Homepage for qmail-dnsbl patch
This is a page written in seconds, it will be modified soon!
Latest version of qmail-dnsbl patch available here.
This applies to qmail-1.03 and netqmail-1.05.
For integration with supported patches see below.
This patch adds DNSBL checks to qmail MTA software.
Code is written using qmail function libraries and coding standards, so if you can run qmail, you can run this patch too.
Why is useful
Because DNSBL allows you to reject spam and virus looking at the sender's ip address.
Existing software performs the DNSBL check mainly in two places:
- just after the client connects (like rblsmtpd)
this excludes the capability of the client to authenticate in any manner (smtp-auth, tls-cert),
and so dialup authorized users (whose ip address is in the DNSBL databases) cannot send using the MTA
- in the queue pipeline (like qmail-rblchk)
this implies that the email was fully received and stored locally, and that the qmail-queue program
(or some surrogate of it) has been executed (and this is more resource-consuming)
This patch lets the client to authenticate (using any method implemented), and then decides to perform the DNSBL check looking at the authentication
status before the DATA SMTP command is performed.
If the check fails, the server closes the SMTP conversation before receiving the mail, avoiding resource wasting.
A list of dnsbl providers that qmail-smtpd checks to identify
blacklisted ip addresses.
Exception: If the environment variable DNSBLSKIP is set, qmail-
smtpd ignores dnsbllist, and the dnsbl check is not performed.
The check is skipped even if some other authentication method suc-
cedeed and authorized the client to relay (smtp-auth or tls client
certificate), or if RELAYCLIENT enviromnent variable is set.
Integration with existing patches
This section provides modified version of the qmail-dnsbl patch in order to apply clean with other existing patches.
These are not cumulative patches. You need to first install the original patch and then apply the qmail-dnsbl features.
If you need to apply with a different patch you can mail me asking for support, or try it yourself and then mail me your work.