely, I think rblsmtpd/rbldns should work in such a
way that any mail administrator should be able to set up a local
mirror of mail-abuse.org.  This means, there should not be a need to
have a domain delegated to the rbldns server. 

So what if there was a flag `R" to rblsmtpd so that 


rblsmtpd -R a.b.c

would mean in essence "check the connecting IP at the server a.b.c running
rbldns". 

BTWY, I know many people are attached to using DNS for rbl lookups,
but would not it be relatively simple to implement a server software
using tcpserver that would just lookup an IP number in a .cdb database
of IP numbers, and send an appropriate response?  A client might be
similarly simple to implement using tcpclient.

Mate

TCPSERVER + RBLSMTPD

[Michael T. Babcock]

DJB: Are there any plans to release the official version of rblsmtpd (in
tcpserver) with the patch to work with the A records when TXT records aren't
available?

Re: rblsmtpd

[steve j. kondik]

try:

/usr/local/bin/tcpserver -v -H -R -l mydomain -x /etc/tcp.smtp.cdb -u \
$QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/rblsmtpd \
/var/qmail/bin/qmail-smtpd 2>&1

and you should be set.

-steve

On 09/05/00 @ 03:26PM, Manuel Gisbert wrote:
> Anyone ever used DJBs rblsmtp daemon to prevent spam?
> Could someone tell me where to insert rblsmtpd in my ../supervise/run
> script.
> The docs at cr.yp.to are a bit thin, at least for me ;-)
> 
> my current run script looks like the following:
> 
> exec /usr/local/bin/softlimit -m 400
> 
> Thanx
> Manuel
> 

Re: rblsmtpd

[Antonio Dias]

Manuel,

On Tue, 5 Sep 2000, Manuel Gisbert wrote:

> Anyone ever used DJBs rblsmtp daemon to prevent spam?
> Could someone tell me where to insert rblsmtpd in my ../supervise/run
> script.
> The docs at cr.yp.to are a bit thin, at least for me ;-)
> 
> my current run script looks like the following:
> 
> exec /usr/local/bin/softlimit -m 400
> /usr/local/bin/tcpserver -v -H -R -l mydomain -x /etc/tcp.smtp.cdb -u
> $QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/qmail-smtpd 2>&1

You must insert rblsmtpd call just before qmail-smtpd. See:

exec /usr/local/bin/softlimit -m 400 \
/usr/local/bin/tcpserver -v -H -R -l mydomain -x /etc/tcp.smtp.cdb -u \
$QMAILDUID -g $NOFILESGID 0 smtp /path/to/rblsmtpd \
/var/qmail/bin/qmail-smtpd 2>&1

Antonio Dias

parallel rblsmtpd

[Aaron Nabil]

I did an experiment that may be of interest.  I parallelized a
stand-alone command line rbl program (1) that can check "a bunch"
(I had it check 6) of rbl-ish lists in series.

I used pthreads.  For non-cached answers the parallel version 
took about 1.1 to 1.5x as long, for cached answers about 10x as 
long.

Some simple experiments lead me to the conclusion that the pthread
creation overhead is very large in comparison to the delay of
just waiting for the resolver to get the answer.

Compared to forking though, I'd imagine creating a thread is
a stroll in the park.  I'm going to see if I can hack it up
(without the pthreads, tho) to drop into where rblsmtp goes.  I'm
guessing it will be a zillion times faster.

(1) http://www.xnet.com/~emarshal/rblcheck/

-- 
Aaron Nabil

rblsmtpd fun

[Doug McClure]

I'm trying to get multiple RBLs working. However the executed command:

supervise /service/qmail-smtpd tcpserver -v -x /etc/tcp.smtpd.cdb -v -u412
-g5 0 smtp rblsmtpd -r dul.maps.vix.com rblsmtpd -r
relayips.rbl.shub-inter.net rblsmtpd -r spamips.rbl.shub-inter.net rblsmtpd
/var/qmail/bin/qmail-smtpd 2>&1 | /usr/local/bin/accustamp |
/usr/local/bin/setuser qmaill /usr/local/bin/cyclog -s 100 -n 50
/servers/log/smtpd &

Bounces *everything* like so-

1999-04-25 14:13:46.485549 tcpserver: pid 15206 from 128.227.183.223
1999-04-25 14:13:46.937439 tcpserver: ok 15206
cache-ns.duesouth.net:216.98.0.55:25
m2hb.shands.ufl.edu:128.227.183.223:majordom:6702
1999-04-25 14:13:47.124150 rblsmtpd: pid 15206: 451 IP addresses of
relayers. If you've fixed your relay rules. contact us

Any ideas?


-doug

new rblsmtpd

[Mate Wierdl]

In case you have not seen it: the new rblsmtpd (in the ucspi-tcp
package!) has:

Options:
 * -r base: Use base as an RBL source. An IP address a.b.c.d is
   listed by that source if d.c.b.a.base has a TXT
   record. rblsmtpd
   uses the contents of the TXT record as an error message for the
   client.
 * -a base: Use base as an anti-RBL source. An IP address a.b.c.d
 is
   anti-listed by that source if d.c.b.a.base has an A record. In
   this case rblsmtpd does not block mail.

   You may supply any number of -r and -a options. rblsmtpd tries each
   source in turn until it finds one that lists or anti-lists
   $TCPREMOTEIP.

(Sorry for polluting).

Mate

Bypassing rblsmtpd

[Matthew Schnierle]

I'm under the impression that if I have qmail under the control of a
tcpserver with cdb, I can simply do the following to bypass the rblsmtpd
invocations:

192.168.1.1:allow,RBLSMTPD="",RELAYCLIENT=""

in order to allow an IP to relay, yes?  Basically, I'm going to submit my
new dial-nets to the DUL, and I don't want to get burned.

-- 
--Matt Schnierle
--mgs at stargate dot net
--Stargate Industries, LLC
--#include 
--"It's not that simple."

new rblsmtpd

[Mate Wierdl]

Does not the new rblsmtpd obsolete Russ's patches, or is their any
functionality that is still not provided by the new rblsmtpd?

Thx

Mate

rblsmtpd - notification

[drew]

Hi,
   Just read my last message and it is not really clear. I have 
rblsmtpd set up and it is working fine. However when I send an 
email to myself through an open relay it appears to send the mail 
but does not. The mail is obviously being blocked by rblsmtpd. My 
question is: Is there anyway of notifying the person who sent the 
mail to you through the open relay, with a generic message that 
they were blocked. Say "Your message could not be processed by 
our server." If anyone could help with this it would be much 
appreciated.

Drew

Re: RBLSMTPD

[Piotr Kasztelowicz]

Hello

> Hi,
>   Can anyone please advise me if there is anyway of telling
> an attacker if you like that they have been blocked via an email or
> something similiar. I am having the problem that people are getting
> blocked however it appears the mail goes through but is then not
> returned. Please Help.

The rblsmtpd based for instance on ORBS - this is not good idea.
I think - each admin should generate its own "black" list of
spam hosts rather than take it from ORBS. This server from I'm
writing now (administrated by me) does not support open relay
now, since time, when I have begun administrate it, I have installed
the newest software - qmail and configure it with tcpserver. The
relayclients are carefuly established. Nothing more are not able
to relay post by server of mine but I'm existing further time
till today on ORBS list as insecure. Why? How about ask Alan Brown?
I suppose, that in like my case are more peoples!
If any host might support open relay if not, would bee seen without
complicated tests. Each can see that my host does not support
open relay but my host sitll exists on ORBS list!

