May 252016
 

in order to make rbldnsd as rhsbl authoritative nameserver for unbound, the simple way is to create stub-zone like this:

stub-zone:
        name: "rhsbl.example.com."
        stub-addr: 172.18.1.1@530

if we configured unbound as iterator and validator, this minimal configuration will not work. when you query for example:

# dig blacklisted.domain.com.rhsbl.example.com

we will get “SERVFAIL” replied.
the simple way is by turned off validator function in unbound, but if we still want validator function in unbound, we can simply exclude our rhsbl zone in stub-zone as insecure domain.

domain-insecure: "rhsbl.example.com."

now, we wlll get reply as expected

# dig blacklisted.domain.com.rhsbl.example.com +short
127.0.0.2

and in rbldnsd start up config

RBLDNSD="dsbl -r/var/lib/rbldnsd -t 300 -b 172.18.1.1/530 rhsbl.example.com:dnset:hosts"

happy blacklisting 😀

edited:
combined with checkdbl.pl script here: http://www.kutukupret.com/2010/12/03/postfix-header_checks-using-tcp_table-and-checkdbl-pl-script/ we can use it as header_checks map. here’s the result:

May 25 19:11:31 mx1 postfix/cleanup[146988]: 68A203080DD: reject: header From: Dominic McXXX <McXXX@domainspammer.com> from sub.domainspammer.com[xxx.xxx.xxx.xx]; from=<McXXX@domainspammer.com> to=<myuser@example.org> proto=ESMTP helo=<spammer>: 5.7.1 domainspammer.com, which appears in the 'From' header, is listed on rhsbl.example.com
Share
Oct 192012
 

This is not new idea, actually. someone at spamassassin plugin developers have been made before. basically, the idea was put email addresses in RBLDNSD zone dnset format, ie:

Email
user@example.com

RBLDNSD
user.example.com

So, we replace @ sign into dot (.) sign. that way, we can save the email addresses into the RBLDNSD dnset zone.

RBLDNSD part:

create emailbl zone, meta information

zone

:127.0.0.4:DNSBL. $ - Not receiving email right now.
example.user.gmail.com
example.user.rediffmail.com

meta

$NS 1w ns.example.com ns.example.com
$SOA 1w ns.example.com admin.example.com 0 2h 2h 1w 1h
$DATASET generic @
@ A 1.2.3.4
@ MX 10 mx.example.com
@ TXT "example email blocklist"

in /etc/sysconfig/rbldnsd

RBLDNSD="dsbl -r/var/lib/rbldns/dsbl -t 300 -b 1.2.3.4 \
emailbl.example.com:combined:meta,emailbl
"

ofcourse we should delegate the subdomain emailbl.example.com in example.com authoritative nameserver

; subdomain delegation
emailbl.example.com.	IN NS ns.example.com.
ns.example.com.			IN A 1.2.3.4

start rbldnsd service

service rbldnsd start

Continue reading »

Share