Compile it with:
tar -xfz qmail-rblchk-[version].tar.gz cd qmail-rblchk make setup checkEdit conf-* files to set compile and install options.
If you use FreeBSD you can install qmail-rblchk with his port:
cd /usr/ports/mail/qmail-rblchk make install clean
|qmail-rblchk [options] [/dir/]qmail-rblchk is for use in .qmail to check the IP address from the Received: from lines. It has the same function as rblsmtpd, but the messages are checked at local delivery time, with this you can check the content of the message simply redirecting it to another mailbox or address.
If a directory is given with dir all spam message are delivered to that directory
if it exist and is in Maildir format.
Directory name must start with a / or . (dot) and end with a /.
If a mail come from a.b.c.d IP, the request that the program send to DNS server is: d.c.b.a.addr where addr is the parameter that come after -r, -R, -a or -A options.
Message | Standard | with -c | with dir |
Normal | 0 | 1 | 0 |
Spam | 100 | 0 | 99 |
Problem | 111 | 111 | 111 |
We check bl.spamcop.net and dialups.mail-abuse.org RBL list. If the mail is spam the delivery fail and the sender will receive a bounce message.
# we discard all suspected mail | qmail-rblchk -r bl.spamcop.net -r dialups.mail-abuse.orgWe delivery all mail that comeis from RBL listed IPs to our spam Maildir.
# save spam-suspected mail in another Maildir | qmail-rblchk -r bl.spamcop.net -r dialups.mail-abuse.org ../spam/Same as above, but all spam message are delivered to me-spam address with condredirect
# save spam-suspected mail in another box | condredirect me-spam qmail-rblchk -c -r bl.spamcop.net -r dialups.mail-abuse.orgInto contrib directory you can find a script (spam-report.sh) that send to you some stats about qmail-rblchk filtering actions.
0 0 * * * spam-report.sh email_addr NUMat 00:00 you receive at email_addr a mail like this (the script preserve and gzip NUM old log files):
Date: 23 Jan 2006 00:00:03 -0000 From: luca@home.morettoni.local To: luca@home.morettoni.local Subject: qmail-rblchk report qmail-rblchk report =================== Messages: total: 137 good: 76 (55.500%) spam: 61 (44.500%) Check: DNS query: 306 over cdb: 122 RBL list usage: list #1 hits: 11 list #2 hits: 32 list #3 hits: 16 cdb usage: allowed IPs: 5 blocked IPs: 7 -- qmail-rblchk 2.4.1 - Luca Morettoni <luca@morettoni.net> See more at http://morettoni.netIf you want to use a cdb file with the -X option, create a rule file like that:
# allow mails from local network 192.168.0.:allow # some spammer IPs 10.0.0.1:deny 1.2.3.4:denycreate the CDB file with:
tcprules rule.cdb rule.tmp < ruleand use in your .qmail file with:
| qmail-rblchk -X ./rule.cdb -r sbl-xbl.spamhaus.org ../spam/if the IP is found in rule.cdb qmail-rblchk follow the rule in the file:
With the utility getsenderip you can take the sender IP and append it to a text file, the syntax is:
getsenderip [-s num] outwhere out is the file where IPs are stored, with the -s option you can skip first num IPs in the header of the mail. The script contrib/dot-qmail-storeip is an example of use into your .qmail file: you can use into a .qmail-spam to add other IPs to your private spammer list, and a .qmail-friends for the good IPs (use a different output file for the two system!!).