ORBS and like ORBS lists
there are stupid idea, which makes more evil than good. First of all
from such as ORBS 'insecure hosts' list" are  using all presented on Net
hacers, who have directly listing of host, which potentialy can
be used to attack. I'm of opinion, that giving such list public
is illegal and harmful. I have met such case, that after each test
made from ORBS was reported hackers proof to destroy my host, therefore
the access for ORBS on my host has been by my on tcpserver blocked:


=nl:deny
=nz:deny

Best Wishes

Piotr
---
Piotr Kasztelowicz <[EMAIL PROTECTED]>
[http://www.am.torun.pl/~pekasz]

Re: RBLSMTPD

[Markus Stumpf]

On Thu, Dec 28, 2000 at 10:12:48AM +0100, Piotr Kasztelowicz wrote:
> ORBS and like ORBS lists
> there are stupid idea, which makes more evil than good. First of all
> from such as ORBS 'insecure hosts' list" are  using all presented on Net
> hacers, who have directly listing of host, which potentialy can
> be used to attack. I'm of opinion, that giving such list public
> is illegal and harmful. I have met such case, that after each test
> made from ORBS was reported hackers proof to destroy my host, therefore
> the access for ORBS on my host has been by my on tcpserver blocked:

This lists are irrelevant for attacks and security through obscurity is
no security at all.
Hackers will find your server regardless whether you are listed in a RBL
list or not. On a freshly setup system with an IP address never assigned
before I had - within a week - 4 complete port scans + 6 additional
scans for relay open mailservers.

Trying to "hide" is useless. Fix your systems. I personally have no mercy
for ppl doing lousy system administration and whining when they get hacked.
If you can't handle all the hosts in your responsibility use at least
some port filters or a firewall or disconnect them by pulling the network
plug.

\Maex

-- 
SpaceNet AG   |   http://www.Space.Net/   | Stress is when you wake
Research & Development| mailto:[EMAIL PROTECTED] | up screaming and you
Joseph-Dollinger-Bogen 14 |  Tel: +49 (89) 32356-0| realize you haven't
D-80807 Muenchen  |  Fax: +49 (89) 32356-299  | fallen asleep yet.

Re: RBLSMTPD

[Piotr Kasztelowicz]

On Thu, 28 Dec 2000, Markus Stumpf wrote:

> This lists are irrelevant for attacks and security through obscurity is
> no security at all.

The peoples, who manages with RBL could inform admin of tested
host prior to begin such tests. If test had presented insecurity or
open relay possibilities, ORBS admins could have informed me about
them first prior to inform all peoples about them to write it
on data base.  I'd like to pay your attention to this fact, that
all cases to connect to my smtp to use it other than for sending
or receiving e-mail (for instance to the test without to inform me about
them)
can be taken as hackers proof itself. Additionaly each case such
tests due to more acitivity of hackers. Should I report this without
reaction? I were in such case a bad administrator.

> Hackers will find your server regardless whether you are listed in a RBL
> list or not.

But you can this not excluded, that this listing would have been a good
direction for hackers, because it is public on WWW.

> Trying to "hide" is useless. Fix your systems. I personally have no
mercy ..

This was already made by me in September, when I have begun manage with
this server
(I have under my care more servers), but I will not idle to
look to logs, where are observed logs from ORBS tests' proofs common
with proofs of achieve my server on ftp or telnet. I suppose, that
I'm permited to request from ORBS to use my smtp only for provided
for it use - email sending or receiving. This same I wish me to
stop all tests. I think, I have a rhight to its...

Best Wishes

Piotr Kasztelowicz
---
Piotr Kasztelowicz <[EMAIL PROTECTED]>
[http://www.am.torun.pl/~pekasz]

Re: rblsmtpd

[Robin S. Socha]

* Agi Subagio <[EMAIL PROTECTED]> [010125 03:00]:
> How to add more rblsmtpd process to check another blacklist resource like 
> "relays.mail-abuse.org", "blackholes.mail-abuse.org" or 
> "dialups.mail-abuse.org"?

(lart@socha):(~)$ cat /service/smtp/run
#!/bin/sh
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
exec /usr/local/bin/softlimit -m 200 \
/usr/local/bin/tcpserver -v -p -x tcp.cdb \
-u $QMAILDUID -g $NOFILESGID 0 smtp /usr/local/bin/rblsmtpd \
-rrelays.orbs.org -rrbl.maps.vix.com \
-r blackholes.mail-abuse.org \
-r dialups.mail-abuse.org \
-r 'relays.mail-abuse.org:Open relay problem - see
http://www.mail-abuse.org/cgi-bin/nph-rss?%IP%>' \
/var/qmail/bin/qmail-smtpd 2>&1

Re: rblsmtpd

[Chris Johnson]

On Thu, Jan 25, 2001 at 04:35:58AM -0500, Robin S. Socha wrote:
> * Agi Subagio <[EMAIL PROTECTED]> [010125 03:00]:
> > How to add more rblsmtpd process to check another blacklist resource like 
> > "relays.mail-abuse.org", "blackholes.mail-abuse.org" or 
> > "dialups.mail-abuse.org"?
> 
> (lart@socha):(~)$ cat /service/smtp/run
> #!/bin/sh
> QMAILDUID=`id -u qmaild`
> NOFILESGID=`id -g qmaild`
> exec /usr/local/bin/softlimit -m 200 \
> /usr/local/bin/tcpserver -v -p -x tcp.cdb \
> -u $QMAILDUID -g $NOFILESGID 0 smtp /usr/local/bin/rblsmtpd \
> -rrelays.orbs.org -rrbl.maps.vix.com \
> -r blackholes.mail-abuse.org \
> -r dialups.mail-abuse.org \
> -r 'relays.mail-abuse.org:Open relay problem - see
> http://www.mail-abuse.org/cgi-bin/nph-rss?%IP%>' \

I think this last entry requires a patched rbslmptd. You could instead use:

-r relays.msci.memphis.edu

relays.msci.memphis.edu is a mirror of relays.mail-abuse.org, but it runs Dan's
rbldns and gives out the TXT record that rblsmtpd needs.

Chris

Re: rblsmtpd

[Martin Randall]

Hello Chris

On 25-Jan-01, you wrote:

> 
> I think this last entry requires a patched rbslmptd. You could instead
> use:
> 
> -r relays.msci.memphis.edu
> 
> relays.msci.memphis.edu is a mirror of relays.mail-abuse.org, but it runs
> Dan's rbldns and gives out the TXT record that rblsmtpd needs.
> 
> Chris
> 

Funny, I was just about to look at rblsmtpd later today or this evening. 
Apparently the records changed from txt to ?? last August. 
I was hoping that as ucspi-tcp had been overhauled and rblsmtpd is now
within it, at 0.88 this inter-operability problem had been fixed.
What is the status of this problem ?
Further, what's the   -a   option all about ?

Whilst I'm hereI noticed that most mail servers connecting have
cutomised greetings and endings during the  220, 250 and 221 responses. I
searched the docs plus Dave Sills archives but couldn't find anything on
this.

Just curious...


Regards...Martin
-- 
1) If you have to ask, you're not entitled to know.
2) If you don't like the answer, you shouldn't have asked.

 == Abbott's Law

Re: rblsmtpd

[Peter van Dijk]

On Thu, Jan 25, 2001 at 02:06:58PM -0500, Martin Randall wrote:
[snip]
> Whilst I'm hereI noticed that most mail servers connecting have
> cutomised greetings and endings during the  220, 250 and 221 responses. I
> searched the docs plus Dave Sills archives but couldn't find anything on
> this.

man qmail-smtpd, look for smtpgreeting.

Greetz, Peter.

Re: rblsmtpd

[Ian Lance Taylor]

Martin Randall <[EMAIL PROTECTED]> writes:

> Whilst I'm hereI noticed that most mail servers connecting have
> cutomised greetings and endings during the  220, 250 and 221 responses. I
> searched the docs plus Dave Sills archives but couldn't find anything on
> this.

