Luca Morettoni
Versione Italiana

qmail-rblchk

qmail-rblchk filter all incoming mail and check if it comes from RBL listed IPs.
Support this project:

Installation

Download the package at qmail-rblchk-2.4.1.tar.gz (Perugia, Italy)

Compile it with:

     tar -xfz qmail-rblchk-[version].tar.gz
     cd qmail-rblchk
     make setup check
Edit conf-* files to set compile and install options.

If you use FreeBSD you can install qmail-rblchk with his port:

    cd /usr/ports/mail/qmail-rblchk
    make install clean

Use

    |qmail-rblchk [options] [/dir/]
qmail-rblchk is for use in .qmail to check the IP address from the Received: from lines. It has the same function as rblsmtpd, but the messages are checked at local delivery time, with this you can check the content of the message simply redirecting it to another mailbox or address.

If a directory is given with dir all spam message are delivered to that directory if it exist and is in Maildir format.
Directory name must start with a / or . (dot) and end with a /.

General options

Control options

It's possible to use up to 32 control options to specify more RBL server; those are checked until the first of them answere true and the mail will be tagged as a "spam" (unless you use -C option).

If a mail come from a.b.c.d IP, the request that the program send to DNS server is: d.c.b.a.addr where addr is the parameter that come after -r, -R, -a or -A options.

Exit code

The exit code of program depends on use of -c option or delivery dir:

MessageStandardwith -cwith dir
Normal010
Spam100099
Problem111111111

Examples

This are some example of qmail-rblchk use, please read carefully dot-qmail(5), qmail-command(8) and condredirect(1) man pages to prevent lost of mail.

We check bl.spamcop.net and dialups.mail-abuse.org RBL list. If the mail is spam the delivery fail and the sender will receive a bounce message.

    # we discard all suspected mail
    | qmail-rblchk -r bl.spamcop.net -r dialups.mail-abuse.org
We delivery all mail that comeis from RBL listed IPs to our spam Maildir.
    # save spam-suspected mail in another Maildir
    | qmail-rblchk -r bl.spamcop.net -r dialups.mail-abuse.org ../spam/
Same as above, but all spam message are delivered to me-spam address with condredirect
    # save spam-suspected mail in another box
    | condredirect me-spam qmail-rblchk -c -r bl.spamcop.net -r dialups.mail-abuse.org
Into contrib directory you can find a script (spam-report.sh) that send to you some stats about qmail-rblchk filtering actions.
You must run qmail-rblchk with -l option (to have the logs), after check the paths into the script and run it into crontab like this:
    0    0    *    *    * spam-report.sh email_addr NUM
at 00:00 you receive at email_addr a mail like this (the script preserve and gzip NUM old log files):
    Date: 23 Jan 2006 00:00:03 -0000
    From: luca@home.morettoni.local
    To: luca@home.morettoni.local
    Subject: qmail-rblchk report

    qmail-rblchk report
    ===================

    Messages:
     total: 137
     good:  76      (55.500%)
     spam:  61      (44.500%)

    Check:
     DNS query: 306
     over cdb:  122

    RBL list usage:
     list #1 hits: 11
     list #2 hits: 32
     list #3 hits: 16

    cdb usage:
     allowed IPs:   5
     blocked IPs:   7

    --
    qmail-rblchk 2.4.1 - Luca Morettoni <luca@morettoni.net>
    See more at http://morettoni.net
If you want to use a cdb file with the -X option, create a rule file like that:
    # allow mails from local network
    192.168.0.:allow
    # some spammer IPs
    10.0.0.1:deny
    1.2.3.4:deny
create the CDB file with:
    tcprules rule.cdb rule.tmp < rule
and use in your .qmail file with:
    | qmail-rblchk -X ./rule.cdb -r sbl-xbl.spamhaus.org ../spam/
if the IP is found in rule.cdb qmail-rblchk follow the rule in the file: if the IP is not listed qmail-rblchk continue with normal RBL checking. You can insert into the CDB file a default rule (:allow or :deny), to block or accept all other IPs.

Build your list

If you use the -L option you can build your private RBL list, remember that qmail-rblchk only appends blocked IP to the file, filter it with uniq before use. You can build your data file for rbldns with the script contrib/rbllist.sh.

With the utility getsenderip you can take the sender IP and append it to a text file, the syntax is:

    getsenderip [-s num] out
where out is the file where IPs are stored, with the -s option you can skip first num IPs in the header of the mail. The script contrib/dot-qmail-storeip is an example of use into your .qmail file: you can use into a .qmail-spam to add other IPs to your private spammer list, and a .qmail-friends for the good IPs (use a different output file for the two system!!).
NOTE: The example script skip first IP, usually is your IP and is not usefull to add it to the lists! The EXT2 variable was used to allow a more extensible usage, if you use the example into a .qmail-spam-default, you can send spam mails to spam-3@yourdom.tld and the script skip first 3 IPs.

Thanks