Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Brave Dave on April 06, 2005, 12:07:48 AM
-
I'm using the spamfilter_install.sh package (http://sme.swerts-knudsen.dk/)
It's great but;
Is there provision there to put an ip exclusion range into the rbl list
I'm using the mail server for a virtual ISP, he has dial up clients and they are using smtp authentication. But rbl checks before smtp auth kicks in.
They have managed to get the ip's onto lists at dsbl.org - I've deleted dsbl.org that from my lists of rbl servers, but really want to put in the ip as an exclusion range.
I'm thinking I may have to look at the http://cr.yp.to/djbdns/rbldns.html program and the rblsmtpd with the -a option
just checking before engaging the learning curve part of the brain (hurts)
-
Howto use the rblsmtpd's -a switch to bypass RBL
================================================
When you use an RBL ala http://sme.swerts-knudsen.dk/ every internal ip is queried in the external rbl engine
to test this tail -f /var/log/dnscache/current and telnet to you server on port 25
this is how i fixed it (sorry bout the wrapping).
Howto use the rblsmtpd's -a switch to bypass RBL
================================================
mkdir -p /etc/e-smith/templates-custom/var/service/tinydns/root/data
mc -e /etc/e-smith/templates-custom/var/service/tinydns/root/data/non-rbl
this goes in non-rbl
{
#----------------(taken from
# /usr/lib/perl5/site_perl/esmith/util.pm - computeLocalNetworkReversed
sub computeReverse ($$)
{
my ($ipaddr, $netmask) = @_;
my @addressBytes = split(/\./, $ipaddr);
my @maskBytes = split(/\./, $netmask);
my @result;
foreach ( @maskBytes )
{
last unless ($_ eq "255");
unshift(@result, shift(@addressBytes));
}
return join('.', @result);
}
#------------(end of
# taken from /usr/lib/perl5/site_perl/esmith/util.pm - computeLocalNetworkReversed
#----------------(taken from functions)----------------
# Compute local IP address, netmask and network values.
#------------------------------------------------------
my $ipaddrBits = esmith::util::IPquadToAddr ($LocalIP);
my $netmaskBits = esmith::util::IPquadToAddr ($LocalNetmask);
my $networkBits = $ipaddrBits & $netmaskBits;
my $maxHostid = ((~ $netmaskBits) & 0xffffff) - 1;
$maxHostid = ($maxHostid <= 65534) ? $maxHostid : 65534;
#--------------(end taken from functions)--------------
$OUT .= "# Reverse Lookups for RBL\n";
for ($i = 1; $i <= $maxHostid; $i++)
{
my $ip = esmith::util::IPaddrToQuad ($networkBits | $i);
my $reverse = computeReverse ($ip, $LocalNetmask);
# $reverse =~ s/\.$//;
$OUT .= "+" . $i . "." . $reverse . "." . get_local_domainname() . ":127.0.0.2\n";
}
}
/sbin/e-smith/signal-event host-modify
mkdir -p /etc/e-smith/templates-custom/var/service/smtpfront-qmail/runenv
cp /etc/e-smith/templates/var/service/smtpfront-qmail/runenv/10RBLLookup \
/etc/e-smith/templates-custom/var/service/smtpfront-qmail/runenv/
mc -e /etc/e-smith/templates-custom/var/service/smtpfront-qmail/runenv/10RBLLookup
edit 10RBLLookup to look like
{
my @rbllist = split /:/, ${'smtpfront-qmail'}{RBLList} || '';
if (scalar @rbllist)
{
$OUT = 'RBLSMTPD="/usr/local/bin/rblsmtpd -a your.domainname ';
$OUT .= join " ", map { "-r $_" } @rbllist;
$OUT .= '"';
}
else
{
$OUT = "# No RBLs are defined";
}
}
/sbin/e-smith/signal-event email-update
svc -t /service/smtpfront-qmail
-
Hello David,
I was searching for this! Our ISP's DNS systems are now and then unreachable and that interferes with sending out e-mails from within the LAN beceause no RBL servers can be reached.
If this DNS failure occurs, some 60 users are stuck as their application freezes when outgoing mail can not be accepted by the SME server in a timely matter. The only workaround at this moment is to run a script that disables the RBL lookups to enable e-mail delivery to the SME. But that is not desired as the spam flows in as soon as the DNS of the ISP is up again....
Any way, as far as I can tell, the scripts in your HOWTO assume a netmask of 255.255.255.0. We run a non standard netmask of 255.255.252.0. Will changing the part ($_ eq "255") into ($_ eq "252") enable passing the rbl for local sent mail with our netmask i.e. :
foreach ( @maskBytes )
{
last unless ($_ eq "255");
unshift(@result, shift(@addressBytes));
}
Into:
foreach ( @maskBytes )
{
last unless ($_ eq "252");
unshift(@result, shift(@addressBytes));
}
Greetz,
Geert Jansen