Naturally qmail provides this essential customization.  See the
smtpgreeting control file.

Ian

Re: rblsmtpd

[Martin Randall]

Hello Peter

On 25-Jan-01, you wrote:

> On Thu, Jan 25, 2001 at 02:06:58PM -0500, Martin Randall wrote:
> [snip]
>> Whilst I'm hereI noticed that most mail servers connecting have
>> cutomised greetings and endings during the  220, 250 and 221 responses. I
>> searched the docs plus Dave Sills archives but couldn't find anything on
>> this.
> 
> man qmail-smtpd, look for smtpgreeting.
> 
> Greetz, Peter.
> 

Well there were twp partsto this, the main part the rblsmtpd and the
trivial/curious part, which is this.
Let me start with the rblsmtpd.

Here is a rbl log on another mail server.



Sat 2001-01-27 13:39:51: [1164:8057] EHLO mail02.osite.com.br
Sat 2001-01-27 13:39:51: [1164:8057] Spam Blocker checking 200.189.209.131 
using cache...
Sat 2001-01-27 13:39:51: [1164:8057] Spam Blocker checking 200.189.209.131 
using 131.209.189.200.dialups.mail-abuse.org...
Sat 2001-01-27 13:39:51: [1164:8057] Spam Blocker A-record resolution of 
[131.209.189.200.dialups.mail-abuse.org] in progress (DNS Server: 
216.136.29.250)...
Sat 2001-01-27 13:40:01: [1164:8057] Spam Blocker 10 second wait for DNS 
response exceeded
Sat 2001-01-27 13:40:01: [1164:8057] Spam Blocker checking 200.189.209.131 
using 131.209.189.200.rbl.maps.vix.com...
Sat 2001-01-27 13:40:01: [1164:8057] Spam Blocker A-record resolution of 
[131.209.189.200.rbl.maps.vix.com] in progress (DNS Server:
216.136.29.250)...
Sat 2001-01-27 13:40:02: [1164:8057] Spam Blocker checking 200.189.209.131 
using 131.209.189.200.relays.mail-abuse.org...
Sat 2001-01-27 13:40:02: [1164:8057] Spam Blocker A-record resolution of 
[131.209.189.200.relays.mail-abuse.org] in progress (DNS Server: 
216.136.29.250)...
Sat 2001-01-27 13:40:02: [1164:8057] Spam Blocker 
D=131.209.189.200.relays.mail-abuse.org TTL=(5) A=[127.0.0.2]
Sat 2001-01-27 13:40:02: [1164:8057] 550 mail from 200.189.209.131 refused 
by RSS, see http://www.mail-abuse.org/rss/
Sat 2001-01-27 13:40:03: [1164:8057] SMTP session abnormally terminated, 26 
bytes transferred.
Sat 2001-01-27 13:40:03: --



As you can see, it says it is doing A-record resolutions with the relevent
abuse locations.

I did note in the earlier mail that rblsmtpd is now in the ucspi-tcp program
and has a   -a  query.
The only thing about this is why it says   "anti-listed" instead of listed.

On my  second question which was about the 220, 221 etc. codes, Yes, I had
already tried putting something in SMTPGREETING.

What that gives me is (I've deleted most of the junk for brevity) :-

Sat 2001-01-27 13:38:15: [2356:8055] 220 How's it hanging ? ESMTP
Sat 2001-01-27 13:38:15: [2356:8055] EHLO chaossolutions.org
Sat 2001-01-27 13:38:15: [2356:8055] 250-How's it hanging ?

Sat 2001-01-27 13:38:15: [2356:8055] 221 How's it hanging ?
Sat 2001-01-27 13:38:15: [2356:8055] SMTP session successful, 675 bytes 
transferred.

As you can see, it gives the same text string for 220, 221 and 250 ie the
smtpgreeting.
Wheras, other pople customise the strings which is what I was asking about.


Sat 2001-01-27 05:41:30: [2608:7809] 220 smtp2.home.se Novonyx SMTP ready 
$Revision:   2.74  $
Sat 2001-01-27 05:41:30: [2608:7809] EHLO chaossolutions.org
Sat 2001-01-27 05:41:32: [2608:7809] 250-smtp2.home.se Pleased to meet you
Sat 2001-01-27 05:41:44: [2608:7809] 221 smtp2.home.se So long, and thanks 
for all the fish



Sat 2001-01-27 05:41:34: [2228:7803] 250 warrior-inbound - Plus.Net, The 
smarter way to Internet -
Sat 2001-01-27 05:41:43: [2228:7803] 250 ok 980592233 qp 27053
Sat 2001-01-27 05:41:43: [2228:7803] QUIT
Sat 2001-01-27 05:41:49: [2228:7803] 221 warrior-inbound - Plus.Net, The 
smarter way to Internet -


Sat 2001-01-27 05:41:37: [2444:7858] 250-post.it.helsinki.fi Hello 
server.chaossolutions.org [216.136.109.158] (may be forged), pleased to 
meet you. Unless you are a SPAMmer
Sat 2001-01-27 05:41:38: [2444:7858] 250 2.1.0 
<[EMAIL PROTECTED]>... Sender looks kinda ok
Sat 2001-01-27 05:41:50: [2444:7858] 250 2.0.0 f0RAhmx20818 Message 
accepted for delivery. Lucky you
Sat 2001-01-27 05:41:50: [2444:7858] QUIT
Sat 2001-01-27 05:41:51: [2444:7858] 221 2.0.0 post.it.helsinki.fi closing 
connection. Nice meeting you


Anyway, this part I was just curious about. The main bit was/is the
rblsmtpd. Please refer back to my original mail if you are confused.

Regards...Martin
-- 
Ah, Blackadder. Notice anything...unusual?
Yes, sir. It's eleven thirty in the morning, and you're moving about.
  Is the bed on fire?

 == George and Edmund : Duel and Duality

rblsmtpd patch

[Robert Sander]

Hi!

I have made a patch to rblsmtpd that allows to call an arbitrary
program whenever a connecting mailserver is in one of the lists.

I use it to send the postmasters of this host and the respective
domains a short mail saying that they have an open relay and they
should fix it.

This is maybe not what everybody wants, because it generates traffic.
But I have my users in the back complaining about not getting mails
from the outside. So I started to send out mails manually to the
respective postmasters to close their open relays.
This was getting too much work, therefore this patch:

ftp://epigenomics.org/pub/oss/ucspi-tcp/rblsmtpd.patch

When rblsmtpd is called with the new option "-x /path/to/program", it
calls the program every time a connecting mailserver is blocked and
quits. It calls the given program, which gets all the environment
variables from tcpserver and a new one set by rblsmtpd: $RBLMESSAGE,
which is the message the connecting mailserver was rejected with.

The program now can make decisions based on $TCPREMOTEHOST et. al.
to do anything like sending mail to postmaster@$TCPREMOTEHOST.

I do know that the error should show up in the logs of the remote
host, but when they are misconfigured, it is likely the postmaster
does not look into the logs. I do hope she/he is looking into the
mailbox...

In the ftp-directory is a sample bash script called rblscript that
sends a short mail to the postmaster of the remote host.

Please feel free to send any additions/corrections to me.

Greetings
-- 
Robert Sander
Computer Scientist   Epigenomics AG
Bioinformatics R&Dwww.epigenomics.com Kastanienallee 24
+493024345330  10435 Berlin

Re: rblsmtpd

[Mate Wierdl]

> I did note in the earlier mail that rblsmtpd is now in the ucspi-tcp
> program and has a -a query.  The only thing about this is why it
> says "anti-listed" instead of listed.


