Homepage for qmail-dnsbl patch

This is a page written in seconds, it will be modified soon!

Download

Latest version of qmail-dnsbl patch available here.
This applies to qmail-1.03 and netqmail-1.05.
For integration with supported patches see below.

Description

This patch adds DNSBL checks to qmail MTA software.

Portability

Code is written using qmail function libraries and coding standards, so if you can run qmail, you can run this patch too.

Why is useful

Because DNSBL allows you to reject spam and virus looking at the sender's ip address.

Existing software performs the DNSBL check mainly in two places:

just after the client connects (like rblsmtpd)
this excludes the capability of the client to authenticate in any manner (smtp-auth, tls-cert), and so dialup authorized users (whose ip address is in the DNSBL databases) cannot send using the MTA
in the queue pipeline (like qmail-rblchk)
this implies that the email was fully received and stored locally, and that the qmail-queue program (or some surrogate of it) has been executed (and this is more resource-consuming)

This patch lets the client to authenticate (using any method implemented), and then decides to perform the DNSBL check looking at the authentication status before the DATA SMTP command is performed.
If the check fails, the server closes the SMTP conversation before receiving the mail, avoiding resource wasting.

Documentation

   CONTROL FILES

          dnsbllist
               A list of dnsbl providers  that  qmail-smtpd  checks  to  identify
               blacklisted ip addresses.

               Exception:  If  the  environment variable DNSBLSKIP is set, qmail-
               smtpd ignores dnsbllist, and the dnsbl  check  is  not  performed.
               The check is skipped even if some other authentication method suc-
               cedeed and authorized the client to relay (smtp-auth or tls client
               certificate), or if RELAYCLIENT enviromnent variable is set.

Integration with existing patches

This section provides modified version of the qmail-dnsbl patch in order to apply clean with other existing patches.
These are not cumulative patches. You need to first install the original patch and then apply the qmail-dnsbl features.

Integration with netqmail-1.05-tls-smtpauth-20060105.patch from netqmail homepage is available here.

If you need to apply with a different patch you can mail me asking for support, or try it yourself and then mail me your work.

Author

Fabio Busatto