Simple Email Blacklist Using Spamassassin Plugin And RBLDNSD

2 Comments »

This is not new idea, actually. someone at spamassassin plugin developers have been made before. basically, the idea was put email addresses in RBLDNSD zone dnset format, ie:

Email
user@example.com

RBLDNSD
user.example.com

So, we replace @ sign into dot (.) sign. that way, we can save the email addresses into the RBLDNSD dnset zone.

RBLDNSD part:

create emailbl zone, meta information

zone

:127.0.0.4:DNSBL. $ - Not receiving email right now.
example.user.gmail.com
example.user.rediffmail.com

meta

$NS 1w ns.example.com ns.example.com
$SOA 1w ns.example.com admin.example.com 0 2h 2h 1w 1h
$DATASET generic @
@ A 1.2.3.4
@ MX 10 mx.example.com
@ TXT "example email blocklist"

in /etc/sysconfig/rbldnsd

RBLDNSD="dsbl -r/var/lib/rbldns/dsbl -t 300 -b 1.2.3.4 \
emailbl.example.com:combined:meta,emailbl
"

ofcourse we should delegate the subdomain emailbl.example.com in example.com authoritative nameserver

; subdomain delegation
emailbl.example.com.	IN NS ns.example.com.
ns.example.com.			IN A 1.2.3.4

start rbldnsd service

service rbldnsd start

Read the rest of this entry »

Share

Nginx As imap4/pop3 Proxy Using Apache As Auth Server Backend

2 Comments »

It’s been a long times since i wrote my last article, i’ve been bussy with real life things.
As usual, I’ll get right to the subject of how to configure nginx as POP3/IMAP proxy server.

Nginx IP                 = 192.168.1.1
Postfix User Database IP = 192.168.1.5 (postfix + courier server + apache backend)

nginx server configuration

mail {
    server_name mail-proxy.example.com;
    # apache external backend
    auth_http  192.168.1.5:8081/auth.php;
    proxy  on;
    proxy_pass_error_message on;

    imap_capabilities "IMAP4rev1" "UIDPLUS" "IDLE" "LITERAL +" "QUOTA";

    pop3_auth plain apop cram-md5;
    pop3_capabilities "LAST" "TOP" "USER" "PIPELINING" "UIDL";

    ssl_certificate /etc/nginx/ssl_keys/db.mail-proxy.crt;
    ssl_certificate_key /etc/nginx/ssl_keys/db.mail-proxy.key;
    ssl_session_timeout 5m;
    ssl_protocols SSLv2 SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers on;

    server {
      listen      143;
      protocol    imap;
      starttls    on;
      auth_http_header X-Auth-Port 143;
      auth_http_header User-Agent "Nginx POP3/IMAP4 proxy";
    }

    server {
      protocol    pop3;
      listen      110;
      starttls    on;
      pop3_auth   plain;
      auth_http_header X-Auth-Port 110;
      auth_http_header User-Agent "Nginx POP3/IMAP4 proxy";
    }

    server {
      listen      993;
      ssl         on;
      protocol    imap;
      auth_http_header X-Auth-Port 993;
      auth_http_header User-Agent "Nginx POP3/IMAP4 proxy";
    }

    server {
      protocol    pop3;
      listen      995;
      ssl         on;
      pop3_auth   plain;
      auth_http_header X-Auth-Port 995;
      auth_http_header User-Agent "Nginx POP3/IMAP4 proxy";
    }
}

Read the rest of this entry »

Share