Perhaps you want to read the docs for rblsmtpd for the meaning of the
-a flag.

Unpatched rblsmtpd blocks using TXT records.

Mate

Re: rblsmtpd

[Martin Randall]

Hello Mate

On 29-Jan-01, you wrote:

>> I did note in the earlier mail that rblsmtpd is now in the ucspi-tcp
>> program and has a -a query.  The only thing about this is why it
>> says "anti-listed" instead of listed.
> 
> 
> Perhaps you want to read the docs for rblsmtpd for the meaning of the
> -a flag.
> 
> Unpatched rblsmtpd blocks using TXT records.
> 
> Mate
> 

There isn't a man rblsmtpd. what other docs besides DJB's ucspi-tcp
(rblsmtmp)   http://cr.yp.to/ucspi-tcp/rblsmtpd.html

Options: 
-r base: Use base as an RBL source. An IP address a.b.c.d is listed by that
source if d.c.b.a.
base has a TXT record. rblsmtpd uses the contents of the TXT record as an
error message for the client. 
-a base: Use base as an anti-RBL source. An IP address a.b.c.d is
anti-listed by that source if d.c
.b.a.base has an A record. In this case rblsmtpd does not block mail. 

This is the reference to :-

"The only thing about this is why it says "anti-listed" instead of listed."

That I made.  I am not sure why it says "anti-listed". As in not in the rbl.
It seems to be saying that if the IP matches then it's allowed.

I'd have thought that if they had changed their rbl listing from txt to
A-record, then doing a A-record against it and getting a result would be
"listed" and then qmail would deny the connection.

Obviously, I'm missing something here, but that section of the
ucspi-tcp/rblmstpd is just not clear.

Regards...Martin
-- 
"Good taste is better than bad taste, but bad taste is better than no
taste."

- Arnold Bennett.

rblsmtpd log

[Agi Subagio]

sorry for this question,
how to log rblsmtpd conversation in to /var/log/qmail or other place?

rblsmtpd logging

[John McCoy, Jr.]

I noticed when I implemented rblsmtpd that several legitimate sites were
being blocked. They were mostly other .edu sites. Is there any way to create
a list of exceptions, hopefully with a wild card so I could allow all .edu
traffic to pass regardless? Or better yet can I get rblsmtpd to just tell me
which sites it has gotten matches on but not actually block the mail. So I
can then encourage sites that should be allowed in to improve their servers,
and make the web a better place for us all. I've already written a script to
pull out those who get blocked from the log file. That was how I discovered
I was blocking people who needed to send us email. I would be happy to share
it.



John McCoy, Jr
Central Systems Administrator
Mills College, Oakland, CA
510-430-3321
[EMAIL PROTECTED]

tcpserver rblsmtpd

[Brad Dameron]

Anyone have a good example of using the tcpserver rblsmtpd with qmail?

I am currently using "/usr/local/bin/tcpserver -c 120 -D -x
/mail/etc/tcp.smtp.cdb -u 501 -g 500 0 smt
p /var/qmail/bin/qmail-smtpd 2>&1 | /var/qmail/bin/splogger smtpd 3 &" as my
start line in my rc.local file.

Please let me know what the best way to use the rblsmtpd program is.

Thank you.

---
Brad Dameron[EMAIL PROTECTED]
Network Account Executive   877-663-4349
TSCNet Online Services  www.tscnet.com
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001

rblsmtpd and rblplus?

[John R. Levine]

Has anyone modified rblsmtpd to work with MAPS' rbl-plus?  It's
a merged RBL, RSS, and DUL with the particular list(s) an address
is on being determined by bits in the low part.

The changes I'd want to rblsmtpd would be 1) tell which bits to pay
attention to and which not tom since I reject RBL and RSS mail, but send
DUL mail into a spam trap, and 2) provide default TXT messages to use
depending on which bits are set.

It's not all that hard to do, but I'd rather not do it if someone else
already has.  I see nothing about rbl-plus in the archives yet.


-- 
John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869
[EMAIL PROTECTED], Village Trustee and Sewer Commissioner, http://iecc.com/johnl, 
Member, Provisional board, Coalition Against Unsolicited Commercial E-mail

ucspi / rblsmtpd docs?

[Paul Farber]

Hello all

Got the latest verion of ucspi (.88) that is said to incorporate the older
rblsmtpd program from djb

Are the old rblsmtpd docs still valid??? The tcpserver man page DOES list
rblsmtpd under 'see also', but rblsmtpd is not part of ucspi.. and round
and round we go!

So where are the docs???  Tcpserver or rblsmtpd 

Paul Farber
Farber Technology
[EMAIL PROTECTED]
Ph  570-628-5303
Fax 570-628-5545

qmail/rblsmtpd error

[Todd A. Jacobs]

I have the following line in /etc/inetd.conf:

smtp stream tcp nowait qmaild /usr/sbin/tcpd /var/qmail/bin/tcp-env
/usr/local/bin/rblsmtpd /var/qmail/bin/qmail-smtpd

I'm getting oodles of the following errors in my logs:

Jul  3 14:12:12 cyrix inetd[810]: pid 31351: exit status 1
Jul  3 14:27:41 cyrix inetd[810]: pid 31420: exit status 1
Jul  3 14:43:22 cyrix inetd[810]: pid 31458: exit status 1
Jul  3 14:59:00 cyrix inetd[810]: pid 31481: exit status 1

Since qmail isn't restarting all the time, the problem seems to point to
rblsmtpd. I did a grep of all the source files, but only found exit(1) in
subgetopt.3, and am not sure how this applies.

Can anyone help?

-- 
Todd A. Jacobs
Senior Network Consultant

build-rblsmtpd error

[Neil D. Roberts]

Hi !

Running Debian, I done the "build-rblsmtpd" which debian implements in a
DEB rblsmtpd-source package. The only problem is that the
"build-rblsmtpd" part exits with a rather nice error. These are the
lines it does :

Press ENTER to continue...
make
make[1]: Entering directory `/tmp/rblsmtpd/rblsmtpd-0.70´
nroff -man rblsmtpd.8 > rblsmtpd.0
nroff -man antirbl.8 > antirbl.0
./compile rblsmtpd.c
make[1]: execvp: ./compile: Permission Denied
make[1]: *** [rblsmtpd.o] Error 127
make[1]: Leaving directory `/tmp/rblsmtpd/rblsmtpd-0.70´
make: *** [build] Error 2

I don´t know if anyone has come across this problem before, or if I have
missed a step. Any ideas ?

Thanks, Neil

Re: rblsmtpd emergency

[Ben Beuchler]

On Wed, Aug 16, 2000 at 07:08:28AM -0500, Mate Wierdl wrote:

> BTWY, I know many people are attached to using DNS for rbl lookups,
> but would not it be relatively simple to implement a server software
> using tcpserver that would just lookup an IP number in a .cdb database
> of IP numbers, and send an appropriate response?  A client might be
> similarly simple to implement using tcpclient.

That would not allow for the rapid changes necessary in a blackhole
list.  Imagine you are an ISP with several thousand customers.  Through
an oversight, your mail server is blacklisted.  Would you rather wait
for the tens or hundreds of thousands of sysadmins out there
administering mail servers to remove you from their blackhole list or
just submit it to the maintainer of the list and have it fixed in minute
or hours?

