Manual Reference Pages - DNSBLENV (8)

NAME

dnsblenv - module for exploiting DNS black lists with greylite

Synopsis
Description
Controls
Technicalities
Examples
See Also

SYNOPSIS

dnsblenv

DESCRIPTION

dnsblenv is a pre-module for greylite that enables to exploit DNS black lists (DNSBL) in greylite suspicion rulesets.
dnsblenv is run by tcpserver before greylite. It polls one or more DNSBL for the client address, and sets the BLACKLISTED variable if such address is present in any of them. Greylite is subsequently run; usually, a suspicion rule (see greylite(8)) makes it sensitive to the presence of the BLACKLISTED variable.

CONTROLS

dnsblenv is sensitive to the following environment variables:

DNSBL contains a list of space-separated addresses of DNSBLs. For example DNSBL="zen.spamhaus.org dnsbl.sorbs.net". At most 20 lists can be specified by default.

DNSBL_VARNAME if specified, indicates the name of the variable to set when the client matches a blacklist. Otherwise, the name BLACKLISTED will be used.

LOGTHRESHOLD if set to an integer between 0 (LOG_EMERG) and 7 (LOG_DEBUG), log messages with priority strictly lower than this value are not reported. Otherwise, the default threshold is 3 (LOG_ERR).

LOGPID if set, every log message will be prepended by the PID of the process writing it.

TECHNICALITIES

dnsblenv polls DNSBLs in a mixed parallel/sequential way that optimizes both the delay of the response and the load on DNS traffic. Thus, the order in which DNSBLs are specified matters: lists that are more likely to "cover" more addresses should appear earlier in the DNSBL environment variable.
For servers with non-negligible traffic (e.g., more than 50000 connections a day) it is always reasonable to setup a local DNS cache to spare network traffic, to reduce latencies, and to lower the load. Dnscache ( http://cr.yp.to/djbdns.html) is a possibility with a simple setup process and fine performance/footprint.

EXAMPLES

dnsblenv is prepended to the greylite command in the UCSPI service chain:
/usr/local/bin/tcpserver -v -R -l "$LOCAL" \
    -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
    -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
    /usr/local/bin/dnsblenv /usr/local/bin/greylite
Notice that the DNSBL environment variable must be set (for example in tcp.smtp.cdb) for actually activating dnsblenv.

Manual Reference Pages - DNSBLENV (8)

NAME

CONTENTS

SYNOPSIS

DESCRIPTION

CONTROLS

TECHNICALITIES

EXAMPLES

SEE ALSO

DNSBL	contains a list of space-separated addresses of DNSBLs. For example DNSBL="zen.spamhaus.org dnsbl.sorbs.net". At most 20 lists can be specified by default.
DNSBL_VARNAME	if specified, indicates the name of the variable to set when the client matches a blacklist. Otherwise, the name BLACKLISTED will be used.
LOGTHRESHOLD	if set to an integer between 0 (LOG_EMERG) and 7 (LOG_DEBUG), log messages with priority strictly lower than this value are not reported. Otherwise, the default threshold is 3 (LOG_ERR).
LOGPID	if set, every log message will be prepended by the PID of the process writing it.