Ben

-- 
Ben Beuchler [EMAIL PROTECTED]
MAILER-DAEMON (612) 321-9290 x101
Bitstream Underground   www.bitstream.net

Re: rblsmtpd emergency

[Mate Wierdl]

On Wed, Aug 16, 2000 at 09:55:53AM -0500, Ben Beuchler wrote:
> On Wed, Aug 16, 2000 at 07:08:28AM -0500, Mate Wierdl wrote:
> 
> > BTWY, I know many people are attached to using DNS for rbl lookups,
> > but would not it be relatively simple to implement a server software
> > using tcpserver that would just lookup an IP number in a .cdb database
> > of IP numbers, and send an appropriate response?  A client might be
> > similarly simple to implement using tcpclient.
> 
> That would not allow for the rapid changes necessary in a blackhole
> list.  Imagine you are an ISP with several thousand customers.  Through
> an oversight, your mail server is blacklisted.  Would you rather wait
> for the tens or hundreds of thousands of sysadmins out there
> administering mail servers to remove you from their blackhole list or
> just submit it to the maintainer of the list and have it fixed in minute
> or hours?

I do not understand this comment: it seems you are arguing against the
very existence of rbldns.  And I was asking if rbldns could be
implemented in a less restrictive way---without the need for a domain
delegation.  As a separate but related question, I was also asking if
DNS needs to be involved in the first place.

The fact is a few thousand mail servers running rblsmtpd cannot use
relays.mail-abuse.org.  So now they all have to apply for a domain so
that they can use rbldns.  Or they can start patching rblsmtpd to use
A records---until relays.mail-abuse.org will change the record
structure again.

To address your concern: a reasonable site running rbldns would
transfer the zone from relays.mail-abuse.org frequently, so a change
at relays.mail-abuse.org would propagate to the mirrors quite quickly.

Mate 

Re: rblsmtpd emergency

[Michael T. Babcock]

- Original Message -
From: "Mate Wierdl" <[EMAIL PROTECTED]>


> On Wed, Aug 16, 2000 at 09:55:53AM -0500, Ben Beuchler wrote:
> > On Wed, Aug 16, 2000 at 07:08:28AM -0500, Mate Wierdl wrote:
> >
> > That would not allow for the rapid changes necessary in a blackhole
> > list.  Imagine you are an ISP with several thousand customers.  Through
> > an oversight, your mail server is blacklisted.  Would you rather wait
> > for the tens or hundreds of thousands of sysadmins out there
> > administering mail servers to remove you from their blackhole list or
> > just submit it to the maintainer of the list and have it fixed in minute
> > or hours?
>
> The fact is a few thousand mail servers running rblsmtpd cannot use
> relays.mail-abuse.org.  So now they all have to apply for a domain so
> that they can use rbldns.  Or they can start patching rblsmtpd to use
> A records---until relays.mail-abuse.org will change the record
> structure again.

The best approach to this is to have rblsmtpd use A records, as it should
have from the beginning (that's what you get for optimising solely for
speed, not for correctness).

Re: rblsmtpd emergency

[Mate Wierdl]

On Thu, Aug 17, 2000 at 06:34:21PM -0400, Michael T. Babcock wrote:
> The best approach to this is to have rblsmtpd use A records, as it should
> have from the beginning (that's what you get for optimising solely for
> speed, not for correctness).

But then the TXT record is really useful: it does give a clue to the
client how to get out of the mess.  

Mate

Re: rblsmtpd emergency

[Michael T. Babcock]

You're right -- there's no doubt that the TXT record is useful (or was
;-) ).  But my point is that the lookups (according to the spec) were to be
done on A records, and the TXT records fetched if you wanted that
description.  This is two lookups, so no qmail person would settle for that
(humour).  That was the jist of my original coment.

- Original Message -
From: "Mate Wierdl" <[EMAIL PROTECTED]>


> On Thu, Aug 17, 2000 at 06:34:21PM -0400, Michael T. Babcock wrote:
> > The best approach to this is to have rblsmtpd use A records, as it
should
> > have from the beginning (that's what you get for optimising solely for
> > speed, not for correctness).
>
> But then the TXT record is really useful: it does give a clue to the
> client how to get out of the mess.

Re: rblsmtpd emergency

[Toni Mueller]

Hello,

On Wed, Aug 16, 2000 at 10:28:48AM -0500, Mate Wierdl wrote:
> On Wed, Aug 16, 2000 at 09:55:53AM -0500, Ben Beuchler wrote:
> > On Wed, Aug 16, 2000 at 07:08:28AM -0500, Mate Wierdl wrote:
> > > but would not it be relatively simple to implement a server software
> > > using tcpserver that would just lookup an IP number in a .cdb database
> > > of IP numbers, and send an appropriate response?  A client might be

hmm. I don't understand the question. For ucspi-tcp-0.88, I get
from http://cr.yp.to/ucspi-tcp/rblsmtpd.html (slightly wrapped):

- cut
Options: 

-r base: Use base as an RBL source. An IP address a.b.c.d
is listed by that source if d.c.b.a.base has a TXT record.
rblsmtpd uses the contents of the TXT record as an error
message for the client. 
- cut

and:

- cut
You may supply any number of -r and -a options. rblsmtpd tries
each source in turn until it finds one that lists or anti-lists
$TCPREMOTEIP. It also tries an RBL source of rbl.maps.vix.com
if you do not supply any -r options. See http://maps.vix.com/rbl/
for more information about rbl.maps.vix.com.

If you want to run your own RBL source or anti-RBL source for
rblsmtpd, you can use rbldns from the djbdns package. 
- cut

I didn't try this, but imho this clearly says "-r maps.vix.com
gets you the default behaviour of asking Paul Vixie".

So, what's the problem? You need to axfr the zone from somewhere
and massage that into a cdb the rbldns would probably use.
That could be done with a cron job. How much mail you then
deny is up to you...

But that's one thing every sysadmin has to decide for oneself,
do I have a default closed (-c) or open (-C) setup when my
rbl servers fail?


Best Regards,
--Toni++

DUL and rblsmtpd

[Adam D. McKenna]

Does anyone know if Dan is planning on adding DUL support to rblsmtpd?

--Adam

abuse@... vs rblsmtpd

[Balazs Nagy]

Hiyas,

I have a little cosmetic problem with spam handling.  I'd like to make a
controlled account where the handled-as-spammer-hosts can post mail.  This
account can be practically [EMAIL PROTECTED]

Well, I understand that RBL lists are a solution of today's problems and it
have to be isolated from smtpd, but it would be good if some spammer could
send complaining letters to my host.

Before some of you suggest me to use another IP address I have to tell that
we currently own 32 addresses and I cannot give one just for spam complains.

I think I musn't isolate myself from spammers completely because it's
generally a bad idea.

Regards: Balazs
-- 
#!/usr/bin/perl -export-a-crypto-system-sig -http://dcs.ex.ac.uk/~aba/rsa
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0

multiple rblsmtpd instances

[Matt Schnierle]

Is is possible to run multiple rblsmtpd instances in front of one another? 
We use both the maps RBL and the maps DUL on our remaining sendmail box, and
I need to verify that this can be done for the process of phasing in qmail.

I'm guessing that I can just daisychain the rblsmptd instances in front of
one another.  Is this possible, and what in blazes would the syntax look
like?

TIA.


--Matt Schnierle
--mgs at stargate dot net
--Stargate Industries, LLC
--#include 
--"It's not that simple."

rblsmtpd not blocking

[torben fjerdingstad]

I have verified that orbs's host are not blocked with my
setup. I dont see what's wrong. What exactly should I do?
Also: Can I get denials logged?

Here is my complete startup script (AIX-4.2.1):

/usr/local/bin/supervise /usr/local/qmail/supervise/qmail-send env - \
PATH="/usr/local/qmail/bin:$PATH" \
TZ=MET-1METDST,M3.5.0,M10.5.0 \
qmail-start ./Mailbox /usr/local/bin/accustamp|/usr/local/bin/setuser qm aill 
\ 
/usr/local/bin/cyclog -s14000 -n2 /var/adm/maillog qmail &

/usr/local/bin/supervise /usr/local/qmail/supervise/tcpserver env - \
PATH="/usr/local/bin:$PATH" TZ=MET-1METDST,M3.5.0,M10.5.0 \
tcpserver -x /usr/local/etc/tcp.smtp.cdb \
-v -p -t 5 -c 400 -b 40 -u 203 -g 200 0 \
smtp /usr/local/bin/smtplog \
/usr/local/bin/rblsmtpd -rrelays.orbs.org -rrbl.maps.vix.com \
/usr/local/qmail/bin/qmail-smtpd 2>&1 \
| /usr/local/bin/accustamp \
| /usr/local/bin/cyclog -s14000 -n2 /var/adm/smtpd smtpd 3 &

-- 
Med venlig hilsen / Regards 
Netdriftgruppen / Network Management Group
UNI-C  

Tlf./Phone   +45 35 87 89 41Mail:  UNI-C
Fax. +45 35 87 89 90   Bygning 304
E-mail: [EMAIL PROTECTED]   DK-2800 Lyngby

rblsmtpd error codes

[D. J. Bernstein]

Sam writes:
> Is it only my opinion that rblsmtpd returns a temporary error code,
> for no good reason, so that the blacklisted relay keeps banging at
> your server for two weeks, until the mail bounces? 

It's not an opinion. It's a statement of fact. And it's wrong.

rblsmtpd gives you the choice between code 553, telling legitimate
clients to bounce the message immediately, and code 451, giving innocent
relay operators a chance to fix the problem. Read the fucking manual.

---Dan

rblsmtpd error redirection?

[Barton]

Hi, 
I am running  rblsmtpd under tcpserver, and I 
would like the error messages to be saved to 
a log file instead of being directed to stderr.

Is there a way that I can do this?

Thanks.

barton

rblsmtpd w/inetd?

[Matthew Kirkwood]

Hi,

(I've been off this list for a while, but I'm back
now - apologies if I've just missed anything like
this)

Has anyone successfully setup rblsmtpd (as a front
for qmail-smtpd) running through inetd?

I realise that having something like:

smtp stream tcp nowait.1000 qmaild /usr/sbin/tcpd   \
/usr/local/qmail/bin/tcp-env /usr/local/qmail/bin/rblsmtpd \
/usr/local/qmail/bin/qmail-smtpd

is going to be at least a little inefficient, but it
would do an initial attempt to start using the RBLs.

Also, (and slightly off-topic) does anyone here have
experience of the list at http://www.imrss.org/dssl/?

Cheers,
Matthew.

elementary rblsmtpd question

[Mate Wierdl]

I now realized, I do not understand how rbl(smtpd) works. 

Is it correct to say that rblsmtpd checks the rbl database only for
the (most recently) connecting host?  In particular, suppose I run
rblsmtpd on A and I do not run it on B.  If I have a .qmail file on B,
with

mw@A

in it, and a spam is sent to this .qmail file from an rbl'd site, mw@A
will get the message.

Thx

Mate

Help with rblsmtpd

[Julian Alvarez Venegas]

I found out about qmail a few months ago and I installed it in a
production system basing myself on the excellent reference titled "Life
with qmail"; I use qmail's initialization script that comes in that
reference.  Lately, however, several users have complained about not
receiving email from certain places.  I investigated further and realized
that these places are those that have open relay configured in their
servers.  My question is, which /var/qmail/control file should I specify
to receive the emails from certain domains?
I appreciate your attention, thanks in advance.

Regards

qmail and rblsmtpd

[kevin]

Hi All,

I'm new the list and hopefully have an easily answered questions, which 
is :

How do I apply the coorect options to get rblsmtpd to work with qmail.

This is my current tcpserver command line :
 /usr/local/bin/tcpserver -v -u 101 -g 100 0 smtp 
/var/qmail/bin/qmail-smtpd &

I want to use relays.mail-abuse.org and my rblsmtpd is located in 
/opt/software/bin/rblsmtpd

Can anyoone help at all?

Many thanks,

Kevin Smith

qmail and rblsmtpd

[kevin]

Hi All,

Is there anyone who knows about how to setup rblsmtpd ?

I've tried loads of different sources and I can't seem to find a way to 
set-up qmail to bloke relay spam to my server.

This my current start-up for qmail in /etc/init.d :
 /usr/local/bin/tcpserver -v -u 101 -g 100 0 smtp 
/var/qmail/bin/qmail-smtpd &

I have tried the following combinations :

Here is the rblsmtpd help prompt :
 rblsmtpd [ -b ] [ -R ] [ -r domain ] [ -t timeout ] smtpd [ arg ... 
] 

And in theory this should work :
 /usr/local/bin/tcpserver -v -u 101 -g 100 0 smtp 
/opt/software/bin/rblmstpd /var/qmail/bin/qmail-smtpd &

But, ir doesn't bloke reply spam from the test from RSS list?

Any ideas?


Regards,

Kevin Smith
Lemon Lainey Design UK
http://www.lemonlaineydesign.com

rblsmtpd + multiple listings

[Mark E. Drummond]

I am a bit confused ... I am looking at Aaron Nabil's patch to allow rblsmtpd
to use multiple listing services ... but does rblsmtpd not already support
multiple services? Of course it does, I'm using the rbl and relays.mail-abuse
right now. Why the patch?

-- 
__
Mark Drummond|ICQ#19153754|mailto:[EMAIL PROTECTED]
 Gang Warily|http://signals.rmc.ca/
Kingston Linux Users Group|http://signals.rmc.ca/klug/

help with rblsmtpd

[Brandon Dudley]

> 
> I just need another pair of eyes (or a dozen parirs) to tell me why the 
> following startup files wouldn't work:
> 
> #!/bin/sh
> QMAILDUID=`id -u qmaild`
> NOFILESGID=`id -g qmaild`
> exec /usr/local/bin/softlimit -m 200 \
> /usr/local/bin/tcpserver -v -p -x /etc/tcp.smtp.cdb -c 5\
> -u $QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/rblsmtpd -b -r rbl
   >.ma
> ps.vix.com -r dul.maps.vix.com -r relays.radparker.com -r rss.maps.vix.com \
> /var/qmail/bin/qmail-smtpd 2>&1
> 
> I just upgraded my copies of ucspi and daemontools to the latest versions and
> removed my old startup file in favor of the LWQ startfile. Everything worked
> until I tried to integrate rblsmtpd into the mix. Using the above caused smtp
   >d
> to not respond:
> 
> brandon@dudman [9:59am] /home/brandon 4060> telnet discontent.com 25
> Trying 216.100.35.70...
> Connected to discontent.com.
> Escape character is '^]'.
> Connection closed by foreign host.
> 
> although a ps auxww showed what looked like a working smtpd:
> 
> qmaild   26262  0.0  0.5  1260  520 pts/0S10:05   0:00 /usr/local/bin
   >/tcpserver -v -p -x /etc/tcp.smtp.cdb -c 5 -u 16 -g 52 0 smtp 
> /var/qmail/bin/rblsmtpd -b -r rbl.maps.vix.com -r dul.maps.vix.com -r relays.
   >radparker.com -r rss.maps.vix.com /var/qmail/bin/qmail-smtpd 
> 
> Any suggestions?
> 
> Brandon

Re: new rblsmtpd

[Russell Nelson]

Mate Wierdl writes:
 > Does not the new rblsmtpd obsolete Russ's patches, or is their any
 > functionality that is still not provided by the new rblsmtpd?

You can make your own decision, but ... I use the new rblsmtpd.

-- 
-russ nelson <[EMAIL PROTECTED]>  http://russnelson.com
Crynwr sells support for free software  | PGPok | "Ask not what your country
521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | do for you..."  -Perry M.

Relay and rblsmtpd

[Roberto Samarone Araujo \(RSA\)]

Hi,

I want to block some emails so, I installed rlblsmtpd. I need to put it in
qmail initialization script but, I don't know how to do it.
This line is in my qmail.sh start up script.

tcpserver -b 64 -c 64 -x/etc/tcp.smtp.cdb -g 82 -u 82 -t 600 0 smtp
/var/qmail/bin/qmail-smtpd 2>&1 | /var/qmail/bin/splogger smtpd &

Another question: If I need to block an email from my system, I need only to
put the next line in /etc/tcp.smtp ?
    deny:$RBLSMTPD="email@email"

thanks,

Roberto Samarone Araujo

rblsmtpd and firewall

[Roberto Samarone Araujo \(RSA\)]

I turned on my firewall and I looked at my logs when I found this message:

smtpd: 975401579.539737 tcpserver: fatal: unable to figure out
port number for /usr/local/bin/rblsmtpd

What's the port number and protocol(TCP or UDP) that rblsmtpd use ?

thanks,

Roberto Samarone Araujo

Qmail and rblsmtpd

[Roberto Samarone Araujo \(RSA\)]

Hi,

When I set up Qmail without 'rblsmtpd' module and try to telnet
to port 25, it repospond fastly but, after install 'rblsmtpd' module it
suffered a big delay. I would like to know what can I do to qmail respond
more fastly when 'rblsmtpd' is working.

I put int my qmail.rc file the line :

/usr/local/bin/tcpserver -b 64 -c
64 -x/etc/tcp.smtp.cdb -g 82 -u 82 -t 600 0 smtp /usr/local/bin/rblsmtpd
/var/qmail/bin/qmail-smtpd 2>&1 | /var/qmail/bin/splogger smtpd &

Roberto Samarone Araujo

Re: rblsmtpd - notification

[Markus Stumpf]

On Thu, Dec 28, 2000 at 11:10:37AM +1100, [EMAIL PROTECTED] wrote:
> question is: Is there anyway of notifying the person who sent the 
> mail to you through the open relay, with a generic message that 
> they were blocked. Say "Your message could not be processed by 
> our server." If anyone could help with this it would be much 
> appreciated.

rblsmtpd either rejects the message permanently (5xx code) or temporarily
(4xx code). Depending on the option you start rblsmtpd with and assuming
a correctly working smtpd on the sending side, the user will either
get a immediate failure notice on a 5xx code or a delayed one as soon as
the retry interval (typically around a week) of the sending smtpd has expired.
See
http://cr.yp.to/ucspi-tcp/rblsmtpd.html>
and especially the section on "Temporary errors" and the "-b -B" switches
for more information.

Note: a 4xx code is more "social" but may trigger bugs in some smtpds
  (e.g. Microsoft SMTP) causing them to hammer on your smtpd with retries.
  See: http://support.microsoft.com/support/kb/articles/Q224/9/83.ASP>

\Maex

-- 
SpaceNet AG   |   http://www.Space.Net/   | Stress is when you wake
Research & Development| mailto:[EMAIL PROTECTED] | up screaming and you
Joseph-Dollinger-Bogen 14 |  Tel: +49 (89) 32356-0| realize you haven't
D-80807 Muenchen  |  Fax: +49 (89) 32356-299  | fallen asleep yet.

rblsmtpd and inetd

[Todd A. Jacobs]

I'm getting a lot of errors like the following in my syslog:

Feb 27 20:09:51 cyrix inetd[925]: pid 27274: exit status 1

which I suspect are coming from rblsmtpd. The problem is that I don't know
how to redirect the stderr to a log file where I can see what the actual
problem is. My inetd line is as follows:

smtp stream tcp nowait qmaild /usr/sbin/tcpd \
/var/qmail/bin/tcp-env /usr/local/bin/rblsmtpd \
/var/qmail/bin/qmail-smtpd

According to the rblsmtpd man page, the errors are being sent to stderr,
but they're apparently not getting logged to syslog. What can I do?

-- 
Todd A. Jacobs
CodeGnome Consulting, LTD

Re: rblsmtpd logging

[David Dyer-Bennet]

"John McCoy, Jr." <[EMAIL PROTECTED]> writes:

> I noticed when I implemented rblsmtpd that several legitimate sites were
> being blocked. They were mostly other .edu sites. Is there any way to create
> a list of exceptions, hopefully with a wild card so I could allow all .edu
> traffic to pass regardless? Or better yet can I get rblsmtpd to just tell me
> which sites it has gotten matches on but not actually block the mail. So I
> can then encourage sites that should be allowed in to improve their servers,
> and make the web a better place for us all. I've already written a script to
> pull out those who get blocked from the log file. That was how I discovered
> I was blocking people who needed to send us email. I would be happy to share
> it.

Yes; set the environment variable RBLSMTPD to a null string ("") using
tcpserver (in the cdb file; well, you put it in the source which is
compiled into the cdb file):

209.98.94.1-8:allow,RBLSMTPD=""
-- 
David Dyer-Bennet  /  Welcome to the future!  /  [EMAIL PROTECTED]
SF: http://www.dd-b.net/dd-b/  Minicon: http://www.mnstf.org/minicon/
Photos: http://dd-b.lighthunters.net/

Re: tcpserver rblsmtpd

[Timothy Legant]

On Wed, Mar 21, 2001 at 02:44:33PM -0800, Brad Dameron wrote:
> 
>   Anyone have a good example of using the tcpserver rblsmtpd with qmail?

/usr/local/bin/tcpserver -x/var/qmail/tcp.smtp.cdb -R -v -u82 -g81 0 smtp \
/usr/local/bin/rblsmtpd -r 'relays.mail-abuse.org:Open relay problem - see 
http://www.mail-abuse.org/cgi-bin/nph-rss?query=%IP%>' \
-r dialups.mail-abuse.org -r blackholes.mail-abuse.org \
/var/qmail/bin/qmail-smtpd 2>&1 | /var/qmail/bin/splogger smtpd 2 &

>   Please let me know what the best way to use the rblsmtpd program is.

Get the patch to use A records from www.qmail.org. It's called
ucspi-rss.diff . Apply it and rebuild ucspi-tcp. Use the above command
line (or something similar). Note that, for the relays.mail-abuse.org
list (also known as the RSS), you *must* follow the host name with a
colon and a text string, as above. The %IP% is replaced by the IP
address of the listed host.

> Thank you.

You're welcome. Hope that's helpful.

Tim

Re: tcpserver rblsmtpd

[Rick Updegrove]

- Original Message -
From: "Brad Dameron" <[EMAIL PROTECTED]>
> Anyone have a good example of using the tcpserver rblsmtpd with qmail?
>
> I am currently using "/usr/local/bin/tcpserver -c 120 -D -x
> /mail/etc/tcp.smtp.cdb -u 501 -g 500 0 smt
> p /var/qmail/bin/qmail-smtpd 2>&1 | /var/qmail/bin/splogger smtpd 3 &" as
my
> start line in my rc.local file.


I use a LWQ style - vpopmail enbabled supervised run script


#!/bin/sh
# Note: concurrencyincoming is a feature of this script.
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
exec /usr/local/bin/softlimit -m 400 \
tcpserver -v -p -x /home/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
/usr/local/bin/rblsmtpd \
-r relays.orbs.org \
-r rbl.maps.vix.com \
-r blackholes.mail-abuse.org \
-r dialups.mail-abuse.org \
-r 'relays.mail-abuse.org:Open relay problem - see
http://www.mail-abuse.org/cgi-bin/nph-rss?%IP%>' \
qmail-smtpd 2>&1


Hope this helps

Rick Up

rblsmtpd and 'tagging' emails

[Qmail]

Hi Folks,

Is there any way to use rblsmtpd to simply set a header in qmail, rather
than bouncing emails?

Thanks,

Lance

Re: ucspi / rblsmtpd docs?

[Adam McKenna]

On Mon, Jul 03, 2000 at 12:51:48PM -0400, Paul Farber wrote:
> Hello all
> 
> Got the latest verion of ucspi (.88) that is said to incorporate the older
> rblsmtpd program from djb
> 
> Are the old rblsmtpd docs still valid??? The tcpserver man page DOES list
> rblsmtpd under 'see also', but rblsmtpd is not part of ucspi.. 

Um, yeah it is.

--Adam

Re: ucspi / rblsmtpd docs?

[Gerrit Pape]

On Mon, Jul 03, 2000 at 12:51:48PM -0400, Paul Farber wrote:
> Hello all
> 
> Got the latest verion of ucspi (.88) that is said to incorporate the older
> rblsmtpd program from djb
> 
> Are the old rblsmtpd docs still valid??? The tcpserver man page DOES list
> rblsmtpd under 'see also', but rblsmtpd is not part of ucspi.. and round
> and round we go!
>
Assuming You mean the man-pages I did, sorry, I seem to forgot this one.
In fact, there are missing the man-pages for addcr, delcr, mconnect-io an
rblsmtpd. I will do them the next days.
 
> So.... where are the docs???  Tcpserver or rblsmtpd 
>
http://cr.yp.to/ucspi-tcp/rblsmtpd.html .

Gerrit.

-- 
[EMAIL PROTECTED]
  innominate AG
  networking people
fon: +49.30.308806-0 fax: -77  web: http://innominate.de  pgp: /pgp/gpa

Re: ucspi / rblsmtpd docs?

[Paul Farber]

I got several tarballs of ucspi doc's (.87 and .88) yet none of them had
any rblsmtpd man pages.

anyone have a complete set?

Paul Farber
Farber Technology
[EMAIL PROTECTED]
Ph  570-628-5303
Fax 570-628-5545

On Mon, 3 Jul 2000, Adam McKenna wrote:

> On Mon, Jul 03, 2000 at 12:51:48PM -0400, Paul Farber wrote:
> > Hello all
> > 
> > Got the latest verion of ucspi (.88) that is said to incorporate the older
> > rblsmtpd program from djb....
> > 
> > Are the old rblsmtpd docs still valid??? The tcpserver man page DOES list
> > rblsmtpd under 'see also', but rblsmtpd is not part of ucspi.. 
> 
> Um, yeah it is.
> 
> --Adam
> 

rblsmtpd and not bouncing

[Michael T. Babcock]

I would like to offer an option similar to pobox.com's [spam: 84%]
"Subject:" munging for incoming messages from RBL or RSS listed sites.
Instead of actually bouncing the message as RBLSMTPD does, allow the
message but add [spam - rbl] or [spam - rss] or the like to the Subject:
field of the messages in question.

I'm wondering if anyone else has done this before I go making a
completely modified version of rblsmtpd to do so.

using RBLSMTPD env var

[Jon Rust]

I was just denying all Yesmail connections in my tcp.smtp.cdb file.
After watching the thread today on blocking mail, I wanted to use the
RBLSMTPD var instead. Like so:

   # Yesmail.com
   63.88.133.:allow,RBLSMTPD="-Yesmail email is not wanted here"
   63.89.82.:allow,RBLSMTPD="-Yesmail email is not wanted here"
   63.238.242-243.:allow,RBLSMTPD="-Yesmail email is not wanted here"
   63.79.151.:allow,RBLSMTPD="-Yesmail email is not wanted here"
   207.154.137.:allow,RBLSMTPD="-Yesmail email is not wanted here"
   207.154.208.:allow,RBLSMTPD="-Yesmail email is not wanted here"
   208.44.19.:allow,RBLSMTPD="-Yesmail email is not wanted here"
   216.80.61.240-255:allow,RBLSMTPD="-Yesmail email is not wanted here"
   216.229.132.128-143:allow,RBLSMTPD="-Yesmail email is not wanted here"
   64.208.162.128-143:allow,RBLSMTPD="-Yesmail email is not wanted here"
   216.52.151.64-95:allow,RBLSMTPD="-Yesmail email is not wanted here"

Just for fun, I added one of my own IPs to the list as a test. The test
failed. :-(

   host:~{503} $ telnet mail.vcnet.com 25
   Trying 209.239.239.15...
   Connected to mail.vcnet.com.
   Escape character is '^]'.
   220 rblsmtpd.local
   Connection closed by foreign host.
   host:~{504} $ 

I thought it was supposed to spit out the contents of RBLSMTPD? And no
553 either. What did I miss? (I tried with both a space after the hyphen
and without.)

jon

Re: build-rblsmtpd error

[Petr Novotny]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 2 Aug 00, at 14:08, Neil D. Roberts wrote:

> make
> make[1]: Entering directory `/tmp/rblsmtpd/rblsmtpd-0.70´
[snip]
> ./compile rblsmtpd.c
> make[1]: execvp: ./compile: Permission Denied
[snip]
> I don´t know if anyone has come across this problem before, or if I
> have missed a step. Any ideas ?

Two possibilities:
1. The source package is broken and "compile" is not marked as
executable.
2. Your /tmp directory is mounted as "noexec".

-BEGIN PGP SIGNATURE-
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBOYgEulMwP8g7qbw/EQKEPgCgu16heeXY1O0bU1mRJ8UmU6dfzJIAniDc
ZrxwEuh4JtgHc4qMUtqUmZ1i
=jd5l
-END PGP SIGNATURE-

Re: build-rblsmtpd error

[Gerrit Pape]

On Wed, Aug 02, 2000 at 02:08:48PM +0200, Neil D. Roberts wrote:
> Hi !
> 
> Running Debian, I done the "build-rblsmtpd" which debian implements in a
> DEB rblsmtpd-source package. The only problem is that the
> "build-rblsmtpd" part exits with a rather nice error. These are the
> lines it does :
> 
> Press ENTER to continue...
> make
> make[1]: Entering directory `/tmp/rblsmtpd/rblsmtpd-0.70´
> nroff -man rblsmtpd.8 > rblsmtpd.0
> nroff -man antirbl.8 > antirbl.0
> ./compile rblsmtpd.c
> make[1]: execvp: ./compile: Permission Denied
> make[1]: *** [rblsmtpd.o] Error 127
> make[1]: Leaving directory `/tmp/rblsmtpd/rblsmtpd-0.70´
> make: *** [build] Error 2
> 
> I don´t know if anyone has come across this problem before, or if I have
> missed a step. Any ideas ?
>
You have wrong permissions on ./compile, execution not allowed. rblsmtpd is
now include in ucspi-tcp-0.88 . You should use this version and build from
source.

Gerrit.

-- 
[EMAIL PROTECTED]
  innominate AG
  networking people
tel: +49.30.308806-0 fax: -77  web: http://innominate.de  pgp: /pgp/gpa

rblsmtpd and relays.mail-abuse.org

[Jon Rust]

While checking out a spam I received this morning I noticed that
rblcheck finds it in the RSS. Hrmf. I run rblsmtpd so I'm not clear on
how it got through:

/usr/local/bin/rblsmtpd -b -t10\
   -r rbl.maps.vix.com \
   -r dul.maps.vix.com \
   -r relays.mail-abuse.org 

According to the RSS it was added yesterday at 1700 PDT. The address is
133.5.173.200 if you want to test for yourself.

I vaguely remember someone mentioning a patch for rblsmtpd, but not a
whole lot of discussion on why it's not working anymore. Anyone got the
low-down? Anyone tried the patch?

Thanks,
jon